On July 8, the U.S. Coast Guard issued an official “Marine Safety Alert” warning operators of commercial vessels of cybersecurity risks. The alert came in response to a February 2019 incident involving a vessel bound for the Port of New York and New Jersey.
Cybersecurity experts from the Coast Guard and other agencies determined that the vessel had fallen victim to a malware attack, and that it lacked the basic protections needed to reduce the risk of such an attack.
The alert indicates USB drives were used to transfer cargo data from the pier to the vessel’s computers, and that the USB drives were not scanned for malware before they were plugged in. Although the alert does not indicate whether an infected USB drive was the source of the malware attack, it warns vessel operators not to use removable media from an untrusted source.
The Coast Guard also recommends these cybersecurity best practices:
- Assign user credentials to each employee, and use multifactor authentication wherever possible. Establish least-privilege access policies, limiting each user’s privileges to those needed to do his or her job. Administrator-level accounts should be strictly controlled and assigned only where necessary.
- Keep systems patched with the latest software and security updates. Cyberattacks frequently target unpatched systems.
- Install and routinely update antivirus software.
- Segment the network to prevent an intruder from moving laterally from system to system. Network segments supporting essential systems should have the strongest security measures.
Don’t let a cyberattack put your vessel’s critical systems at risk
The July 8 Safety Alert also references an Information Bulletin released May 24, 2019. That bulletin warned operators of phishing attacks attempting to gain sensitive information from commercial vessels, and of malware designed to disrupt onboard computer systems. The phishing emails used addresses that appeared to come from an official Port State Control authority. The bulletin urged operators to verify the validity of email senders before responding to unsolicited messages, and to report suspicious activity to the Coast Guard National Response Center.
Marine Vessels Targeted
The rise of cyberattacks targeting marine vessels is hardly surprising given their increasing reliance on computer systems. That’s why GDS integrates robust security tools into its marine connectivity solutions. GDS delivers elastic bandwidth via a fully managed software-defined platform that incorporates these security features:
- Next-generation firewall (NGFW). GDS leverages an application-aware NGFW that allows legitimate applications to traverse the network while blocking others according to predefined policies. Deep packet inspection is used to scrutinize network traffic on a granular level, while access controls ensure that only authorized users can enter the network. The ability to decrypt and scan packets prevents hackers from using encryption to shield traffic from inspection.
- Antimalware protection. GDS uses global threat intelligence to block known malware, and static and dynamic file analysis to detect emerging malware. Files and traffic are continuously monitored to identify malware attacks that get past initial inspection. During an attack, GDS leverages full stack visibility to detect and block known and unknown threats and to defend against advanced persistent threats (APTs) and application-embedded attacks.
- Content filtering. Many legitimate websites have been compromised with malicious content that can download malware without user action. Content filtering automatically determines the safety of a site and blocks access to dangerous, inappropriate or unproductive content. Organizations can also set policies denying access to social media and other potentially risky links. This tool is especially important for vessels that allow crew to access the Internet.
Don’t let a cyberattack put your vessel’s critical systems at risk. Let us show you how our connectivity solutions protect against today’s cyber threats.