MARITIME CYBER ASSURANCE

Internationally recognized, this research program assists industry in achieving an acceptable level of cyber awareness, safety, security, and resilience through evidence-based research. This is an industry-centric program (for maritime, by maritime) with the goal of helping to maintain operational safety at sea and in the marine terminals. Our research process includes:

Vulnerability assessments (to include penetration testing as required and applicable)
Operational impact and risk analysis
Mitigation recommendations
Aggregate database of anonymized information for use by industry stakeholder

Understanding the Risk

Vessels and marine terminals are becoming more and more IT-dependent, from equipment and software, to the next generation of IT savvy mariners, to the inherent risks of Big Data. Globally, industries are rapidly and recklessly innovating without security as a priority leading to potential high vulnerabilities and risk. Given the global economic power of the maritime industry, cyber security must be a priority.

How might my organization be vulnerable?

We see the most common vulnerabilities in the following areas: awareness, ineffective policies and procedures, few, if any, security requirements implemented for critical systems, little or no validated reporting, and lack of a risk management culture relating to cyber.

Assessments & Mitigation Recommendations

As part of this research, the USMRC Maritime Cyber Assurance Team (MCAT) conducts cybersecurity assessments of vessels and marine terminals, both domestically and internationally. We developed a NIST-based risk assessment methodology that is customized for maritime and recognized by industry.

By request of our research sponsors, USMRC now provides Maritime Cyber Assurance advisory services. This includes mitigation recommendations and developing new security requirements around automation and connected systems.

Who is on our team?

USMRC’s team is interdisciplinary and cross-functional. Our team of senior mariners, terminal operations professionals, and cyber operations professionals offers each organization unparalleled understanding of the unique threats and challenges faced when operating in the marine environment.

USMRC's Papers

The Reality of Shipboard Cyber Vulnerabilities
Building Maritime Cyber Assurance
USMRC is also a contributor to the BIMCO Guidelines on Cybersecurity Onboard Ships, and will be publishing a series of papers in maritime journals through 2017.

Other Resources

United States Coast Guard (USCG), Cyber Policy Letter
BIMCO,Guidelines for Cyber Security on Ships
United States Coast Guard (USCG), Cyber Strategy
2016 Vol 1 Surveyor an ABS Magazine, The Cyber Issue - The American Bureau of Shipping discusses cyber and big data in their recent issue of Surveyor Magazine, also featuring the USMRC Maritime Cyber Assurance research program.

Testimonials

"As co-chair of the Cybersecurity Caucus in the US Congress, I am actively engaging in day-to-day policy discussions, and I am well aware of the cyber threats our nation is facing. Protecting our nation from these threats is one of my top priorities, and I am grateful to know that USMRC is helping this cause on the maritime front."
- Congressman James R. Langevin

For help understanding your cyber threat vulnerability and to schedule an assessment, please contact USMRC’s Maritime Cyber Assurance Team at +1 (401) 849-0222 or via email at brian.holden@usmrc.org.

Where are the vulnerabilities on a vessel?

All computers on board required for navigation (Electronic Chart Display Information System/Dynamic Positioning, integrated bridge systems), satellite communications, cargo management, engineering and auxiliary power management, and ballast control are inherently vulnerable to cyber disruptions.

Where are the vulnerabilities at a marine terminal?

Computers used in cargo management systems, can control everything from valves and pipelines, to gantry crane operations, and the tracking of cargo as it moves throughout a terminal, all of which functions on a computer network.