Ransomware and Your Cybersecurity – Preparing for the Worst while Expecting the Best

The new Coast Guard requirement to include cyber in your FSP highlights that the threat of cyber intrusion into your networks, both information technology (IT) and operational technology (OT), is ever present and growing. Here is a very recent example of a cyber incident in the maritime sector that highlights the increasing trend of ransomware being used by criminal elements.

Ransomware Attack on Swire Pacific Offshore Breaches Personnel Data (maritime-executive.com)

Not only are networks being “locked up” by ransomware actors, but data theft is occurring with more regularity in these intrusions…

“…it is believed that they were successful in taking data from Swire Pacific Offshore’s personnel files ranging from passports, payroll, banking information, and email addresses.”

This element of cyber nastiness continues to grow across all critical infrastructure sectors. With the increasing demand on the maritime sector to move commerce safely and securely, these cyber incidents have the potential to be catastrophic – remember NotPetya and its impact on Maersk, FedEx/TNT and others as just one example!

In our experience we see many clients that are trying to do the right things by thoughtfully including cyber into their FSPs, and also carrying out recommend best practices within their companies, such as

  • Forming partnerships and creating regular interaction between the FSO and the IT & OT staffs as appropriate;
  • Educating leadership about how cyber fits into the overall security planning process - especially in conjunction with physical security; and
  • Working with all parts of their organization to educate employees and raise awareness not only about the threats, but about their responsibilities to be attentive, use caution and effectively be part of the solution rather than part of the problem.

Are you following these best practices? Do you need help thinking through how to best include cyber into your plans? These best practices, and more, are integrated into the S&A FSO curriculum – we have been working hard on getting this thinking integrated into maritime security for several years. All S&A qualified FSOs bring this thinking to the table when building, reviewing, and implementing your MTSA-compliant security program.

Remember, S&A is your critical best friend when we conduct your audit or carry out your assessment and update of your FSP. We are going to absolutely stress the importance of cyber being INTEGRATED in your plan with all the other elements of good security practice!