USCG INVESTIGATE RECENT CYBER INCIDENTS
Published: 18 July 2019
Following a series of cyber incidents earlier in the year, a team from the USCG carried out an investigation and analysis of the control systems on board the ship in question. The team concluded that although the malware significantly degraded the functionality of the onboard computer system, essential ship control systems had not been impacted. Nevertheless, the ship was operating without effective cybersecurity measures in place, exposing critical ship control systems to significant vulnerabilities. Although most crew members did not use onboard computers to check personal email, make online purchases or check their bank accounts, the same shipboard network was used for official business – to update electronic charts, manage cargo data and communicate with shore-side facilities, pilots, agents and the Coast Guard.
It is unknown whether this is representative of the current state of cybersecurity aboard ships. However, with engines that are controlled by mouse clicks, and growing reliance on electronic charting and navigation systems, protecting these systems with proper cybersecurity measures is essential.
The USCG strongly recommends that ship and facility owners, operators and other responsible parties take the following basic measures to improve their cybersecurity:
- Segment Networks. “Flat” networks allow an adversary to easily maneuver to any system connected to that network. Segment your networks into “sub-networks” to make it harder for an adversary to gain access to essential systems and equipment.
- Per-user Profiles & Passwords. Eliminate the use of generic log-in credentials for multiple personnel. Create network profiles for each employee. Require employees to enter a password and/or insert an ID card to log on to onboard equipment. Limit access/privileges to only those levels necessary to allow each user to do his or her job. Administrator accounts should be used sparingly and only when necessary.
- Be Wary of External Media. This incident revealed that it is common practice for cargo data to be transferred at the pier via USB drive. Those USB drives were routinely plugged directly into the ship’s computers without prior scanning for malware. It is critical that any external media is scanned for malware on a standalone system before being plugged into any shipboard network. Never run executable media from an untrusted source.
- Install Basic Antivirus Software. Basic cyber hygiene can stop incidents before they impact operations. Install and routinely update basic antivirus software.
- Don’t Forget to Patch. Patching is no small task, but it is the core of cyber hygiene. Vulnerabilities impacting operating systems and applications are constantly changing – patching is critical to effective cybersecurity.