Category Archives: MTSA

Cyberattack Impacts MTSA Facility Operations

Recently the U.S. Coast Guard published a Marine Safety Information Bulletin (attached) regarding an incident involving a ransomware intrusion that occurred at a Maritime Transportation Security Act (MTSA) regulated facility. The virus, identified as “Ryuk” ransomware, may have entered the network of the MTSA facility via an email phishing campaign. The ransomware was able to gain access to significant Information Technology (IT) network files and encrypt them, preventing the facility’s access to the critical files. The virus was also able to encrypt files critical to process operations and then infiltrated the industrial control systems that monitor and control cargo transfers. The entire corporate IT network was impacted, disrupting camera and physical access control systems, and loss of critical process control monitoring systems. These combined effects required the company to shut down the primary operations of the facility for over 30 hours while the cyber response was conducted.

The U.S. Coast Guard states that at a minimum, the following measures may have prevented or limited the breach and decreased the time for recovery:

  • Intrusion Detection and Intrusion Prevention Systems to monitor real-time network traffic
  • Industry standard and up to date virus detection software
  • Centralized and monitored host and server logging
  • Network segmentation to prevent IT systems from accessing the Operational Technology (OT) environment
  • Up-to-date IT/OT network diagrams
  • Consistent backups of all critical files and software

The U.S. Coast Guard also recommends that facilities utilize the National Institute of Standards and Technology (NIST) Cybersecurity Framework and NIST Special Publication 800-82 when implementing a Cyber Risk Management Program.

Contact Greenwood Security Services to have us conduct an assessment of your cyber systems. We can also assist you with developing and implementing the recommended NIST standards.

Greenwood Security Services

An AMSYS Company
8300 Bissonnet Street, Suite 570
Houston, TX 77074

jon@greenwoodsecurity.com

SEAFARERS ACCESS TO MARITIME FACILITIES

On April 1, 2019, the USCG issued a final rule, “Seafarers Access to Maritime Facilities” requiring owners or operators of a maritime facility regulated by the Maritime Transportation Security Act (MTSA) to implement a system providing seafarers, pilots, and representatives of seamen’s welfare and labor organizations access between vessels moored at the facility and the facility gate. Access between the vessel and the gate has to be provided in a timely manner and at no cost to the seafarer or other individuals.

These access procedures must be documented in the Facility Security Plan (FSP) for each regulated Part 105 facility and approved by the local Captain of the Port (COTP). Facility owners or operators will need to amend or update their FSP to ensure that they are in compliance with these requirements. The COTP will then review the submitted amendments to ensure they are in compliance with the requirements listed in 33CFR105.237 (c)-(e).

Important dates associated with the regulation:

  • May 1, 2019 – Seafarers’ Access to Maritime Facilities regulation became effective;
  • February 3, 2020 – The system of access must be documented in the FSP; and,
  • June 1, 2020 – The facility owner or operator must implement their system of access.

33CFR105.237 (c)-(e) Requirements:

(c) Timely access

(d) Access methods

(e) No cost to individuals

Port Security Grant-Themed Malicious Email (TLP-GREEN)

MPS-ISAO Warning Report, “Malicious Port Security Grant-Themed Email“.  The MPS-ISAO received an email sample from a U.S. Port customer this morning, and have confirmed that it is malicious.  The distribution list for this port security grant-themed email was over 500.  Please click here to see the report for email indicators.

Thanks Lester Millet for the report.

Lester J. Millet III, LEM
Safety Agency Risk Manager / FSO Workgroup Chairman
Port of South Louisiana

DHS OIG Review of the USCG Oversight of the TWIC Program

The Department of Homeland Security’s Office of Inspector General performed a review of the USCG oversight of the TWIC program and found that the USCG “does not have a full understanding of the extent to which the TWIC program address security risks in the maritime environment”.

Report Findings:

  • DHS did not complete the mandated TWIC Program assessment
  • USCG needs to clarify TWIC Reader requirements for industry
  • USCG needs to improve TWIC card verification process
    • USCG completed 33,800 TWIC verifications, but only used electronic TWIC readers to verify just 2,425 cards, or 1 in 15 cards
  • USCG needs to strengthen oversight guidance on TWIC program

The report also lists four recommendation for DHS and the USCG:

  • DHS Under Secretary of Science and Technology complete the TWIC program assessment required by Public Law 114-278 to evaluate the security value of the TWIC program.
  • The USCG’s Assistant Commandant for Prevention Policy take action to more clearly define the applicable facilities that have certain dangerous cargo in bulk and which must implement the use of electronic TWIC readers as an access control measure.
  • The USCG’s Assistant Commandant for Prevention Policy improve the Coast Guard’s use of electronic TWIC card readers during annual inspections at regulated facilities by procuring new TWIC card readers.
  • The USCG’s Assistant Commandant for Prevention Policy revise and strengthen the Coast Guard TWIC Verification and Enforcement Guide.

DHS concurred with all four of the recommendations and stated that the Homeland Security Operational Analysis Center is currently conducting an assessment of the TWIC program. The estimated completion date for the DHS assessment is March 30, 2020.

To download a copy of the full report, click here.

TSA Begins Issuing New TWIC Cards

The Transportation Security Administration (TSA) began issuing the new TWIC NexGen cards on July 10, 2018. The new cards incorporate enhanced security features (click here to read more).

