Seebald & Associates recently posted a joint NSA-CISA cyber security advisory concerning operational technology and a Coast Guard MSIB regarding operational technologies and control systems. See previous blogs.
I’ll summarize my understanding of this advisory as follows: OT systems are increasingly accessible via the internet though the convergence of IT and OT systems. Malicious actors are increasingly able to find and exploit those systems. The advisory goes on to suggest various ways to address this threat, including network mapping and hardening, and cyber resilience and recovery plans.
While technical cyber security measures are beyond the skill of most FSOs, fostering a strong security culture across all of the organization is a key FSO responsibility. A great way to promote this is to call up your cyber security counterparts and ask them to help you understand what actions the facility would take in the event of a cyber attack.
Keep in mind that a cyber attack might be a precursor to a physical attack, so cooperation and communications between the FSO and the cyber security team is critical. Even if the Coast Guard does not change the MARSEC level, you may want to increase patrols, increase screening, and advise visiting vessels and all other facility personnel to be especially vigilant for suspicious activity. Plan all of this in cooperation with your cyber team.
You should also recognize that a cyber attack, or the response actions taken by your cyber security personnel, may impact cyber systems you rely on – from e-mail and security cameras to alarms, access control systems, and cargo control. Discuss these possibilities with your cyber security partners now, so you are prepared if and when such an attack occurs.
If you’ve never had such a discussion, much less planned a joint cyber/physical security drill or exercise, now is the time to change that. Seebald & Associates can help you prepare for all security risks, and can help you develop a Facility Security Plan that meets new Coast Guard cyber security requirements. Finally, if you have facilities regulated under CFATS, pass this along to them, and let them know that S&A also serves the CFATS community.
Seebald & Associates will be sending out a cyber security drill this week for our platinum members to assist you in building your cyber security awareness.