TVIB News Industry Press

DHS: Cybersecurity – Protecting Network Infrastructure

08/10/2017 – excerpt from August 9th post titled “Protecting Network Infrastructure”

The advancing capabilities of organized hacker groups and cyber adversaries create an increasing global threat to information systems. The rising threat levels place more demands on security personnel and network administrators to protect information systems. Protecting the network infrastructure is critical to preserve the confidentiality, integrity, and availability of communication and services across an enterprise.

Network infrastructure consists of interconnected devices designed to transport communications needed for data, applications, services, and multi-media. Routers and firewalls are the focus of this alert; however, many other devices exist in the network, such as switches, load-balancers, intrusion detection systems, etc. Perimeter devices, such as firewalls and intrusion detection systems, have been the traditional technologies used to secure the network, but as threats change, so must security strategies. Organizations can no longer rely on perimeter devices to protect the network from cyber intrusions; organizations must also be able to contain the impact/losses within the internal network and infrastructure.

For several years now, vulnerable network devices have been the attack-vector of choice and one of the most effective techniques for sophisticated hackers and advanced threat actors. In this environment, there has never been a greater need to improve network infrastructure security. Unlike hosts that receive significant administrative security attention and for which security tools such as anti-malware exist, network devices are often working in the background with little oversight—until network connectivity is broken or diminished.

If the network infrastructure is compromised, malicious hackers or adversaries can gain full control of the network infrastructure enabling further compromise of other types of devices and data and allowing traffic to be redirected, changed, or denied. Possibilities of manipulation include denial-of-service, data theft, or unauthorized changes to the data.

Intruders with infrastructure privilege and access can impede productivity and severely hinder re-establishing network connectivity. Even if other compromised devices are detected, tracking back to a compromised infrastructure device is often difficult.

Malicious actors with persistent access to network devices can re-attack and move laterally after they have been ejected from previously exploited hosts.

The link below contains the full text of the post and addressees their summary of six prevention measures to help system users and administrators provide a more secure and efficient network infrastructure.

Click here to read the original post by DHS in full.



NTSB Publishes Safer Seas Digest 2016

07/27/2017 – Excerpt from Press Release

The lessons learned from the investigation of 27 major, maritime accidents involving loss of life, injuries and property damage are detailed in the National Transportation Safety Board’s Safer Seas Digest 2016, released online Thursday.

The publication is a compendium of the marine accident reports that the agency adopted or issued during calendar year 2016. The 68-page Safer Seas Digest 2016 contains information that can help mariners at the deckplate level prevent future accidents, and, can help maritime industry C-suites build and sustain a culture of safety at sea.

The lessons learned in the Safer Seas Digest 2016 are highlighted in 10 categories including Standard Maintenance and Repair Procedures, Operational Testing Procedures, Operating in Strong Currents, Familiarization with Local Recommendations, Bridge Resource Management, Safety Equipment and Access to High-Risk Spaces.  The remaining three categories, Distraction, Fatigue, and Use of Medication While Operating Vessels, relate to issues on the NTSB’s Most Wanted List of Transportation Safety Improvements, highlighting the multi-modal nature of these threats to transportation safety.

“A safe maritime transportation system is critical to the vitality of the U.S. economy,” said NTSB Acting Chairman Robert Sumwalt. “According to NOAA, more than $1.5 trillion of cargo transited U.S. seaports in 2016.  Reducing the frequency and severity of maritime accidents serves the national interest and publishing the Safer Seas Digest helps reach this goal.”

The Safer Seas Digest 2016 digital version (a print version will be distributed to industry stakeholders) provides mariners with links from the digest’s case summaries to the full reports and related documents of the investigations on the NTSB’s website, giving mariners access to the complete body of work of the NTSB’s Office of Marine Safety.

The NTSB’s Office of Marine Safety investigates major marine casualties upon the navigable waters of the U.S. and accidents involving U.S. flagged vessels worldwide.

Click here to download the full report.


USCG Blog – Cyber Security and the Safety Management System


A recent post on the USCG Blog for Maritime Professionals announced the IMO resolution on cyber risk management that was approved at the 98th session of the Maritime Safety Committee.

Excerpt “The resolution affirms that approved safety management systems should take cyber risk management into account in accordance with the objectives and requirements of the International Safety Management Code. Drawing upon the recommendations published in MSC.1/Circ.1526 Guidelines on maritime cyber risk management, the resolution also reaffirmed that existing risk management practices should be used to address the operational risks associated with the growing dependence on cyber enabled systems. Through the resolution, IMO member states are encouraged to ensure cyber risks are appropriately addressed in safety management systems no later than the first annual verification of the company’s Document of Compliance after 1 January 2021. The Coast Guard will continue to work with industry partners to develop a clear and achievable path towards compliance in order to foster a resilient risk management approach towards cyber risks throughout the Marine Transportation System.”

While this resolution is specific to those operating under the International Safety Management (ISM) Code, other should take note as the trend is quickly spreading. Those participating in the Oil Companies International Marine Forum’s (OCIMF) Tanker Management and Self Assessment, Third Edition 2017 (TMSA3) will note the addition of element 13 Maritime Security. Element 13 specifically references cyber security in 13.2.3.

Click here to read the USCG blog post on Cyber Risk Management.