A group of American seaports and maritime stakeholders have decided to address cybersecurity threats by launching a new non-profit, the Maritime Transportation System Information Sharing and Analysis Center (MTS-ISAC).
The new organization’s objective is to promote cybersecurity information sharing throughout the maritime community. A group of leaders from seaports, shipowners and terminal operators recognized the need to improve their own cybersecurity resiliency, and since resources are limited, they realized the best approach was to work with their peers to identify, protect against, and detect cyber threats. Information sharing and analysis efforts will focus on threats to both information technology (IT) and operational technology (OT) systems, which stakeholders can use to prevent or minimize potential cyber incidents.
The MTS-ISAC’s services assist infrastructure stakeholders with compliance requirements, including the 2021 IMO cyber risk management guidelines and the recently-released US Coast Guard Navigation and Vessel Inspection Circular (NVIC) 01-20 This NVIC states that in the Coast Guard’s view, the Maritime Transportation Security Act (MTSA) obligates regulated facilities to “identify, assess, and address the vulnerabilities of their computer systems and networks” when preparing the facility security plan.
The initial board members for the ISAC include the Alabama State Port Authority, Greater Lafourche Port Commission (Port Fourchon), Jacksonville Port Authority (JAXPORT), Port of New Orleans, Port of San Diego, Port Vancouver USA, and six other maritime critical infrastructure stakeholders.
“As the maritime sector continues to rapidly increase its reliance upon and integration of new technologies into operational capabilities, we’re seeing the need for stakeholders to pool limited cybersecurity resources to understand and manage the associated risks in effective ways,” said Scott Dickerson, the MTS-ISAC’s Executive Director. “We’re actively seeing an increase in cyber threat activity, and effective information sharing between our stakeholders has been a force multiplier for their risk management efforts. While IMO 2021 and the USCG NVIC [01-20] help provide guidance to industry, we believe effective maritime public-private partnerships will be a cornerstone for successful maritime cyber risk management efforts moving forward.”