When to report a cyber incident.

On February 21, 2024, the Executive Order on Amending Regulations Relating to the Safeguarding of Vessels, Harbors, Ports, and Waterfront Facilities of the United States amended 33 CFR Part 6. Among other provisions, it added a definition for “cyber incident” and created a requirement to report evidence of an actual or threatened cyber incident involving or endangering any vessel, harbor, port, or waterfront facility to the Coast Guard, the Federal Bureau of Investigation (FBI), and the Cybersecurity and Infrastructure Security Agency (CISA). The broad applicability of 33 CFR Part 6 and the new definition of a cyber incident created an overlap with existing MTSA reporting requirements. NVIC 02-24 provides clarification on the reporting requirements identified in 33 CFR Part 101 and 33 CFR Part 6.

• NVIC 02-24 - REPORTING BREACHES OF SECURITY, SUSPICIOUS ACTIVITY, TRANSPORTATION SECURITY INCIDENTS, AND CYBER INCIDENTS
• Executive Order - Executive Order on Amending Regulations Relating to the Safeguarding of Vessels, Harbors, Ports, and Waterfront Facilities of the United States.
• National Response Center - All incidents required to be reported based on the above guidance should be reported to the National Response Center by calling 1-800-424-8802

Have a question? Here is a list of your CG Cyber Contacts.

The Coast Guard has published a Notice of Proposed Rulemaking in the Federal Register related to proposed updates to cybersecurity requirements for MTSA-regulated U.S. flagged vessels, Outer Continental Shelf facilities, and U.S. facilities. Individuals are encouraged to submit questions and comments to the Federal Register for consideration.

• Navigation and Vessel Inspection Circular (NVIC) No. 01-20 - NVIC 01-20 provides guidance to facility owners and operators in complying with the requirements to assess, document, and address computer system or network vulnerabilities.
• Maritime Cybersecurity Assessment and Annex Guide (MCAAG) - This document provides a recommended, yet voluntary, process for identifying and describing cybersecurity vulnerabilities in the context of a Facility Security Assessment. It provides a format for creating a cyber annex addition to the Facility Security Plan, which can be used by the Facility Security Officer in close collaboration with the facility’s cybersecurity, information technology and/or operational technology staff.
• Maritime Transportation Security Specialists - Cyber (MTSS-C) - MTSS-C's serve the Captain of the Port (COTP) and other Coast Guard personnel as an advisor, liaison to various stakeholders and help to plan and coordinate exercise and facilitate information sharing. MTSS-C's are located at Coast Guard Headquarters, LANT and PAC Area commands, all nine Coast Guard District Offices as well as all Sector Commands.
• Facility Inspector - Cyber Job Aid Rev. 2 - This job aid provides information meant to assist facility inspectors in applying the cyber guidance and regulations when conducting facility inspections and review cyber components of a Facility Security Assessment (FSA) and Facility Security Plan (FSP).
• Coast Guard Office of Port & Facility Compliance (CG-FAC) - CG-FAC aims to provide clear and timely regulations, policy, and direction to Coast Guard Operational Commanders and other maritime stakeholders to achieve maritime safety, maritime security and environmental stewardship.
• Maritime Security Communications with Industry (MSCI) Advisory 2023-009 - Worldwide Foreign Adversarial Technological, Physical, and Cyber Influence - This Advisory seeks to alert maritime stakeholders of potential vulnerabilities to maritime port equipment, networks, operating systems, software, and infrastructure.

• USCG Homeport  - Homeport is the United States Coast Guard's enterprise internet portal for the Maritime Community. It was initially designed to support the secure information sharing requirements resulting from the Maritime Transportation Security Act of 2002 (MTSA) and to provide information about the USCG's primary missions.
• USCG Navigation Center - The Navigation Center is the Coast Guard's center of excellence for systems and policy related to electronic positioning, navigation, and timing. This includes radio navigation, electronic charting, and vessel identification and tracking.
• USCG Office of Bridge Programs - Administers the various bridge statutes, environmental laws of the United States, pertinent regulations and policies in a timely, courteous, responsive and professional manner. This mission will contribute to the development of a safer, more efficient and convenient marine and land transportation system that will effectively utilize and conserve the nation's resources in a cost efficient manner, while providing for the well-being, general safety, security, and interests of the citizens of the United States.

