web analytics

Coast Guard Battles Cyberthreats Amid Industry Resistance – Source: www.databreachtoday.com

coast-guard-battles-cyberthreats-amid-industry-resistance-–-source:-wwwdatabreachtoday.com
Rate this post

Source: www.databreachtoday.com – Author: 1

Government
,
Industry Specific
,
Professional Certifications & Continuous Training

New Report Reveals Industry’s Reluctance to Use Coast Guard Cybersecurity Services

Chris Riotta (@chrisriotta) •
July 16, 2024    

Coast Guard Battles Cyberthreats Amid Industry Resistance
A Coast Guard ship docked in the port of Key West, Florida (Image: Shutterstock)

Private sector stakeholders in the marine transportation system are “hesitant” to use critical cybersecurity services offered by the U.S. Coast Guard, according to a new report. This leaves the nation’s network of navigable waterways, ports and vessels susceptible to major security incidents and national security risks.

See Also: Webinar | Old-School Awareness Training Does Not Hack It Anymore

Only 36% of private industry stakeholders requested and received services from the cyber protection teams created by the Coast Guard in 2021 to enhance the cyber posture of the marine transportation system, according to a July report published by the Department of Homeland Security Office of Inspector General. The Coast Guard is tasked with protecting the U.S. maritime industry and commerce under the Maritime Transportation Security Act of 2002, but it lacks congressional authority to enforce private sector compliance with cybersecurity standards and best practices.

The military branch also lacks the necessary cybersecurity training, staffing and expertise to protect the marine transportation system, “which remains vulnerable to the exploitation, misuse or failure of cyber systems,” the report says.

The marine transportation system – which facilitates nearly $5.4 trillion in commerce and represents about 25% of the U.S. gross domestic product – is a prime target among cybercriminals, foreign adversaries and threat actors. The network faces an average of 2,244 cyberattacks per day, according to the latest available Coast Guard data.

The White House issued an executive order in February tasking the Coast Guard with developing minimum cybersecurity standards for the marine transportation system. Anne Neuberger, deputy national security adviser for cyber and emerging technology, told reporters at the time that the executive action would help strengthen the Coast Guard’s ability to mitigate emerging cyberthreats while requiring vessel operators to report incidents (see: Biden to Sign Executive Order Raising Maritime Cybersecurity).

Successful attacks against the marine transportation system have become increasingly common in the past few years. In 2022, the now-defunct LockBit group launched a ransomware attack that crippled Seattle-based logistics giant Expeditors International for three weeks, forcing the company to halt operations as it recovered from the incident. A ransomware attack by now apparently defunct ransomware group LockBit in 2022 paralyzed Seattle-based logistics and freight-forwarding giant Expeditors International for three weeks while operations were halted as it recovered from the attack. The company reported losing $47 million in cargo overstay fines assessed by ports and spending $18 million in incident-related costs.

In 2021, federal officials disclosed the Port of Houston had thwarted an attempted attack apparently launched by a nation-state attacker. The port annually moves more than 247 million tons of cargo.

The Office of Inspector General report says the Coast Guard has taken significant steps in recent years to address cybersecurity risks for vessels and facilities. It released the Marine Transportation System Cyber Incident Response Playbook in September 2022 and in 2023 provided guidance to area maritime security committees on developing plans that address cyber risks. The branch has also improved private sector reporting around maritime cyber incidents, according to the report.

But the report says industry stakeholders declined to consistently request Coast Guard services to improve their cybersecurity postures in the wake of reported cyber events. Inspections personnel “expressed a limited understanding of how to address cybersecurity when conducting inspections” and “did not feel confident reviewing cybersecurity as part of the inspection,” it says.

