Recently the U.S. Coast Guard published a Marine Safety Information Bulletin (attached) regarding an incident involving a ransomware intrusion that occurred at a Maritime Transportation Security Act (MTSA) regulated facility. The virus, identified as “Ryuk” ransomware, may have entered the network of the MTSA facility via an email phishing campaign. The ransomware was able to gain access to significant Information Technology (IT) network files and encrypt them, preventing the facility’s access to the critical files. The virus was also able to encrypt files critical to process operations and then infiltrated the industrial control systems that monitor and control cargo transfers. The entire corporate IT network was impacted, disrupting camera and physical access control systems, and loss of critical process control monitoring systems. These combined effects required the company to shut down the primary operations of the facility for over 30 hours while the cyber response was conducted.
The U.S. Coast Guard states that at a minimum, the following measures may have prevented or limited the breach and decreased the time for recovery:
- Intrusion Detection and Intrusion Prevention Systems to monitor real-time network traffic
- Industry standard and up to date virus detection software
- Centralized and monitored host and server logging
- Network segmentation to prevent IT systems from accessing the Operational Technology (OT) environment
- Up-to-date IT/OT network diagrams
- Consistent backups of all critical files and software
The U.S. Coast Guard also recommends that facilities utilize the National Institute of Standards and Technology (NIST) Cybersecurity Framework and NIST Special Publication 800-82 when implementing a Cyber Risk Management Program.
Contact Greenwood Security Services to have us conduct an assessment of your cyber systems. We can also assist you with developing and implementing the recommended NIST standards.
Greenwood Security Services
An AMSYS Company
8300 Bissonnet Street, Suite 570
Houston, TX 77074