- The Washington Times - Tuesday, July 9, 2019

The U.S. Coast Guard issued a safety alert Monday after a “significant cyber incident” raised security concerns involving the computer systems used by commercial ships.

A deep draft vessel on an international voyage bound for the East Coast recently contacted the Coast Guard after experiencing problems with its onboard computer network, the agency said in the advisory.

Cybersecurity experts from agencies including the Coast Guard subsequently conducted an investigation that concluded that malicious software had “significantly degraded the functionality of the onboard computer system,” the alert said.

Although the malware did not impact the ship’s essential control systems, the lack of effective cybersecurity measures taken to secure the vessel exposed its critical systems to “significant vulnerabilities,” the Coast Guard warned.

“It is unknown whether this vessel is representative of the current state of cybersecurity aboard deep draft vessels,” the safety alert said. “However, with engines that are controlled by mouse clicks, and growing reliance on electronic charting and navigation systems, protecting these systems with proper cybersecurity measures is as essential as controlling physical access to the ship or performing routine maintenance on traditional machinery.”

“It is imperative that the maritime community adapt to changing technologies and the changing threat landscape by recognizing the need for and implementing basic cyber hygiene measures,” the Coast Guard cautioned. “Maintaining effective cybersecurity is not just an IT issue, but is rather a fundamental operational imperative in the 21st century maritime environment.”

The advisory was accompanied by several recommended cybersecurity best practices aimed at the owners and operators of commercial ships to secure their systems, including segmenting networks, limiting user access, installing basic anti-virus software, regularly installing software updates and exercising caution with respect to external media.

The advisory did not say how malware infected the particular vessel’s computer network, but it raised the possibility of it being brought onboard through an external device.

“This incident revealed that it is common practice for cargo data to be transferred at the pier, via USB drive,” the Coast Guard said. “Those USB drives were routinely plugged directly into the ship’s computers without prior scanning for malware. It is critical that any external media is scanned for malware on a standalone system before being plugged into any shipboard network.”

Both the safety alert and its included recommended best practices were touted later Monday by the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, or CISA.

Sign up for Daily Newsletters

Copyright © 2019 The Washington Times, LLC. Click here for reprint permission.

The Washington Times Comment Policy

The Washington Times welcomes your comments on Spot.im, our third-party provider. Please read our Comment Policy before commenting.


Click to Read More and View Comments

Click to Hide