The DHS Inspector General recommends that U.S. Cyber Command, the Office of Port and Facility Compliance and the Office of Cyberspace Forces “regularly collaborate with each other” and with marine transportation stakeholders on cyber risk management activities. The report urges the Coast Guard to standardize cybersecurity training on enforceable authorities, complete and publish cybersecurity-specific regulations that provide enforcement authorities for facility and vessel inspections and refine job descriptions for marine transportation cybersecurity specialists.

DHS did not immediately respond to a request for comment. The department concurred with each of the inspector general’s recommendations in the report.

Original Post url: https://www.databreachtoday.com/coast-guard-battles-cyberthreats-amid-industry-resistance-a-25779

Category & Tags: –

Views: 1

LinkedIn
Twitter
Facebook
WhatsApp
Email

advisor pick´S post

Joas Antonio
ChatGPT for Cybersecurity by Joas Antonio dos Santos – malwareanalysis #reverseengineering
ChatGPT for Cybersecurity by Joas...
CISO2CISO Notepad Series
How Can We Structure Cybersecurity Teams To Better Integrate Security In Agile At Scale?
How Can We Structure Cybersecurity...
OCCUPYTHEWEB
Linux Basics for Hackers by Occupytheweb
Linux Basics for Hackers by...
NIST
Digital Forensics and Incident Response (DFIR) Framework for Operational Technology (OT) by NIST – Eran Salfati and Michael Pease
Digital Forensics and Incident Response...
Think Big Blog
Top 10 TED Talks to Learn about Cyber Security
Top 10 TED Talks to...
NCSC
NCSC Cyber Security for Small Business “SMEs” Guide.
NCSC Cyber Security for Small...
Marcos Jaimovich
The Silent Spectre Haunting Your Network: QPhishing, the CISO’s Unspoken Nightmare.
The Silent Spectre Haunting Your...
Marcos Jaimovich
Goodbye to Traditional: Why Conventional Cybersecurity Tools are No Longer Sufficient for the Future of Digital Threats ?
Goodbye to Traditional: Why Conventional...
Marcos Jaimovich
Why do we compare a SOC (Security Operations Center) with the cockpit of a commercial airplane? by Marcos Jaimovich
Why do we compare a...
Joas Antonio
Security Operations Center (SOC) – Tools for Operations Development by Joas Antonio
Security Operations Center (SOC) –...
IZZMIER
Incident Response Playbooks & Workflows Ready for use in your SOC & Redteams
Incident Response Playbooks & Workflows...
LOGPOINT
396 Use Cases & Siem Rules Code ready for use for Mitre Attacks Events Detection in Your SOC by Logpoint
396 Use Cases & Siem...

LASTEST PUBLISHED POSTS

CASOS DE USO APLICABLES EN UN SIEM
CASOS DE USO APLICABLES EN...
IGNITE Technologies
Burp Suite for Pentester
Burp Suite for Pentester
The Institute of Internal auditors
Auditing Risk Culture
Auditing Risk Culture
DevSecOps Guide
ATTACKING PHP APPLICATIONS
ATTACKING PHP APPLICATIONS
DevSecOps Guide
ATTACKING KUBERNETES WITH SECURITY BEST PRACTICE
ATTACKING KUBERNETES WITH SECURITY BEST...
CLTC WHITE PAPER SERIES
Guidance for the Development of AI Risk and Impact Assessments
Guidance for the Development of...
Active Directory
Active Directory IT AuditChecklist
Active Directory IT AuditChecklist
A guide to business continuity planning
A guide to business continuity...
LOG RHYTHM
Using MITRE ATT&CK™ in Threat Huntingand Detection
Using MITRE ATT&CK™ in Threat...
Kaspersky
H2 2023 – A brief overviewof main incidentsin industrial cybersecurity
H2 2023 – A brief...
Andrey Prozorov
24 Great Cybersecurity Frameworks
24 Great Cybersecurity Frameworks
ENISA-EUROPA
SEGURIDAD DE TELECOMUNICACIONES
SEGURIDAD DE TELECOMUNICACIONES

