The U.S. Coast Guard has issued a Marine Safety Bulletin warning that commercial vessels are being targeted by email phishing and malware intrusion attacks.
Cyber adversaries are attempting to gain sensitive information including the content of an official Notice of Arrival (NOA) using email addresses that pose as an official Port State Control (PSC) authority such as “port @ pscgov.org.”
The Coast Guard has also received reports of malicious software designed to disrupt shipboard computer systems. Vessel masters have diligently reported suspicious activity to the Coast Guard National Response Center (NRC) enabling the Coast Guard and other federal agencies to counter cyber threats across the global maritime network.
As a reminder, says the bulletin, suspicious activity and breaches of security must be reported to the NRC at (800) 424-8802. For cyber attempts/attacks that do not impact the operating condition of the vessel or result in a pollution incident, owners or operators may alternatively report to the 24/7 National Cybersecurity and Communications Integration Center (NCCIC) at (888) 282-0870 in accordance with CG-5P Policy Letter 08-16, “Reporting Suspicious Activity and Breaches of Security.” When reporting to the NCCIC, it is imperative that the reporting party notify the NCCIC that the vessel is a Coast Guard regulated entity in order to satisfy 33 CFR §101.305 reporting requirements.