Authorities step-up response to maritime cyber attack

U.S. Coast Guard Chief Warrant Officer DeAnna Melleby, peers through a space in a server. Credit: Petty Officer 3rd Class Andrew Barresi

The threat of cyber attacks on the global maritime industry have been pushed to the top of the agenda across the world as authorities look to tackle this issue. The US Coast Guard has distributed a reminder to vessels and owners that they have a duty to report any attempted cyber attack to the coastguard National Response Centre (NRC).

The notice comes after a series of incidents in US waters during the first six months of 2019 where hackers have tried to disrupt shipping. The coastguard issued a guidance, whose main objective was to inform the maritime industry of the recent email phishing activities, and malware intrusion attempts that targeted commercial vessels.

Cyber adversaries are always attempting to gain sensitive information from vessels, including the content of an official Notice of Arrival (NOA) by using email addresses that pose as official Port State Control (PSC) authorities, such as port@pscgov.org.

The notice added that the coastguard has received reports of malicious software designed to disrupt shipboard computer systems. “Vessel masters have diligently reported suspicious activity to the NRC in accordance with Title 33 Code of Federal Regulations (CFR) §101.305 – Reporting, enabling the coastguard and other federal agencies to counter cyber threats across the global maritime network.”

A coastguard spokesperson urged maritime stakeholders to verify the validity of the email sender prior to responding to unsolicited email messages. Should there be any uncertainty regarding the legitimacy of the email request, vessel representatives should try contacting the PSC authority directly by using verified contact information. Additionally, vessel owners and operators should continue to evaluate their cyber defence measures to reduce the effect of a cyber attack.

The coastguard said it appreciates the efforts of companies and their vessels in remaining vigilant in the identification and prompt reporting of suspicious cyber-related activities.
Meanwhile. This highlights an international awareness and concern over cyber security, in May this year the Maritime and Port Authority of Singapore (MPA), has opened its new 24/7 Maritime Cybersecurity Operations Centre (MSOC) to tackle the growing threat to vessels and port facilities.