Coast Guard calls for ships to update their systems after malware attack

Coast Guard calls for ships to update their systems after malware attack
© Getty Images

The U.S. Coast Guard recommended on Monday that ships update their cybersecurity in the wake of a malware attack on a “deep draft vessel” in February that “significantly degraded” its computer system.

In a marine safety alert, the Coast Guard wrote that the vessel involved in the February cyber incident was inbound to the Port of New York and New Jersey during an international trip when it reported that its onboard network was being impacted by a cyber incident. 

ADVERTISEMENT

The Coast Guard responded, and after an analysis conducted alongside an “interagency team of cyber experts” concluded that while the functionality of the boat’s computer system was impacted, control systems were not. The computer system was used for managing cargo data and communicating with the Coast Guard and shore-side facilities.

The Coast Guard noted, however, that “the vessel was operating without effective cybersecurity measures in place, exposing critical vessel control systems to significant vulnerabilities.”

While the Coast Guard wrote that the overall state of cybersecurity on ships and other vessels is “unknown,” this incident highlighted the dangers faced in a time of increasing digitization.

“With engines that are controlled by mouse clicks, and growing reliance on electronic charting and navigation systems, protecting these systems with proper cybersecurity measures is as essential as controlling physical access to the ship or performing routine maintenance on traditional machinery,” the Coast Guard wrote. 

As a result, the agency recommended that other vessels take steps to bolster cybersecurity including segmenting networks to make it harder for malicious actors to gain access, creating network logins for every employee onboard instead of a general login, patching vulnerabilities and installing antivirus software. 

“Maintaining effective cybersecurity is not just an IT issue, but is rather a fundamental operational imperative in the 21st century maritime environment,” the Coast Guard said.