Ransomware and Your Cybersecurity – Preparing for the Worst while Expecting the Best

The new Coast Guard requirement to include cyber in your FSP highlights that the threat of cyber intrusion into your networks, both information technology (IT) and operational technology (OT), is ever present and growing. Here is a very recent example of a cyber incident in the maritime sector that highlights the increasing trend of ransomware being used by criminal elements.

Ransomware Attack on Swire Pacific Offshore Breaches Personnel Data (maritime-executive.com)

Not only are networks being “locked up” by ransomware actors, but data theft is occurring with more regularity in these intrusions…

“…it is believed that they were successful in taking data from Swire Pacific Offshore’s personnel files ranging from passports, payroll, banking information, and email addresses.”

This element of cyber nastiness continues to grow across all critical infrastructure sectors. With the increasing demand on the maritime sector to move commerce safely and securely, these cyber incidents have the potential to be catastrophic – remember NotPetya and its impact on Maersk, FedEx/TNT and others as just one example!

In our experience we see many clients that are trying to do the right things by thoughtfully including cyber into their FSPs, and also carrying out recommend best practices within their companies, such as

  • Forming partnerships and creating regular interaction between the FSO and the IT & OT staffs as appropriate;
  • Educating leadership about how cyber fits into the overall security planning process - especially in conjunction with physical security; and
  • Working with all parts of their organization to educate employees and raise awareness not only about the threats, but about their responsibilities to be attentive, use caution and effectively be part of the solution rather than part of the problem.

Are you following these best practices? Do you need help thinking through how to best include cyber into your plans? These best practices, and more, are integrated into the S&A FSO curriculum – we have been working hard on getting this thinking integrated into maritime security for several years. All S&A qualified FSOs bring this thinking to the table when building, reviewing, and implementing your MTSA-compliant security program.

Remember, S&A is your critical best friend when we conduct your audit or carry out your assessment and update of your FSP. We are going to absolutely stress the importance of cyber being INTEGRATED in your plan with all the other elements of good security practice!

How TWIC Saves Time and Money at the Airport

Recently, a Seebald & Associates auditor had to make a last minute change in travel plans to meet a client’s needs.  While already on the road, Rich had to book a flight on an airline that didn’t already have his Known Traveler Number (KTN) in their database.  The KTN is the number TSA issues to people who complete the TSA PreCheck application process, including paying the fee.    

But that KTN was on a slip of paper back at home.  Without the KTN readily at hand or access to those speedy PreCheck lanes, how would Rich avoid the long security line?

Fear not gentle reader, for Rich was equipped with the mighty TWIC, and although it is not widely known, the TWIC identification number serves as the KTN.  Rich entered his TWIC number when making his reservation, sped through security, and was on his way to the client.

So if you already have a TWIC (and if you are reading this blog, you probably do), there is no need to apply separately, and pay an additional $85 fee for PreCheck.  You already have it.  Active TWIC card holders enter their TWIC credential identification number (CIN) in the KTN field of their airline reservation or in their airline rewards profile section.  The CIN is printed on the back of each TWIC card in the lower left-hand corner.

This change has been a long time coming but is welcome all the same.  For more information see the link below:

https://www.tsa.gov/news/press/releases/2020/07/08/active-twicr-and-hme-holders-can-use-their-credentials-obtain-tsa

We recently completed a Facility Security Assessment (FSA) which included a cybersecurity assessment in which we informed the IT/OT/Cybersecurity departments at a large refinery of the new requirement to have cybersecurity as part of the facility security plan (FSP).  We also made clear that there are required notifications of any cybersecurity incidents to the Facility Security Officer (FSO), National Response Center and the local Coast Guard Captain of the Port.  Shortly after completing the FSA, this refinery in the northeast was awash in phishing email attempts that were spurred by some recent changes.  The FSO attributes his recent FSO training and the FSA process in educating all necessary parties to the cyber requirements and with ensuring all required notifications were properly made and done so in a timely fashion.  

This cybersecurity threat was noticed when the entire company received suspicious emails regarding new administrative requirements and numerous employees contacted their cybersecurity department to investigate.  The cyber team did a superb job of determining that these were phishing emails and a companywide alert was sent out to that effect.  The FSO was notified so that the required notifications could be made.  The phishing attempts failed at inserting malware onto the companies’ network because of the quick action by the facility team. 

This thwarting of a full-blown potential cybersecurity incident is a perfect example of why all MTSA regulated facilities are required to conduct a cybersecurity assessment as part of the FSA and include a cybersecurity annex in their FSP, not to mention having current cyber policies and training. 

