Since 2004, the US has declared October to be Cybersecurity Awareness Month, helping individuals protect themselves online as threats to technology and confidential data become more commonplace. This year’s campaign theme is “See Yourself in Cyber”.
Cybersecurity awareness month theme
he theme demonstrates that while cybersecurity may seem like a complex subject, ultimately, it’s really all about people. This October will focus on the “people” part of cybersecurity, providing information and resources to help educate CISA partners and the public, and ensure all individuals and organizations make smart decisions.
Under this aspect, CISA encourages people to engage in this year’s efforts by creating their own cyber awareness campaigns:
- For individuals and families, it encourages to See Yourself taking action to stay safe online. That means enabling basic cyber hygiene practices: update your software, think before you click, have good strong passwords or a password keeper, and enable multi-factor authentication on all your sensitive accounts.
- For those considering joining the cyber community, it encourages to See Yourself joining the cyber workforce. CISA will be talking with leaders from across the country about how they can build a cybersecurity workforce that is bigger, more diverse and dedicated to solving the problems that will help keep the American people safe.
- For the partners in industry, it encourages to See Yourself as part of the solution. That means putting operational collaboration into practice, working together to share information in real-time, and reducing risk and build resilience from the start to protect America’s critical infrastructure and the systems that Americans rely on every day.
4 Things you can do
Throughout October, CISA and NCA will highlight key action steps that everyone should take:
- Think Before You Click: Recognize and Report Phishing: If a link looks a little off, think before you click. It could be an attempt to get sensitive information or install malware.
- Update Your Software: If you see a software update notification, act promptly. Better yet, turn on automatic updates.
- Use Strong Passwords: Use passwords that are long, unique, and randomly generated. Use password managers to generate and remember different, complex passwords for each of your accounts. A passwords manager will encrypt passwords securing them for you!
- Enable Multi-Factor Authentication: You need more than a password to protect your online accounts, and enabling MFA makes you significantly less likely to get hacked.
Cyber security in shipping
Recently, the Area Maritime Security Committee (AMSC) published a report showing that it faces significant challenges with a constantly changing threat landscape across physical and cyber domains. More specifically, the challenges include the following:
#1 Impacts of COVID-19
- COVID-19 and the associated social distancing requirements created challenges for inperson AMSC meetings and exercises.
- Industry and governmental partners were increasingly reliant on virtual platforms which accommodated attendee schedules but were not ideal for developing and maintaining relationships.
- The virtual environment introduces security concerns depending on the nature of the discussion.
#2 Cybersecurity and the MTS
- Public and private sectors are challenged to find a trained and experienced cyber workforce.
- Some AMSCs noted current cyber incident reporting requirements and enforcement capability for failing to report are not sufficient.
- A number of AMSCs also stated the maritime industry is concerned with maintaining privacy after making a report as information is shared across government.
- AMSCs also noted they regularly receive the same cybersecurity alerts, warnings, and general information from multiple agencies.
#3 Unmanned Aircraft Systems (UAS) access to the MTS
- UAS intrusions over MTSA regulated facilities continue to generate questions and concerns, and AMSCs feel UASs are a serious threat to maritime safety and security.
- AMSCs report that the existing federal legislation aimed at reducing the risk of UAS to port areas has been largely ineffective, and all levels of law enforcement lack the authority, policies, and equipment to identify and safely interdict unauthorized UAS.