USCG has recently issued a Navigation and Vessel Inspection Circular (NVIC) to provide guidance for complying with reporting requirements for Breaches of Security (BOS), Suspicious Activity (SA), Transportation Security Incidents (TSI), and Cyber Incidents. The cyber incident guidance supports the reporting requirements and explains all related cyber security terms.
USCG highlights that any evidence of sabotage, subversive activity, or an actual or threatened cyber incident involving or endangering any vessel, harbor, port, or waterfront facility, including any data, information, network, program, system, or other digital infrastructure thereon or therein, shall be reported immediately.
The maritime industry continues to expand its use of networked technology, which creates efficiencies but also increases threats and vulnerabilities to MTS stakeholders and MTSA-regulated entities through telecommunications equipment, computers, and networks.
Due to the increasing reliance on telecommunications equipment, computers, and networked systems for controlling physical operations, a growing portion of all security risks has a network or computer nexus. Maintaining the security of these systems, including reporting cyber incidents, is vital to maintaining the security of the MTS
However, the USCG notes that routine spam, phishing attempts, and other nuisance events that do not breach a system’s defenses may not need to be reported as cyber incidents. Similarly, accidental violations of acceptable use policies, such as plugging in an unauthorized USB drive, is not considered a reportable cyber incident. Such occurrences, however, should be monitored for unusual activity such as escalation of efforts, and may be considered suspicious activities.
A Glossary of Terms
Access — The ability and means to communicate with or otherwise interact with a system, to use system resources to handle information, to gain knowledge of the information the system contains, or to control system components and functions.
Cyber Incident — An occurrence that actually or imminently jeopardizes, without lawful authority, the integrity, confidentiality, or availability of information or an information system; or constitutes a violation or imminent threat of violation of law, security policies, security procedures, or acceptable use policies.
Cybersecurity — The activity or process, ability or capability, or state whereby information and communications systems and the information contained therein are protected from and/or defended against damage, unauthorized use or modification, or exploitation.
Cyber System — Any combination of facilities, equipment, personnel, procedures, and communications integrated to provide cyber services; examples include business systems, control systems, and access control systems.
Cyber Threat — Any circumstance or event with the potential to adversely impact organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, or the Nation through an information system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service.
Industrial Control System (ICS) — An information system used to control industrial processes such as manufacturing, product handling, production, and distribution. ICSs include supervisory control and data acquisition (SCADA) systems used to control geographically dispersed assets, as well as distributed control systems (DCSs) and smaller control systems using programmable logic controllers to control localized processes.
Information System — an interconnected set of information resources under the same direct management control that shares common functionality. A system normally includes hardware, software data, applications, communications, and people in the application of information and operational technologies.
Intrusion — Any set of actions that attempts to compromise the integrity, confidentiality, or availability of a resource.
Intrusion Detection Systems (IDS) — A security service that monitors and analyzes network or system events for the purpose of finding and providing real-time or near real-time warning of attempts to access system resources in an unauthorized manner.
Malicious Cyber Activity — Activities, other than those authorized by or in accordance with U.S. law, that seek to compromise or impair the confidentiality, integrity, or availability of computers, information or communications systems, networks, physical or virtual infrastructure controlled by computers or information systems, or information resident thereon.
Malware — Hardware, firmware, or software that is intentionally included or inserted in a system for a harmful purpose.
MTS Stakeholders — Vessels, harbors, ports, and waterfront facilities, including MTSAregulated entities.
Network Defense — The programs, activities, and the use of tools necessary to facilitate them conducted on a computer, network, or information or communications system by the owner or with the consent of the owner and, as appropriate, the users for the primary purpose of protecting
1) that computer, network, or system;
2) data stored on, processed on, or transiting that computer, network, or system; or
3) physical and virtual infrastructure controlled by that computer, network, or system. Network defense does not involve or require accessing or conducting activities on computers, networks, or information or communications systems without authorization from the owners or exceeding access authorized by the owners.
Phishing — Tricking individuals into disclosing sensitive personal information through deceptive computer-based means.
Spear Phising — Highly targeted phishing attack, targeted at an individual by including key information about them.
Suspicious Activity — Observed behavior reasonably indicative of preoperational planning related to terrorism or other criminal activity.
Threat — An event or condition that has the potential for causing asset loss and the undesirable consequences or impact from such loss. Note: The specific causes of asset loss, and for which the consequences of asset loss are assessed, can arise from a variety of conditions and events related to adversity, typically referred to as disruptions, hazards, or threats. Regardless of the specific term used, the basis of asset loss constitutes all forms of intentional, unintentional, accidental, incidental, misuse, abuse, error, weakness, defect, fault, and/or failure events and associated conditions.
Trojan Horse — A computer program that appears to have a useful function, but also has a hidden and potentially malicious function that evades security mechanisms, sometimes by exploiting legitimate authorizations of a system entity that invokes the program.
Unauthorized Access — A person gains logical or physical access without permission to a network, system, application, data, or other resource.
Virus — A computer program that can copy itself and infect a computer without permission or knowledge of the user. A virus might corrupt or delete data on a computer, use email programs to spread itself to other computers, or even erase everything on a hard disk.
Worm — A self-replicating, self-propagating, self-contained program that uses networking mechanisms to spread itself.
Zombie — A program that is installed on a system to cause it to attack other systems.
