Coast Guard Cyber Command issued a marine notice focusing on recent cyber threats to the Marine Transportation System.
s informed, the Marine Transportation System (MTS) should be on heightened alert as a result of two recent developments.
The first is a cyber-attack impacting port operations at container terminals in several South African ports due to “an act of cyber-attack, security intrusion and sabotage.” The impacted terminals use a popular Terminal Operating System (OS) widely used throughout the U.S., and certain processes handled by the Terminal OS were suspended as a result of the cyber-attack. The attack is believed to be related to the “Death Kitty” ransomware, although full details are still not available.
The second development is the recent release of leaked Iranian documents detailing research into how a cyber-attack could be used to target critical infrastructure, including MTS entities. These documents cover research into topics such as how to use ballast water systems to sink a vessel and how to interfere with MTS satellite communications.
Following the above, Coast Guard Cyber Command is continuing to monitor these situations and is fully engaged with cybersecurity agencies worldwide to identify and take action to mitigate vulnerabilities and threats to the MTS.
The Coast Guard strongly encourages vessels and facilities operating in the MTS to take prompt action in the following areas:
- Review controls protecting Operational Technology,
- Closely monitor network and system logs for any signs of unusual activity,
- Review incident response plans, security plans, business continuity plans, and disaster recovery plans,
- After reviewing these plans, with the context of these recently identified threats, implement increased security measures to mitigate any identified vulnerabilities.
Any Breach of Security or Suspicious Activity resulting from Cybersecurity Incidents shall be reported to the National Response Center at 1-800-424-8802 in accordance with CG-5P Policy Letter No. 08-16, Sections 3.B.ii-iv. You are strongly encouraged to report any abnormal behavior with your operational technology to your local Coast Guard Captain of the Port or the CG Cyber Command 24×7 watch at 202-372-2904 or [email protected], as it may related to the developments described in this article.