By selecting UK flag, you have now set your site language to English. If you'd like to change your language preference again, simply click on one of the other flags.

Close

こちら Japan flag を選択して頂くと、言語設定が日本語に切り替わります。設定変更後は以下の機能が利用可能です。

  • 日本語版ウェブサイトへのクイックアクセスが可能となり、日本語の刊行物をご覧頂けます。

  • 日本語版が閲覧可能な刊行物や記事については、日本語が優先表示されます。表示言語については Japan flag をご参照下さい。

閉じる 言語設定を切り替えたい場合には、国旗のマークをクリックして下さい。

By selecting Japan flag, you have now set your language to Japanese. This has several benefits, including:

  • Providing quick access to our Japan page, which collates all our Japanese content in one place.

  • Ensures that content is presented to you in Japanese first, if we have an article, publication or webpage available in Japanese. Look out for the Japan flag indicators across the site.

Close If you’d like to change your language preferences again, simply click on one of the other flags.

点击选择 China flag,可将网站语言设置为中文。这能帮助您:

  • 快速访问我们的中国区页面,该页面将有网站内容的中文汇总。

  • 在我们的文章、出版物或者网页有中文版本提供的情况下,确保首先向您展示的是中文版本的内容。您可关注站点上的 China flag 按键。

关闭 点击任意其他国旗,可切换您的语言偏好。

By selecting China flag, you have now set your language to Chinese. This has several benefits, including:

  • Providing quick access to our China page, which collates all our Chinese content in one place.

  • Ensures that content is presented to you in Chinese first, if we have an article, publication or webpage available in Chinese. Look out for the China flag indicators across the site.

Close If you’d like to change your language preferences again, simply click on one of the other flags.

North has merged with Standard Club to form NorthStandard.
Find out more about NorthStandard here or continue on this site to access information and resources.

Cyber Incidents – USCG Reporting Requirements

Add
PDF

Cyber Security – USCG Reporting Requirements

Vessels or ports that have an approved Vessel Security Plan (VSP) or Facility Security Plan (FSP) are required to report suspicious activity (SA) and/or breaches of security (BoS). There are potentially a large number of malicious but low level cyber incidents not all of which need to reported.

The USCG has issued a policy letter to clarify for ports and ships the types of cyber incidents that should be reported to the National Response Centre (NRC):-

Suspicious Activity

  • “Targeted” incidents, including large, sustained attacks on important cyber systems;
  • Spear phishing campaigns, a marked increase in network scanning, or other attacks may be considered SA if the volume, persistence, or sophistication of the attacks is out of the ordinary.

Breach of Security

  • Intrusion into telecommunications equipment, computer, and networked systems linked to security plan functions (e.g., access control, cargo control, monitoring);
  • Unauthorized root or administrator access to security and industrial control systems;
  • Successful phishing attempts or malicious insider activity that could allow outside entities access to internal IT systems that are linked to the Marine Transportation System;
  • Instances of viruses, Trojan Horses, worms, zombies or other malicious software that have a widespread impact or adversely affect one or more on-site mission critical servers that are linked to security plan functions;
  • Any denial of service attacks that adversely affect or degrade access to critical services that are linked to security plan functions;
  • Physical events such as unfamiliar persons in restricted areas, individuals displaying unusual behavioural patterns, or discovery of potentially dangerous devices on or near the facility/vessel.

The following activities do not meet the reporting requirements as SA or a BoS:

  • Routine and “untargeted” cyber incidents such as spam, phishing attempts, persistent scanning of networks, and other nuisance events that do not breach a system’s defenses;
  • Breaches of telecommunications equipment, computer, and networked systems that clearly target business or administrative systems unrelated to safe and secure maritime operations.

Thanks to Keesal, Young and Logan for their advice in this matter.

Keesal, Young & Logan Cyber Risk Group

Welcome to

We've merged with Standard Club to form NorthStandard, this means a new name and look for us, and even better service, support, and cover for you.

You can find out more about NorthStandard on our new website here. As part of the NorthStandard Group, please continue to use nepia.com for your industry news, publications and expertise as well as club rules and contacts.