The Coast Guard recently received a report from a Maritime Transportation Security Act (MTSA) regulated facility in Texas regarding an attack on an Internet public facing server. Fortunately, the facility had a cyber- incident response plan. Their familiarity with and use of the plan by their cyber incident response team allowed for quick containment and mitigation of the threat to prevent any impacts to the facility’s operations.
The cyber landscape in the Marine Transportation System (MTS) is continually changing, with increased potential for cyber security events. Computer systems and technology are becoming integral parts of equipment and operations. While increased reliance and application advances efficiency and capability of operations in the MTS, they also create new threat vectors and vulnerabilities. Cyber-attackers have demonstrated the ability to exploit vulnerabilities to conduct malevolent activity against maritime critical infrastructure. These attacks, similar to physical breaches of security, have the potential to create disastrous transportation security incidents. One method of attack is through the manipulation of operational technology (OT) assets or IT assets relied upon for critical port operations. Many times, the gateway to compromise OT is by first gaining access to IT assets. No matter the entry point, facilities must pursue software accountability and vulnerability management to include minimizing public facing services and enforcing security controls such as multifactor authentication (MFA).