In an effort to address recent cyber threats to the Maritime Sector, the USCG has released a new work instruction (CVC-WI-027) to provide guidance to Coast Guard Marine Inspectors and Port State Control Officers for assessing cyber hygiene onboard applicable vessels, as well as compliance options if deficiencies are noted.
As a reminder, cyber risk management must be implemented into vessel safety management systems by the first International Safety Management (ISM) Document of Compliance verification after January 1, 2021, in accordance with Maritime Safety Committee Resolution 428(98), “Maritime Cyber Risk Management in Safety Management Systems.”
The USCG also issued a Marine Safety Information Bulletin (MSIB 18-20) earlier this year as an advisory on the urgent need to protect operational technologies and control systems. Specifically, the USCG advises that while advances in systems and technologies can improve the efficiency and scope of operations, there is a heightened risk of increased threats posed by malicious actors. These cyber actors have demonstrated a willingness to conduct malevolent activity against maritime critical infrastructure by exploiting internet-accessible operational technology (OT) assets.
Finally, the USCG issued MSIB 19-20, to highlight several recent cyber events involving increasingly sophisticated malicious email spoofing techniques within the Marine Transportation System (MTS). Additional resources and links to the referenced documents are included in the References section below.
Building a strong foundation for your cyber risk management efforts also requires a thorough understanding of the risks surrounding your critical business processes (Operations, Legal, Procurement, HR, etc.) and how these processes are, or are not, reliant on technology.
Please contact us at inquiry@wittobriens.com if you have any questions or if you would like more information on how our team can help to refresh or renew your interest in conducting a business impact analysis as part of your business continuity program. (ISO 22301:2019).
References
- CVC-WI-027: Vessel Cyber Risk Management Work Instruction
- MSIB 18-20: Urgent Need to Protect Operational Technologies and Control Systems
- MSIB 19-20: Malicious Email Spoofing Incidents
- Navigation and Vessel Inspection Circular (NVIC) 1-20: Guidelines for Addressing Cyber Risks at
Maritime Transportation Security Act (MTSA) Regulated Facilities.
- ISO 22301:2019: Security and resilience – Business continuity management systems – Requirements
Source: WITT O’ BRIEN’S