Have a question? Here is a list of your CG Cyber Contacts.

• MSIB 04-19 Cyber Adversaries Targeting Commercial Vessels
• MSIB 10-19 Cyberattack Impacts MTSA Facility Operations
• MSIB 19-20 Malicious Email Spoofing Incidents
• MSIB 25-20 Urgent Notice: Active Exploitation of Popular Network Management Software Solarwinds
• MSIB 03-21 Continued Awareness: Active Exploitation of Solarwinds Software
• MSIB 02-22 Cybersecurity Awareness & Action

• CISA Cybersecurity Advisory - People's Republic of China State-Sponsored Cyber Actor Living off the Land to Evade Detection.
• CISA Cybersecurity Performance Goals - CISA's Cybersecurity Performance Goals are a prioritized subset of information technology (IT) and operational technology (OT) cybersecurity practices that critical infrastructure owners and operators can implement to meaningfully reduce the likelihood and impact of known risks and adversary techniques.
• CISA Cyber Incident Reporting - CISA's reporting home page gives the resources to report an incident, vulnerabilities, phishing attempts, and find general reporting information.
• DHS/CISA CyberSentry program - The U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) has developed the voluntary CyberSentry program to enhance the cyber resilience of organizations that own or operate critical infrastructure. CyberSentry uses sensors to monitor the Information Technology and Operational Technology networks of a participating Critical Infrastructure (CI) partner for cybersecurity threats.
• CISA Industrial Control Systems Security Offerings - CISA works with their partners to defend against today's threats and collaborating with industry to build more secure and resilient infrastructure for the future. To support the industrial control system (ICS) community's cyber risk management efforts, CISA offers a wide range of products, services, and capabilities. This fact sheet provides information a few of the tools CISA offers, including The Cyber Security Evalution Tool, The Control Environment Laboratory Resource, CyberSentry, and Malcolm.
• CISA's Known Exploited Vulnerabilities Catalog - CISA's  Common Vulnerabilities and Exposures (CVEs) catalog. The CVE Program is sponsored by CISA and operated by The MITRE Corporation. The program identifies, defines, and catalogs publicly disclosed cybersecurity vulnerabilities. 
• CISA's Detection and Prevention of Cyber Attacks - CISA detection and prevention programs rapidly notifies relevant critical infrastructure stakeholders of elevated risk exposure, conducts incident management operations, provides vulnerability assessments, and directly deploys risk management information, tools, and technical services to mitigate risk, including regulatory enforcement where authorized.
• CISA SHIELDS UP - This program provides guidance for all organizations, regardless of size, to help adopt a heightened posture when it comes to cybersecurity and protecting their most critical assets.
• General Cybersecurity Resources - CISA provides cybersecurity resources to organizations ranging from the Federal Government, State/Territorial/Tribal/Local Government, Academia, and small business. 
• CISA Central - CISA Central is CISA’s hub for staying on top of threats and emerging risks to our nation’s critical infrastructure, whether they’re of cyber, communications or physical origin.
• Information Sharing and Awareness - Information sharing is essential to protecting critical infrastructure and to furthering cybersecurity for the nation. CISA has provided a list of information sharing and awareness resources.
• Remote Monitoring and Management Cyber Defense Plan - This plan addresses systemic risks facing the exploitation of RMM software. Cyber threat actors can gain footholds via RMM software into managed service providers (MSPs) or manage security service providers (MSSPs) servers and, by extension, can cause cascading impacts for the small and medium-sized organizations that are MSP/MSSP customers.