More Latest Published Posts

SF-ISAC
Digital Operational Resilience Act
Digital Operational Resilience Act
SYNGRESS
DIGITAL FORENSICS WITH Open Source TOOLS
DIGITAL FORENSICS WITH Open Source TOOLS
IT REVOLUTION DEVOPS ENTERPRISE FORUM
DevOps Automated Governance Reference Architecture
DevOps Automated Governance Reference Architecture
SANS GIAC CERTIFICATIONS
Detecting Attacks on Web Applications from Log Files
Detecting Attacks on Web Applications from Log Files
EUROPEAN DATA PROTECTION SUPERVISOR
ANNUAL REPORT 2023
ANNUAL REPORT 2023
TechTarget
IT Disaster Recovery Plan Template
IT Disaster Recovery Plan Template
Opstune
IOC Scan Framework v2.0
IOC Scan Framework v2.0
Federal Office for Information Security
Indirect Prompt Injections
Indirect Prompt Injections
the Department of the Environment Climate and Communications
Guidelines on CyberSecurity Specifications
Guidelines on CyberSecurity Specifications
Edelman
INCIDENT RESPONSE REFERENCE GUIDE
INCIDENT RESPONSE REFERENCE GUIDE
Security METRICS
Security Metrics Guide to PCI DSS Compliance
Security Metrics Guide to PCI DSS Compliance
SOC TIPS Cybersecurity
Guia de Resposta a Incidentes de Segurança para LGPD
Guia de Resposta a Incidentes de Segurança para LGPD
CDCP
FIREWALL Audit CHECKLIST
FIREWALL Audit CHECKLIST
GitGuardian
Secrets Management Maturity Model
Secrets Management Maturity Model
MegaCorp One
Sample Penetration Test Report
Sample Penetration Test Report
FORTINET
Routing in FortiGate
Routing in FortiGate
FUTURE OF PRIVACY FORUM
Risk Framework Body Related Data (PD) Immersive Tech
Risk Framework Body Related Data (PD) Immersive Tech
ENISA
Remote ID Proofing Good Practices
Remote ID Proofing Good Practices
Google
Why Red TeamsPlay a Central Rolein Helping OrganizationsSecure AI Systems
Why Red TeamsPlay a Central Rolein Helping OrganizationsSecure AI Systems
Red Canary
Threat Detection Report 2024
Threat Detection Report 2024
HADESS
Pwning the Domain Persistence
Pwning the Domain Persistence
Australian Goverment
PROTECTIVE SECURITYPOLICY FRAMEWORKSecuring government business:Protective security guidance for executive
PROTECTIVE SECURITYPOLICY FRAMEWORKSecuring government business:Protective security guidance for executive
CISC (Comité Internacional Sobre Ciberseguridad)
Política Nacional de Ciberseguridad 2023-2028
Política Nacional de Ciberseguridad 2023-2028
Google
Perspectiveson Securityfor the Board
Perspectiveson Securityfor the Board
HADESS
OSINT Method for Map Investigations
OSINT Method for Map Investigations
CCN-CERT
Observatorio Riesgos Ciberseguridad 2024
Observatorio Riesgos Ciberseguridad 2024
CYBERTHEORY
The ISMG Cybersecurity Pulse Report 2024 is a treasure trove of insights from the RSA Conference, revealing the dynamic landscape of cybersecurity. From AI to Zero Trust: A comprosive guide to the key themes and expert opinions from RSA CONFERENCE 2024 – #RSAC2024
The ISMG Cybersecurity Pulse Report 2024 is a treasure trove of insights from the RSA Conference, revealing the dynamic landscape of cybersecurity. From AI to Zero Trust: A comprosive guide to the key themes and expert opinions from RSA CONFERENCE 2024 – #RSAC2024
FORTINET
Bloking Malware Through Antivirus Security Profile in FortiGate
Bloking Malware Through Antivirus Security Profile in FortiGate