The topic of cyber threat intelligence (CTI) occupies roughly a third of the NMCP. It also generates a significant divergence of opinion among maritime cybersecurity experts.
Carter, who also serves on the Board of Directors for the Maritime Transportation System Information Sharing and Analysis Center (MTS-ISAC), says that relationships he has established with members of the MTS-ISAC community, along with the contacts he was able to establish at DEF CON Hack the Sea, have become invaluable, and that they are finding successes working with each other.
“We are now seeing localized information exchanges launch that feeds into the larger MTS-ISAC, which will only better protect the maritime sector. I have personally shared half-million elements over five years,” he noted.
Dr. Kessler, on the other hand, says that there’s a need for better and more uniform information sharing of cyber intelligence.
“The ISAC/ISAO model is wonderful if you’re a member. In the late 1990s, the ISACs freely shared information. Today, the model is that you have to pay to be a member. I fully understand that the ISCAs need to be funded but the entire maritime transportation system is at risk, and that includes small operators, small manufacturers, and so on,” he added.
In a section on “Information and Intelligence Sharing”, the NMCP recognizes that “organizations such as Information Sharing and Analysis Centers provide a pathway to share information across the private and public sector coordinating Councils.” It also points out, however, that “multiple private sector entities claim to be the information-sharing clearinghouse for MTS stakeholders. Overlapping membership across cybersecurity information sharing organizations creates barriers to efficiently inform MTS stakeholders of maritime cybersecurity best practices or threats.”
An additional consideration is that not all organizations in the sector are at a sufficient state of cybersecurity maturity to leverage access to CTI. Organizations that do not have adequate understanding of their environment or capabilities to monitor their network and respond to events when they are detected are unlikely to benefit from access to third-party intelligence products. Those limited resources may be better dedicated to basic cybersecurity hygiene and workforce development.