TVIB News MSIB-Marine Safety Information Bulletin

USCG: MSIB 04-19 Cyber Adversaries Targeting Commercial Vessels

Originally published on the Coast Guard Maritime Commons 05/28/2019

The Office of Commercial Vessel Compliance issued Marine Safety Information Bulletin 04-19, “Cyber Adversaries Targeting Commercial Vessels,” to inform the maritime industry of recent email phishing and malware intrusion attempts that targeted commercial vessels. 

Cyber adversaries are attempting to gain sensitive information including the content of an official Notice of Arrival (NOA) using email addresses that pose as an official Port State Control (PSC) authority such as: port @ pscgov.org. Additionally, the Coast Guard has received reports of malicious software designed to disrupt shipboard computer systems. Vessel masters have diligently reported suspicious activity to the Coast Guard National Response Center (NRC) in accordance with Title 33 Code of Federal Regulations (CFR) §101.305 – Reporting, enabling the Coast Guard and other federal agencies to counter cyber threats across the global maritime network. 

As a reminder, suspicious activity and breaches of security must be reported to the NRC at (800) 424- 8802. For cyber attempts/attacks that do not impact the operating condition of the vessel or result in a pollution incident, owners or operators may alternatively report to the 24/7 National Cybersecurity and Communications Integration Center (NCCIC) at (888) 282-0870 in accordance with Policy Letter 08-16, “Reporting Suspicious Activity and Breaches of Security.” When reporting to the NCCIC, it is imperative that the reporting party notify the NCCIC that the vessel is a Coast Guard regulated entity in order to satisfy 33 CFR §101.305 reporting requirements. The NCCIC will in turn forward the report to the NRC, which will then notify the cognizant Coast Guard Captain of the Port. 

The Coast Guards urges maritime stakeholders to verify the validity of the email sender prior to responding to unsolicited email messages. If there is uncertainty regarding the legitimacy of the email request, vessel representatives should try contacting the PSC authority directly by using verified contact information. Additionally, vessel owners and operators should continue to evaluate their cyber defense measures to reduce the effect of a cyber-attack. 

For more information on the NCCIC’s services, cyberrelated information, best practices, and other resources, please visit: https://www.dhs.gov/CISA. The Coast Guard applauds companies and their vessels for remaining vigilant in the identification and prompt reporting of suspicious cyber-related activities. 

Questions pertaining to this bulletin may be directed to the Office of Commercial Vessel Compliance’s Port State Control Division at PortStateControl@uscg.mil.

Click here to access the original post.

USCG: Commercial Vessel Safety during Lapse in Coast Guard Appropriations

MSIB 01-19, issued 1/23/2019 by CG-CVC, provides guidance to assist vessel owners, operators, and other affected parties during the lapse in appropriations. The MSIB covers the USCG’s plans for addressing the following items during the partial government shutdown:

  • COFRs – Certificates of Financial Responsibility
  • CODs – Certificates of Documentation (impacts on COIs)
  • MMCs – Merchant Mariner Credentials

EXCERPT – “In the absence of enacted appropriation or continuing resolution, the Coast Guard is required to execute an orderly suspension of some operations and activities. In general, the Coast Guard will continue operations authorized by law that provide for national security, or that protect life and property. However, certain administrative functions will be limited.”

Click here to download MSIB 01-19

 

USCG: D8 MSIB 18-01 USCG OCMI Contact List: Subchapter M External Notifications

11/05/2018

The USCG Eighth District published MSIB 18-01: Coast Guard Officer in Charge, Marine Inspection (OCMI) Contact List: Subchapter M External Audit Notifications

Purpose: In accordance with 46 CFR §138.500(a), the owner or managing operator of a towing vessel must notify the local OCMI at least 72 hours prior to an external audit conducted under this part. Third Party Organizations (TPOs) and towing vessel owner/operators are encouraged to use the below contacts for submitting external audit notifications. 

Click here to download USCG D8 MSIB: 18-01