• IMO MSC Resolution.428(98) Maritime Cyber Risk Management in Safety Management Systems - The resolution encourages administrations to ensure that cyber risks are appropriately addressed in existing safety management systems (as defined in the International Safety Management (ISM) Code) no later than the first annual verification of the company's Document of Compliance after 1 January 2021..
• IMO MSC-FAL.1/Circ.3/Rev2 Guidelines on Maritime Cyber Risk Management  - The guidelines provide high-level recommendations on maritime cyber risk management to safeguard shipping from current and emerging cyber threats and vulnerabilities and include functional elements that support effective cyber risk management. The recommendations can be incorporated into existing risk management processes and are complementary to the safety and security management practices already established by International Maritime Organization.
• CVC-WI-027(2) Vessel Cyber Risk Management Work Instruction - This work instruction provides guidance to Coast Guard Marine Inspectors and Port State Control Officers for assessing cyber hygiene onboard applicable vessels, as well as compliance options if deficiencies are noted. Guidance is also provided for ship owners/managers on reporting requirements if a cybersecurity events, incidents, or casualties.
• Maritime Security Communications with Industry (MSCI) Advisory 2023-005 Various GPS Interferences & AIS Spoofing - This MSCI advisory covers recent instances of significant GPS interference and AIS spoofing being reported worldwide in the maritime domain.

• The Maritime Cyber Readiness Branch (MCRB) - a cross functional team of maritime operations and cybersecurity professionals that supports maritime cyber incident response activities and facilitates cyber threat information sharing. They also provide subject matter expertise within the coast guard and for industry partners.
• CG Cyber Protection Team - the Coast Guard’s deployable unit responsible for offering cybersecurity services to the Marine Transportation System (MTS). The Cyber Protection Team (CPT) consists of three teams of active duty Coast Guard cybersecurity professionals who are trained and certified in delivering the four core CPT services: Assess, Hunt, Clear and Harden

Have a question? Here is a list of your CG Cyber Contacts.

• 2023 Cyber Trends and Insights in the Marine Environment (CTIME)  - This report aims to provide Coast Guard units and their port partners with relevant information to identify and address cyber risks. The Coast Guard recognizes the criticality of the marine environment and its inclusion in the wide range of other critical infrastructure sectors that operate within the marine environment.
• CGCYBER Resources - Coast Guard Cyber Command's (CGCYBER) Role, Leadership, and Departments
• Joint Cybersecurity Advisory - 2021 Top Routinely Exploited Vulnerabilities
• CG Domestic Ports Division - Cyber Security Information
• Joint Cybersecurity Advisory - People's Republic of China State-Sponsored Cyber Actor Living off the Land to Evade Detection

• MTS-ISAC - Maritime Transportation System Information Sharing and Analysis Center (MTS-ISAC) promotes and facilitates maritime cybersecurity information sharing, awareness, training, and collaboration efforts between private and public sector stakeholders.
• IT-ISAC - Information Technology Information Sharing And Analysis Center is an organization who aims to use a collaborative effort to minimize threats, manage risk, and respond to cyber incidents.
• MS-ISAC - Multi-State Information Sharing and Analysis Center (MS-ISAC) is an organization whose mission is to improve the overall cybersecurity posture of U.S. State, Local, Tribal, and Territorial (SLTT) government organizations through coordination, collaboration, cooperation, and increased communication.
• ONG-ISAC - Oil and Natural Gas Information Sharing and Analysis Center (ONG-ISAC) serves as a central point of coordination and communication to aid in the protection of exploration and production, transportation, refining, and delivery systems of the ONG industry, through the analysis and sharing of trusted and timely cyber threat information.

• Find Your Local AMSC
• About AMSCs 

• NIST - Cybersecurity Framework - The National Institute of Science and Technology framework for Improving Critical Infrastructure Cybersecurity
• FBI - Industry and Government Partnership - The FBI’s cyber mission is to impose risk and consequences on cyber adversaries through their unique authorities and world-class investigative capabilities.
• FBI - IC3 - Internet Crime Complaint Center (IC3) is the FBI's hub for collecting reports related to cyber crime.
• International Maritime Organization (IMO) - IMO Guidance on maritime cyber risk.
• HSI Cyber Crime Center - Homeland Security Investigations (HSI) Cyber Crimes Center (C3) supports HSI's mission through the programmatic oversight and coordination of investigations of cyber-related criminal activity, and provides a range of forensic, intelligence and investigative support services across the HSI programmatic areas.
• Maritime Administration - Office of Maritime Security - Maritime Cyber Security represents another area of focus for the Maritime Administration (MARAD). The Office of Maritime Security works with the Department of Homeland Security (DHS) and others to share cyber security resources and best practices with the U.S. maritime industry and shares maritime industry’s cyber security concerns with appropriate government agencies.