A reminder - all MTSA regulated facilities are required to conduct a cybersecurity assessment and include a cybersecurity annex to their FSP by their audit anniversary date September 30, 2022.

Released by Coast Guard Maritime Commons Blog

Beginning on Oct 1, 2021 facility owners and operators who have not already done so should submit FSP cyber amendments or annexes to their local Captain of the Port (COTP) as part of the facility's annual audit.

 

A fitting tribute for a murdered Coast Guardsman... thank you to Sheriff Karl Leonard and all of the law enforcement in the Central Virginia area for helping recognize this Coastie's service!

Things observed  …. Good, Bad, and Ugly.

Some facts remain indisputable, regardless of your political affiliation.   One such fact is this:  We live in a fallen world.    Most days it doesn’t touch us, so we mindlessly go about our daily lives oblivious to the crime, evil, and discontent that seems to occupy every minute of our newsfeeds.     And then, there it is — in our face, front and center.     Today I will put on my service dress uniform for the first time in five years to attend the funeral of Petty Officer Caroline Schollaert, who grew up just a few miles from my hometown.   She was ruthlessly killed last week in Jacksonville by a thief caught breaking into her car.  Caroline was 27.  He was 22.  A common thief, likely looking for pocket change to buy his next fix.  The obvious irony is that Caroline’s final duty station was HITRON, the U.S. Coast Guard’s elite airborne counter-drug interdiction unit.        

I heard about the killing a week ago today from Sheriff Karl Leonard, who is a retired Coast Guard reserve officer.  I live in his county.   Caroline will be laid to rest this afternoon just up the road from us.  As a gesture of honor bestowed only to fallen military and first responders, he offered to provide a police escort for Caroline’s body when it arrived at our local Airport last Tuesday.  To that end, he requested that I reach out to my former colleagues at LANTAREA to get the arrival details.  In my mind, I envisioned a few police cars in a short motorcade, perhaps a motorcycle or two, following a black hearse.   It would be a journey of about 25 miles into the rural Virginia Countryside.   I sensed that people would pay it little mind as they saw it pass, many of them grumbling under their breath as they impatiently glance at their watches over the extra minute or two they would have to spend at an intersection.   I would be proved wrong. 

The Sheriff made a few calls and graciously picked me up at my house in a squad car on Tuesday afternoon; we immediately proceeded to the airport to wait for the Coast Guard C-27J carrying Caroline’s body.    What happened over the next two hours will forever be etched into my memory, and every Coast Guardsman who witnessed it should thank Karl Leonard for pulling this together.    The scene was this:   At the entrance to the airport were a litany of law enforcement vehicles from multiple jurisdictions, all parked in perfect formation  — facing the road, with blue lights flashing.   Everyone new something important was about to happen.     Waiting in a the parking lot were even more of them: scores of local, state, and county police vehicles from all over.   Then no less than 150 Harley Davidson’s manned by “Patriot Riders” came roaring in — among them were veterans of all military services — colors flying proudly.   In a nearby hanger, temperatures hovering in the upper 90s, was a contingent of Coast Guardsman in full Service Dress, waiting to line up and render a salute to their fallen shipmate as she was carried out of plane, proceeded by her mother, father, brother, and fiancé.    The hearse was loaded.  Few words were spoken.   People got into their vehicles and the Harley Davidsons fired to life.     

As the procession pulled out of the airport, led by flashing blue lights and motorcycles extending as far as the eye could see, the officers and firefighters staged along the way all snapped to attention and rendered salutes.    The local fire station had prepositioned a ladder truck, boom extended.   Hanging from it was a giant National Ensign — the same ensign that the other part of America now denigrates.   But not here — not today.   The state police would not let a single car pass as we creeped along at half speed, even on the four-lane highway.    Respect was due.   Respect would be rendered. 

As we started to draw near the small rural community of Powhatan, we began to see citizens lining route 60, hands over hearts, holding flags, silently honoring a mother and father who’s precious daughter lay in a flag-draped coffin in the hearse ahead.   The closer we got, the denser the crowd.     It was indeed a sight to behold.   I saw an old man solemnly holding a Coast Guard Ensign as we slowly turned into the funeral home parking lot, now overflowing with more cars and Harleys than it had likely ever held.   Then I turned to the Sheriff and said “Thank you Sir.   I will never forget this.”   He turned and said, “No, this is what we do for each other.”   

Petty Officer Schollaert’s tragic death was bad.   It was ugly.   But in it we found some real Americans who are still good, and humble, and God fearing.”    No riots, no fires, no looting.   Just grief.

“Blessed are those who mourn, for they shall be comforted.”   — Matthew 5:4

W. D. Lee

VADM, USCG (ret)