The Coast Guard recently published Policy Letter entitled Reporting Suspicious Activity and Breaches of Security, which outlines the criteria and process for suspicious activity (SA) and breach of security (BoS) reporting.
An owner or operator of a vessel or facility that is required to maintain an approved security plan in accordance with parts 104, 105 or 106 of Title 33, Code of Federal Regulations, Subchapter H shall, without delay, report activities that may result in a transportation security incident to the National Response Center, including BoS and SA.
This policy letter further covers reporting requirements and guidance on reporting cybersecurity related events to Department of Homeland Security National Cyber Security and Communications Integration Center (NCCIC).
According to the Policy Letter, the maritime industry continues to expand its use of networked technology, which creates efficiencies but also increases threats and vulnerabilities to vessels and facilities through telecommunications equipment, computers, and networks. Due to the increasing reliance on telecommunications equipment, computers, and networked systems for controlling physical operations, a growing portion of all security risks have a network or computer nexus.
Maintaining the security of these systems, including reporting network or computer related SA or BoS, is vital to maintaining the security of the MTS.
Plausible terrorist attack scenarios include combined cyber and physical incidents. Vessel and facility operators should consider this possibility when evaluating a cyber incident, including the possibility that a cyber incident is a precursor to a physical attack, or that cyber related SA and BoS may be an attempt by actors to identify weaknesses or to plan for later attacks.
The target and intent of malicious cyber activity can be difficult to discern. The fact that business and administrative systems may be connected to operational, industrial control and security systems further complicates this matter. The Coast Guard strongly encourages vessel and facility operators to minimize, monitor, and wherever possible, eliminate any such connections.
Coast Guard Captains of the Port, Area Maritime Security Committees and the operators of vessels and facilities regulated by the MTSA may use this policy letter when evaluating SA and BoS incidents.
Find out more by reading the Policy Letter herebelow
Source: USCG News
