Jan. 24, 2023

Coast Guard releases first update to Facility Inspector Job Aid

The Coast Guard announces the release of Facility Inspector Cyber Job Aid revision 2, in order to provide the service’s marine safety personnel, as well as regulated maritime facilities, with additional, updated guidance as they address documented cyber vulnerabilities at Maritime Transportation System Act (MTSA) Regulated Facilities. This publication provides the Coast Guard workforce with a renewed perspective and tools needed to ensure compliance with regulatory requirements.

Jan. 23, 2023

Coast Guard Releases New Maritime Cybersecurity Assessment & Annex Guide

The Coast Guard is proud to release the Maritime Cybersecurity Assessment & Annex Guide (MCAAG), which will help Maritime Transportation Security Act (MTSA)-regulated facilities and other Marine Transportation System (MTS) stakeholders address cyber risks. This voluntary guide serves as a resource for baseline cybersecurity assessments and plan development, particularly the Facility Security Assessments (FSA) and Facility Security Plans (FSP) required by MTSA. 

Nov. 8, 2022

CISA releases Cross-sector Cybersecurity Performance Goals

In October, the Cybersecurity and Infrastructure Security Agency released its Cybersecurity Performance Goals (CPGs) and metrics designed to help entities in industrial sectors improve their cybersecurity posture.  The CPGs were required by President Biden via a national security memo on improving cybersecurity for critical infrastructure control systems.  These performance goals, created in coordination between government and private industry, are based on the National Institute of Standards and Technology’s (NIST) Cybersecurity Framework (CSF) and represent a “quick start guide” for organizations of all sizes to address Information Technology (IT)/Operational Technology (OT) cybersecurity.

Nov. 4, 2022

Typosquatting of port facility websites

The Marine Transportation System (MTS) continues to be targeted by typosquatting campaigns operated by cyber criminals. In March 2022, Coast Guard Cyber Command published Maritime Cyber Alert 01-22: Spoofed business websites, highlighting well-constructed fake websites masquerading as legitimate business websites to steal information and potentially install malware. Malicious cyber actors continue to spoof U.S. port facility domains using typosquatting techniques in attempts to re-direct users to malicious websites that have similar domain names. Malicious cyber actors are not directly targeting port facilities, rather, they are targeting individuals who incorrectly type a website address. Misspellings of several U.S. port facility domains have recently been registered, likely for malicious purposes.