Details about the new TWIC NexGen card:

  • Current TWIC card holders do not need to replace a valid TWIC card with the new TWIC card design.
  • Regulated entities that require TWIC for access will accept and recognize both the current and new TWIC designs until the card’s expiration.
  • The new card design is compatible with qualified TWIC readers.
  • To deter alteration of the card’s expiration date, the new card includes a color-coded expiration date box that will update on an annual basis.
  • The fee for the newly re-designed TWIC card remains unchanged ($125.25) and the credential is valid for five years.

Click here to read more about the TWIC NexGen cards.

Click here for a TWIC NexGen Authentication Guide

New Coast Guard Facility Inspection Form

Effective immediately, USCG facility inspectors are going to start using a new form for facility inspections. The new form, CG-835F, replaces CG-Form 835, “Vessel/Facility Inspection Requirements”. CG-835F is specifically formatted for facility inspections. There are no major changes to the new form or the information collected during the inspection.

Facility owners and operators may start seeing Coast Guard facility inspectors using the new form immediately, but some inspectors may still use the older CG-835 form during the transition.

Click here for a link to the new CG-385F form.

TWIC Reader Delay for Certain Facilities

The Coast Guard has proposed to delay the effective date for implementation of TWIC Readers for certain facilities. The proposed delay is for two categories of facilities:

  • Facilities that handle certain dangerous cargoes in bulk, but do not transfer these cargoes to or from a vessel, and;
  • Facilities that receive vessels carrying certain dangerous cargoes in bulk, but do not, during that vessel-to-facility interface, transfer these bulk cargoes to or from those vessels.

The Coast Guard proposes delaying the effective date for these two categories of facilities by 3 years, until August 23, 2021.

Other vessels and facilities, including facilities that receive large passenger vessels and facilities regulated under 33 CFR 105.295 that handle certain dangerous cargoes in bulk and transfer it to or from a vessel, would be required to comply with the final rule by August 23, 2018.

Click here for the Notice of Proposed Rulemaking.

Click here and here for additional information regarding the TWIC Reader Rule.

2018 Port Security Grant Program Posted

Yesterday, the Department of Homeland Security and FEMA posted the 2018 Port Security Grant Notice of Funding Opportunity (NOFO).  Federal allocation this year is $100 million, more than last year.  However, for private, for profit companies, the federal match is 50/50 vs the 25%/75% if last year.  Which means, that if a recipient applies for $100,000 in funding for an appropriate security project, DHS will award $50,000 and the company receiving the award will need to provide $50,000 in matching funds.

That may make the grants program less attractive for many companies; however, it is logical that fewer will apply, so the chances of winning an award may be better than last year.

The deadline for filing applications is June 20th – we have less than 30 days.

In the last few years, Don Greenwood & Associates Inc. has help clients write and submit ten grant applications and have won awards for eight of the ten, including the largest award given to a private company in 2016 – just under $1 million dollars.  Writing successful grant applications depends on the consultant’s ability to draft a persuasive argument that the facility in question needs the award to support the goals of the larger community, the Area Maritime Committee, as well as the submitting company and port facility.

Contact us at 281-435-2339 or don@greenwoodsecurity.com for more information.

TWIC NexGen Card

TSA plans to implement a new TWIC card, TWIC NexGen, in fiscal year 2018.

The TWIC NexGen updates are focused on enhancing the card functionality, new security features of the card, changes to the Technology Infrastructure Modernization (TIM) system.

Click here for TWIC Authentication Features.

TWIC Authentication & Identification

Based on the requirements of each facility/vessel and specific threat levels, TWIC is designed to be used in various Access Control Systems at different levels of security.

  • Static Identification –
    • Proximity card – Contact or Contactless Card Reader
    • Identify card using Cardholder Unique Identifier (CHUID).
      • Federal Agency Smart Credential Number (FASC-N) may be checked against the TWIC Canceled Card List (CCL).
  • Crytographic Authentication
    • TWIC PIN authentication
    • No biometric authentication
  • Biometric Identification
    • Biometric authentication
    • No card authentication
  • Combined Authentication – 2 Factor Authentication
    • Biometric authentication
    • Card authentication
    • FASC-N verified against CCL

USCG/TSA is also currently developing a mobile app to verify TWIC cards. The app will be capable of verifying the Credential Identification Number (CIN) printed on the TWIC against the CCL.

Status of TWIC Reader Final Rule

The status of TWIC Final Reader Ruling was brought up at the recent AMSC meeting held on January 10, 2018, at the St. Charles EOC, by several members of the maritime community. The concern was referencing information being circulated, verbally, in the maritime community that this ruling was being delayed or changed. We advised the maritime community members that the Coast Guard would research the TWIC Final Reader Ruling from August 23, 2016 to determine it’s true status and effective date.

Coast Guard Sector New Orleans Facility Division contacted Coast Guard Headquarters to obtain the most up to date information on this ruling which is listed below.

CG Headquarters (CG-FAC) continues to work with DHS to address concerns with the TWIC Reader Rule that were detailed in the petition filed under Docket # USCG-2017-0447-0003. Options being considered to clarify/correct the reader rule are: Delay of the current TWIC Reader Rule, a reader rule amendment, a new regulation, and clarification through policy. Each option requires time to process, review, approve, gain clearance, and finally publish. Once a way forward is determined and approved, the Coast Guard anticipates to respond to the petition at that time.

Note; if no change to the rule is made and the rule is implemented on Aug 23, 2018, Coast Guard will evaluate each facility to which the rule applies and will work with each facility operator to ensure implementation while striving to minimize impact to the facility.

Thanks Lester J. Millet (MSOC Port of South Louisiana) and Mike Sawyer (USCG Sector N.O./Port Security Specialist) for this update.