Security News > 2021 > January > U.S. Releases Cybersecurity Plan for Maritime Sector
The National Maritime Cybersecurity Plan, which was made public on Tuesday, highlights several priority actions to close maritime cybersecurity gaps and vulnerabilities over the next five years.
At a high level, the plan sets out priorities and goals around the establishment of global standards to define maritime threats, beefing up threat intel and information sharing, and increasing the cybersecurity workforce in the maritime sector.
"The proliferation of IT across the maritime sector is introducing previously unknown risks, as evidenced by the June 2017 NotPetya cyber-attack, which crippled the global maritime industry for more than a few days," the White House said.
Because no single entity owns, controls, manages, or regulates businesses or networks used throughout the maritime domain, the plan calls for the NSC staff to identify gaps in legal authorities and identify efficiencies to de-conflict roles and responsibilities for MTS cybersecurity standards.
The plan's other priorities include developing risk modeling to inform maritime cybersecurity standards and best practices; strengthening cybersecurity requirements in port services contracts and leasing; and improve the level of information sharing between the U.S. government and the private sector.
"Coupling these highly vulnerable OT maritime environments with a severe lack of expertise in OT security," Geyer continued, "Creates the potential for massive risk to critical infrastructure. What strikes me as very important about the National Maritime Cybersecurity Plan is the purposeful focus on ensuring risk mitigation to the critical ships and port systems, and the focus on developing expertise and career paths for maritime cybersecurity."