Good morning FSOs and others,
A looming government shutdown is hanging over our heads. There is a possibility that I may not be personally available to you starting early next week. I hope that is not the case, but I wanted to send out my monthly bit of information to you just in case. October is Cybersecurity Awareness Month and I would hate to miss out on cyber evangelizing due to a shutdown. I am still guaranteed here through Friday of this week if you need me or have any pressing questions or concerns.
I want you all to know that Sector Upper Mississippi River already has a plan in place to support your emergency cybersecurity needs should you experience a breach, suspicious activity, or other network event. We have a uniformed officer designated to act as a liaison between you and our Maritime Cyber Readiness Branch / Cyber Protection Teams. There will be no changes on your end in terms of reporting. Reports to the National Response Center and/or CISA Central will continue to be taken. The Western Rivers Command Center will also still be available 24/7 to take reports at 314-269-2332.
Our Cyber Protection Teams are getting a large increase in service requests. The USCG has added a third team to help support the increased mission requests. The CPTs are noting a few common areas of improvement that could benefit all of us in the MTS:
Password policies are not adequate protection. The CPT mission specialists were able to crack about 60% of the 17,000 discovered passwords when conducting a mission. Password length was a major factor with longer passwords being exponentially more difficult to crack.
Use Multi Factor Authentication (MFA) for personnel logging into company assets. This does mean a slightly longer log in process by about 20-30 seconds, but it can save your companies a lot of headache and stress in the long term. MFA may already be available on some of your paid business services.
Network segmentation is the final commonality. The CPT is discovering connections between operational technology (OT) and information technology (IT) networks that facilities were not aware of. Some of these connections were a result of third party vendor access and others were on older legacy equipment that were not well documented.
The important thing is that these were discovered by a team of highly skilled professionals invited into facility networks instead of foreign actors or criminal enterprises with malicious intent. I urge all of you to share this information with your Cybersecurity/IT managers and consider utilizing the services that the CPT can provide. The findings might assist in helping you out with FEMA Port Security Grant funding.
A Multi-Agency Cybersecurity Advisory was released this morning. I urge you to read and share this with your Cyber/IT Departments. The first part of the executive summary is copied below.
The United States National Security Agency (NSA), the U.S. Federal Bureau of Investigation (FBI), the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Japan National Police Agency (NPA), and the Japan National Center of Incident Readiness and Strategy for Cybersecurity (NISC) (hereafter referred to as the “authoring agencies”) are releasing this joint cybersecurity advisory (CSA) to detail activity of the People’s Republic of China (PRC)-linked cyber actors known as BlackTech. BlackTech has demonstrated capabilities in modifying router firmware without detection and exploiting routers’ domain-trust relationships for pivoting from international subsidiaries to headquarters in Japan and the U.S. — the primary targets. The authoring agencies recommend implementing the mitigations described to detect this activity and protect devices from the backdoors the BlackTech actors are leaving behind.
I hope to be at my desk next week, but rest assured that we have your back no matter what funding looks like.
Best wishes to a productive harvest transportation season,
Tyson B. Sigette
USCG Sector Upper Mississippi
Marine Transportation System Specialist (CYBER)