MARITIME CYBER ASSURANCE
Internationally recognized, this research program assists industry in achieving an acceptable level of cyber awareness, safety, security, and resilience through evidence-based research. This is an industry-centric program (for maritime, by maritime) with the goal of helping to maintain operational safety at sea and in the marine terminals. Our research process includes:
​
-
Vulnerability assessments (to include penetration testing as required and applicable)
-
Operational impact and risk analysis
-
Mitigation recommendations
-
Aggregate database of anonymized information for use by industry stakeholder
​
Understanding the Risk
Vessels and marine terminals are becoming more and more IT-dependent, from equipment and software, to the next generation of IT savvy mariners, to the inherent risks of Big Data. Globally, industries are rapidly and recklessly innovating without security as a priority leading to potential high vulnerabilities and risk. Given the global economic power of the maritime industry, cyber security must be a priority.
How might my organization be vulnerable?
We see the most common vulnerabilities in the following areas: awareness, ineffective policies and procedures, few, if any, security requirements implemented for critical systems, little or no validated reporting, and lack of a risk management culture relating to cyber.
​
Assessments & Mitigation Recommendations
As part of this research, the USMRC Maritime Cyber Assurance Team (MCAT) conducts cybersecurity assessments of vessels and marine terminals, both domestically and internationally. We developed a NIST-based risk assessment methodology that is customized for maritime and recognized by industry.
​
By request of our research sponsors, USMRC now provides Maritime Cyber Assurance advisory services. This includes mitigation recommendations and developing new security requirements around automation and connected systems.
​
Who is on our team?
USMRC’s team is interdisciplinary and cross-functional. Our team of senior mariners, terminal operations professionals, and cyber operations professionals offers each organization unparalleled understanding of the unique threats and challenges faced when operating in the marine environment.
​
USMRC's Papers
​
-
USMRC is also a contributor to the BIMCO Guidelines on Cybersecurity Onboard Ships, and will be publishing a series of papers in maritime journals through 2017.
​
Other Resources
​
-
United States Coast Guard (USCG), Cyber Policy Letter
-
United States Coast Guard (USCG), Cyber Strategy
-
2016 Vol 1 Surveyor an ABS Magazine, The Cyber Issue - The American Bureau of Shipping discusses cyber and big data in their recent issue of Surveyor Magazine, also featuring the USMRC Maritime Cyber Assurance research program.
Testimonials
"As co-chair of the Cybersecurity Caucus in the US Congress, I am actively engaging in day-to-day policy discussions, and I am well aware of the cyber threats our nation is facing. Protecting our nation from these threats is one of my top priorities, and I am grateful to know that USMRC is helping this cause on the maritime front."
- Congressman James R. Langevin
​
For help understanding your cyber threat vulnerability and to schedule an assessment, please contact USMRC’s Maritime Cyber Assurance Team at +1 (401) 849-0222 or via email at brian.holden@usmrc.org.
Where are the vulnerabilities on a vessel?
All computers on board required for navigation (Electronic Chart Display Information System/Dynamic Positioning, integrated bridge systems), satellite communications, cargo management, engineering and auxiliary power management, and ballast control are inherently vulnerable to cyber disruptions.
Where are the vulnerabilities at a marine terminal?
Computers used in cargo management systems, can control everything from valves and pipelines, to gantry crane operations, and the tracking of cargo as it moves throughout a terminal, all of which functions on a computer network.
