The U.S. Coast Guard issued a marine safety alert
recommending the shipping industry institute basic cybersecurity measures to
ensure the safety of their vessels.The alert came in response to an incident in February 2019 when a large ship coming into New York Harbor suffered what was described as a severe cyber incident that impacted the ship’s onboard network, although essential systems were not affected. An inter-agency investigation found the vessel was essentially operating without any effective security measures in place, a fact that was known to the crew.came in response to an incident in February 2019 when a large ship coming into New York Harbor suffered what was described as a severe cyber incident that impacted the ship’s onboard network, although essential systems were not affected. An inter-agency investigation found the vessel was essentially operating without any effective security measures in place, a fact that was known to the crew.
“Although most crewmembers didn’t use onboard computers to
check personal email, make online purchases or check their bank accounts, the
same shipboard network was used for official business – to update electronic
charts, manage cargo data and communicate with shore-side facilities, pilots,
agents, and the Coast Guard,” the Coast Guard said.The Coast Guard noted that it is not sure if this particular
ship is representative of most vessels in not having a proper level of cybersecurity
in place, but with more and more ship controls being computer operated and
navigation being conducted via electronic charting and navigation systems,
protecting these systems with proper cybersecurity measures is as essential.“It is imperative that the maritime community adapt to
changing technologies and the changing threat landscape by recognizing the need
for and implementing basic cyber hygiene measures,” the Coast Guard alert
stated.The basic recommendations included changing pre-set login credentials,
segmenting networks, installing anti-virus software and being up to date on
security patches.In addition Tim Mackey, principal security strategist CyRC
at Synopsys, said, “An up to date inventory of all software assets, including
versions, origins and update procedures, is a bare minimum operational requirement
for deployed software. This asset inventory should also include a detailed
accounting for all known weaknesses and procedures should be in place to ensure
newly disclosed weaknesses or vulnerabilities are amended to the inventory.”
There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […]
It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […]
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
