The US Coast Guard (USCG), and members of the Area Maritime Security Committee (AMSC) for the Port of New York and New Jersey have partnered to enhance maritime cyber security and port resilience
The cyber partnership brings together expert stakeholders including representatives from Rutgers University, Stevens Institute of Technology and the financial sector.
Stevens Institute, partnering with the US Department of Defence, helped develop ABS Group’s FCI cyber risk methodology. The approach quantifies risk and gives owners and operators practical strategies to fend off cyber risks.
Vitol’s Jeff Milstein, a former chair of the AMSC, said “We have witnessed first-hand the disruption a cyber-incident can cause in our nation’s ports, and we are committed to taking action to minimise those risks.”
The partnership establishes a Cyber Advisory Committee, a body that comprises cyber and industry experts ready to assist in a cyber-incident response.
In addition, members of the AMSC have agreed to share threat information and participate in routine cyber exercises. The plan also creates an awards programme to recognise port partners who have taken proactive steps to make cyber security a top priority.
The AMSC said its next port-wide cyber exercise and inaugural awards will take place in 2020.
Ryuk ransomware attack
Ryuk is a type of crypto ransomware that targets enterprise environments using encryption to block access to systems, devices or files until the ransom is paid.
On 16 December, a security bulletin issued by USCG said Ryuk ransomware disabled operations at a maritime facility for more than 30 hours.
The scale of the attack meant the entire corporate IT network beyond the footprint of the facility was disrupted.
There was disruption to camera and physical access control systems and loss of critical process control monitoring systems. The affected port authority was not named.
This was the third alert the USCG sent out last year. In May and July, alerts were issued about malware designed to impact IT systems on ships.The crippling effect cyber attacks can wreak on increasingly digitalised environments means cyber security is seen as the new frontier in marine and offshore safety.
Attacks can take the form of ghosting GPS systems, take over of command-and-control systems, ransomware or intelligence gathering.
The maritime sector’s vulnerability has long been noted by security experts. Despite this, Templar Executives chief executive Andrew Fitzmaurice said there are no official records on the number of cyber security attacks that have affected the maritime sector.
In April, senior US Congressman John Garamendi said the entire maritime network in the US was vulnerable to attack, adding that cybersecurity measures were being dealt with "inadequately".
Riviera Maritime is hosting a Maritime Cyber Risk Management Forum on 16 June 2020.