Since 2017, four of the world’s biggest maritime shipping companies have been impacted by cyber-attacks, the most recent being French shipping giant CGA CMA Group, increasing the need for heavier cybersecurity measures for ships, ports, terminals, and offshore facilities.
Internationally, the threat has prompted agencies, like the International Maritime Organization, to issue new guidelines outlining worldwide shipping protocols. Domestically, the federal government has responded with new strategies and task forces to address the issue.
Just this month, the White House released the National Maritime Cybersecurity Plan (NMCP), a set of recommendations to secure the U.S. Maritime Transportation System (MTS), which operates along 25,000 miles of coastal and inland waterways in the country. The strategy discusses the recent uptick in cyberattacks at sea and provides an overview of the different challenges for securing the MTS and reducing cyber incidents at sea.
CESER understands how important it is to address cybersecurity risks at sea and in maritime transportation. In fact, 40% of all maritime traffic is comprised of energy products. Without a secure MTS, we would not be able to transport the energy products that provide a reliable flow of energy to Americans every day.
In 2020, CESER forged a partnership with the National Institute of Standards and Technology (NIST) to strengthen and update and extend DOE’s Cybersecurity Capability Maturity Model1 from the energy sector to the maritime domain. In tandem, NIST’s National Cybersecurity Center of Excellence (NCCoE) and CESER will develop an MTS NIST Cybersecurity Framework Profile and supporting implementation guide to enable energy and maritime organizations to evaluate their own cybersecurity posture. As stated in the NMCP, “Transparency and cooperation will inform a framework, that when used, and will raise adversary costs to compromise maritime systems.”
CESER is also eager to support our interagency partners as they seek to enhance information sharing capabilities and share intelligence insights with maritime stakeholders to identify even the most sophisticated attacks. At DOE, enhanced information sharing is key to identifying fast-moving cyber-attacks before adversaries can compromise critical systems. We share the NMCP’ s view that “transparency, sharing information, and intelligence, as appropriate, are keys to strengthening the integrity and resilience of the MTS.”
As CESER moves forward in its mission to secure the nation’s electric power grid and oil and natural gas infrastructure and preserve U.S. energy security, we look forward to supporting our partners as they seek to safeguard the MTS, and in turn, protect the assets that enable the American way of life.
1Created in 2012, the C2M2 is used by energy sector organizations to assess and improve cybersecurity capabilities. The C2M2 has been leveraged by hundreds of companies across critical infrastructure sectors in the U.S. and around the world.