A group of American seaports and maritime stakeholders joined forces and launched a new non-profit, the Maritime Transportation System Information Sharing and Analysis Center (MTS-ISAC), to address cyber security issues and raise awareness on the matter.
Specifically, the new centre aims to promote cyber security information within the shipping industry, in efforts to alert the sector about the challenges arising.
Thus, the ones participating in the project, leaders from seaports, shipowners and terminal operators, recognized the need to improve their own cybersecurity resiliency, and since resources are limited, they realized the best approach was to work with their peers to identify, protect against, and detect cyber threats. Information sharing and analysis efforts will focus on threats to both information technology (IT) and operational technology (OT) systems, which stakeholders can use to prevent or minimize potential cyber incidents.
In addition, the services the centre provides help infrastructure stakeholders on how to comply with the 2021 IMO cyber risk management guidelines and the recently-released US Coast Guard Navigation and Vessel Inspection Circular (NVIC) 01-20.
According to USCG’s NVIC “the Maritime Transportation Security Act (MTSA) obligates regulated facilities to “identify, assess, and address the vulnerabilities of their computer systems and networks” when preparing the facility security plan.”
The initial board members for the ISAC include the Alabama State Port Authority, Greater Lafourche Port Commission (Port Fourchon), Jacksonville Port Authority (JAXPORT), Port of New Orleans, Port of San Diego, Port Vancouver USA, and six other maritime critical infrastructure stakeholders.
Referring to the new project, Scott Dickerson, the MTS-ISAC’s Executive Director commented that
We’re actively seeing an increase in cyber threat activity, and effective information sharing between our stakeholders has been a force multiplier for their risk management efforts. While IMO 2021 and the USCG NVIC [01-20] help provide guidance to industry, we believe effective maritime public-private partnerships will be a cornerstone for successful maritime cyber risk management efforts moving forward.