51.5 F
Washington D.C.
Friday, March 1, 2024

Mariners Warned to Watch for Third-Party Impacts from SolarWinds Hack

A Marine Safety Information Bulletin issued this month cautions the maritime industry that even if they haven’t used SolarWinds Orion they might still be hurt by the continued exploitation of the software.

In December, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency issued an emergency directive “in response to a known compromise involving SolarWinds Orion products that are currently being exploited by malicious actors,” calling on “all federal civilian agencies to review their networks for indicators of compromise and disconnect or power down SolarWinds Orion products immediately.”

Through breaching the SolarWinds Orion products, an attacker was able “to gain access to network traffic management systems,” the directive said, stressing that “disconnecting affected devices… is the only known mitigation measure currently available.” About 18,000 entities downloaded the malicious update.

Deputy National Security Advisor for Cyber and Emerging Technology Anne Neuberger told reporters last week that the investigation continues but nine federal agencies are known to have been compromised along with “about 100 private sector companies,” mostly in the technology sector — “including networks of companies whose products could be used to launch additional intrusions.”

The MSIB says that the Coast Guard “continues to monitor the maritime impact from the ongoing Advanced Persistent Threat (APT) cyber incident,” which “will require a sustained and dedicated effort to remediate.”

“Even if you do not own SolarWinds Orion, you may be impacted as your third-party networks, services, and vendors may use SolarWinds Orion,” the bulletin continues. “It is critical that the Coast Guard understands the potential risks of this APT actor on marine transportation system networks and supply chain connections. Reporting malicious cyber activity enhances maritime domain awareness and allows us all to be better postured to prevent and respond to cyber incidents that could disrupt commerce or jeopardize national security.”

Any owner or operator of a Maritime Transportation Security Act (MTSA)-regulated facility or vessel utilizing SolarWinds software to support a critical security function is asked to report a security breach if they have They have downloaded the trojanized SolarWinds Orion plug-in or “note any system with a critical security function displaying any signs of compromise, including those that may have not originated from the SolarWinds Orion compromise but utilize similar TTPs.”

Recommended open-source tools — including Sparrow, developed by CISA — can help detect and respond to potential breaches from the SolarWinds hack.

“Any potential threat to the physical security or cybersecurity of your vessel or facility should be taken seriously,” the bulletin states, adding that breaches or suspicious activity should be reported to the National Response Center at 1-800-424- 8802.

The USCG Office of Commercial Vessel Compliance also updated the Vessel Cyber Risk Management Work Instruction on Feb. 18 to include a compliance timeline for Non Safety Management System vessels that are subject to the Marine Transportation Safety Act of 2002. These vessels are required to address cybersecurity vulnerabilities within their Vessel Security Assessment no later than Dec. 31.

“As maritime operations become more reliant on the systems integrated through automation, cyber risk is an area of increasing concern in the Marine Transportation System,” the document states. “The USCG recognizes that not all shipping companies and ships are alike, and therefore the SMS provides shipping companies the ability to tailor a structured system to address evolving cybersecurity vulnerabilities unique to a company/vessel’s specific management and operations.”

The Coast Guard “expects that U.S. flagged vessels and companies will incorporate cyber risk management into their SMS. Additionally, as a port state… companies with foreign flagged vessels that call on ports in the U.S. should ensure cyber risk management is appropriately addressed in their SMS no later than the first annual verification of the company’s Document of Compliance (DOC) after January 1, 2021.”


Bridget Johnson
Bridget Johnson
Bridget Johnson is the Managing Editor for Homeland Security Today. A veteran journalist whose news articles and analyses have run in dozens of news outlets across the globe, Bridget first came to Washington to be online editor and a foreign policy writer at The Hill. Previously she was an editorial board member at the Rocky Mountain News and syndicated nation/world news columnist at the Los Angeles Daily News. Bridget is a terrorism analyst and security consultant with a specialty in online open-source extremist propaganda, incitement, recruitment, and training. She hosts and presents in Homeland Security Today law enforcement training webinars studying a range of counterterrorism topics including conspiracy theory extremism, complex coordinated attacks, critical infrastructure attacks, arson terrorism, drone and venue threats, antisemitism and white supremacists, anti-government extremism, and WMD threats. She is a Senior Risk Analyst for Gate 15 and a private investigator. Bridget is an NPR on-air contributor and has contributed to USA Today, The Wall Street Journal, New York Observer, National Review Online, Politico, New York Daily News, The Jerusalem Post, The Hill, Washington Times, RealClearWorld and more, and has myriad television and radio credits including Al-Jazeera, BBC and SiriusXM.

Related Articles

Latest Articles