This article is the third in a series that the Coast Guard will be publishing in recognition of Cybersecurity Awareness Month. Now in its 18th year, Cybersecurity Awareness Month emphasizes the importance of cybersecurity and cyber risk management across all critical infrastructure, especially the Marine Transportation System (MTS).
Cybersecurity incidents are becoming an increasingly frequent occurrence and can have significant impacts, as evidenced by the recent Solar Winds incident and the attack on Colonial Pipeline.
The maritime community is not immune from cybersecurity incidents with several events resulting in reduced operations and financial losses for maritime businesses. Cyber hygiene is the first line of defense in a cyber risk management plan and involves the processes one uses to protect access to an information network.
The first step for good cyber hygiene is password management. This includes:
- changing a password frequently
- ensuring that the password is complex
- and limiting users who have administrative level access
Recent Coast Guard inspections revealed cybersecurity risks from poor cyber hygiene. Examples include:
- passwords semi-permanently attached to the equipment they are used on
- printed emails noting that a password has changed lying in plain view
- and sharing user accounts to display electronic vessel certificates or reference Safety Management System documents