Submitted by Coast Guard Cyber Command, Maritime Cyber Readiness Branch

The Marine Transportation System (MTS) should be on heightened alert as a result of two recent developments. The first is a cyber-attack impacting port operations at container terminals in several South African ports due to “an act of cyber-attack, security intrusion and sabotage.”[1][2] The impacted terminals use a popular Terminal Operating System (OS) widely used throughout the U.S., and certain processes handled by the Terminal OS were suspended as a result of the cyber-attack. The attack is believed to be related to the “Death Kitty” ransomware, although full details are still not available.

The second development is the recent release of leaked Iranian documents detailing research into how a cyber-attack could be used to target critical infrastructure, including MTS entities. [3] These documents cover research into topics such as how to use ballast water systems to sink a vessel and how to interfere with MTS satellite communications. 

Coast Guard Cyber Command is continuing to monitor these situations and is fully engaged with cybersecurity agencies worldwide to identify and take action to mitigate vulnerabilities and threats to the MTS.

The Coast Guard strongly encourages vessels and facilities operating in the MTS to take prompt action in the following areas:

• Review controls protecting Operational Technology,
• Closely monitor network and system logs for any signs of unusual activity,
• Review incident response plans, security plans, business continuity plans, and disaster recovery plans,
• After reviewing these plans, with the context of these recently identified threats, implement increased security measures to mitigate any identified vulnerabilities.

Any Breach of Security or Suspicious Activity resulting from Cybersecurity Incidents shall be reported to the National Response Center at 1-800-424-8802 in accordance with CG-5P Policy Letter No. 08-16, Sections 3.B.ii-iv. You are strongly encouraged to report any abnormal behavior with your operational technology to your local Coast Guard Captain of the Port or the CG Cyber Command 24×7 watch at 202-372-2904 or CyberWatch@uscg.mil, as it may related to the developments described in this article.

As part of the effort to protect the MTS, Coast Guard Cyber Command has created Cyber Protection Teams and the Maritime Cyber Readiness Branch as detailed in the Cyber Strategic Outlook released on August 3, 2021.  Additionally, the Coast Guard is in the process of hiring 40 individuals as Marine Transportation System Specialists (MTSS)-Cybersecurity, to further aide in the coordination of efforts at our Area, District, and Sector/Marine Safety Unit Commands to strengthen the MTS against cybersecurity attacks[4].  

If you are a stakeholder in the MTS and would like to assist in our effort to combat cybersecurity attacks against the MTS, please reach out to your local Captain of the Port to become a part of their Area Maritime Security Committee (AMSC).  Many Committees have established cybersecurity subcommittees for the specific purpose of hardening our nation’s ports against cybersecurity attacks.       

For additional questions contact maritimecyber@uscg.mil

This blog is not a replacement or substitute for the formal posting of regulations and updates or existing processes for receiving formal feedback of the same. Links provided on this blog will direct the reader to official publications, such as the Federal Register, Homeport and the Code of Federal Regulations. These publications remain the official source for regulatory information published by the Coast Guard.

[1] S.Africa’s Transnet says will soon lift force majeure after cyberattack | Reuters, July 27, 2021.

[2] Cyber attacks expose the vulnerability of South Africa’s ports – ISS Africa

[3] Iran’s secret cyber files on how cargo ships and petrol stations could be attacked | World News | Sky News

[4] For more information on MTSS-Cybersecurity positions please continue to monitor USA Jobs USAJOBS – The Federal Government’s official employment site