b'N ot unlike other business sectors, the maritime industry hasThe passenger vessel sector has three primary areas where vulnerabilities seen significant changes during the past few years with thecan occur:growing reliance on technology and the use of the cloud. This dependence on the cloud, without the right protections in place, E-commerce can sometimes lead to vulnerabilities that hinder operations, leave Critical navigation systems companies open to cyberattacks, and increase the exposure of private Communications customer information.Enhancing the customer experience through the ease of e-ticketing sys-Keeping critical infrastructure and transportation systems safe and se- tems, onboard point-of-sale systems, and online sales of products are all cure is one of the key functions of the nations newest federal agency, thegreat ways to grow business. However, they are also points of entry for a Cybersecurity and Infrastructure Security Agency (CISA). CISA workscyberattack and, if not properly protected, can expose your business and with partners, including federal partners such as the U.S. Coast Guard,your customers private information.to defend against todays threats by collaborating with industry to build more secure and resilient infrastructure.More importantly, the navigation systems and engineering systems used aboard vessels today rely heavily on automation and satellite uplinks to In my role with CISA, we assess technology threats all the time. Butdetermine location. Any one of these systems, if attacked, could cause in my time as a U.S. sailor, spending five years on a naval ship work- significant harm to your vessel and your passengers.ing on secure communications, it became increasingly evident howLastly,communicationsystemsare important safeguarding our tech- yourcriticallinktoothervesselson nology is to ensure safe passage. With the convergence the water and to land-based operation centers. Any disruption to these vital With the convergence of informa- of information technologysystems can lead to potential disasters. tiontechnology(IT)andopera-tional technology (OT), maritimeand operationalBut the impact of having a vulnerabil-systems design and engineering areity exposed doesnt stop there. Think becomingmoreautomatedandtechnology, maritimeabout ordering supplies for your fleet, dependentoninterconnections.parts for repairs, and payments to your Everythingisconnectedthroughsystems design andstaff. If your IT systems are down, you multiple mediums from satellite toengineering are becomingare, pardon the phrase, stuck up the bluetooth and more. creek without a paddle. There has been more automatedan increase in business email compro-The joining of IT and OT tech- mise (BEC) scams. This is where legit-nologiesisimportant,butsoisand dependent onimate email traffic is intercepted and bringingtogetherthestaffsup- rerouted to other fake accounts where porting each side of the technolo- interconnections. your funds can be accessed.gy. The IT and OT teams need to understand each others challeng- Spending over 25 years in the military es and ultimate missions. This canand within the Department of Defense only improve how your systems will run and by implementing some(DOD) doing hundreds of security assessments, it seems impossible that small changes you can successfully secure your operation and still besmall things matter, but they really do. No matter how many times you fully functional. hear dont share logins and passwords it happenswe find usernames and passwords on an engineering workstation or screensavers disabled The cyber threats are many including GPS spoofing, which uses unen- when not being monitored.crypted communications paths to cause a disruption in your systems. A compromised device being brought onboard and connected to the mainEducating all your staff through cybersecurity awareness and training, ship network could potentially infect other devices including engineer- investigating abnormalities on the network, or knowing who to call ing monitoring systems.when there seems to be a glitch in the system are all positive steps toward enhancing your overall security.Our CISA cybersecurity advisors across the country are seeing adver-saries increasingly gaining access through a variety of means includingKeeping your operations and your customers information safe is also legacy operating systems, phishing emails, or by identifying passwordsparamount and CISA has some suggestions to help ensure your compa-PHOTO: MARKUS SPISKE / UNSPLASHreused from other systems. A lot of these threats can be combated withny is operating as safely as possible.cybersecurity awareness and training, as well as the implementation of a cybersecurity action plan. The passenger vessel industry is no stranger toCISA recommends all organizations, regardless of size, adopt a height-recent cyberattacks and, as the industry continues to rely on automationened posture when it comes to cybersecurity and protecting their most through technology and access to the internet for operations increases,critical assets. Recognizing that many organizations find it challeng-the need only grows to protect those systems. ing to identify resources for urgent security improvements, CISA has 17 AUGUST 2022'