The Marine Transportation System (MTS) should be on heightened alert as a result of two recent developments.
The first is a cyberattack that has affected port operations at container terminals in several South African ports due to “an act of cyberattack, security intrusion and sabotage.”[1][2] The affected terminals use a popular Terminal Operating System (OS) widely used throughout the U.S., and certain processes handled by the Terminal OS were suspended as a result of the cyberattack. The attack is believed to be related to the “Death Kitty” ransomware, although full details are still not available.
The second development is the recent release of leaked Iranian documents detailing research into how a cyberattack could be used to target critical infrastructure, including MTS entities. [3] These documents cover research into topics such as how to use ballast water systems to sink a vessel and how to interfere with MTS satellite communications.
Coast Guard Cyber Command is continuing to monitor these situations and is fully engaged with cybersecurity agencies worldwide to identify and take action to mitigate vulnerabilities and threats to the MTS.
The Coast Guard strongly encourages vessels and facilities operating in the MTS to take prompt action in the following areas:
- Review controls protecting operational technology,
- Closely monitor network and system logs for any signs of unusual activity,
- Review incident response plans, security plans, business continuity plans, and disaster recovery plans,
- After reviewing these plans, with the context of these recently identified threats, implement increased security measures to mitigate any identified vulnerabilities.
Any breach of security or suspicious activity resulting from cybersecurity incidents shall be reported to the National Response Center at 1-800-424-8802 in accordance with CG-5P Policy Letter No. 08-16, Sections 3.B.ii-iv. You are strongly encouraged to report any abnormal behavior with your operational technology to your local Coast Guard Captain of the Port or the CG Cyber Command 24×7 watch at 202-372-2904 or [email protected], as it may related to the developments described in this article.
As part of the effort to protect the MTS, Coast Guard Cyber Command has created Cyber Protection Teams and the Maritime Cyber Readiness Branch as detailed in the Cyber Strategic Outlook released on Aug. 3, 2021. Additionally, the Coast Guard is in the process of hiring 40 individuals as Marine Transportation System Specialists (MTSS)-Cybersecurity, to further aide in the coordination of efforts at our Area, District, and Sector/Marine Safety Unit Commands to strengthen the MTS against cybersecurity attacks[4].
If you are a stakeholder in the MTS and would like to assist in our effort to combat cybersecurity attacks against the MTS, please reach out to your local Captain of the Port to become a part of their Area Maritime Security Committee (AMSC). Many committees have established cybersecurity subcommittees for the specific purpose of hardening our nation’s ports against cybersecurity attacks.
For additional questions contact [email protected]