US Maritime Critical Infrastructure Stakeholders Form Nonprofit to Promote Cybersecurity Information Sharing

The Maritime Transportation System Information Sharing and Analysis Center (MTS-ISAC) was formed as a 501(c)(6) nonprofit in February 2020 by a group of U.S.-based maritime critical infrastructure stakeholders to promote cybersecurity information sharing throughout the community. Industry leaders representing seaports, vessel owners and operators, and terminal operators recognized the need to improve cybersecurity resiliency in their respective organizations. With limited resources available inside each organization, they realized the best approach was to work with trusted MTS peers, including both private and public sector partners, to identify, protect against, and detect cyber threats targeting their networks, systems, and people.

The Department of Homeland Security recognizes the Maritime Transportation System (MTS) as one of the seven critical subsectors within the Transportation Systems Sector. The maritime subsector alone accounts for 26 percent of the U.S. economy, equaling $5.4 trillion in total economic activity. The backbone of the maritime sector is international freight being transported to and from the U.S., with vessels moving 41.9 percent of the value and 70.7 percent of the weight of U.S. international trade in 2018. As a result, the American Association of Port Authorities believes the MTS is worthy of cybersecurity protection.

The MTS-ISAC serves as a centralized point of coordination between the private and public sector to share timely and actionable cyber threat information between trusted stakeholders. Information sharing and analysis efforts focus on threats to both information technology (IT) and operational technology (OT) systems that stakeholders can use to prevent and/or minimize potential cyber incidents. The MTS-ISAC’s services assist MTS critical infrastructure stakeholders with understanding and addressing cyber risk areas that are outlined in the 2021 IMO requirements and the recently released US Coast Guard Navigation and Vessel Inspection Circular (NVIC) 01-20, “Guidelines for Addressing Cyber Risks at Maritime Transportation Security Act (MTSA) Regulated Facilities”.

Scott Dickerson, the MTS-ISAC’s Executive Director, explains, “As the maritime sector continues to rapidly increase its reliance upon and integration of new technologies into operational capabilities, we’re seeing the need for stakeholders to pool limited cybersecurity resources to understand and manage the associated risks in effective ways. We’re actively seeing an increase in cyber threat activity, and effective information sharing between our stakeholders has been a force multiplier for their risk management efforts. While IMO 2021 and the USCG NVIC [01-20] help provide guidance to industry, we believe effective maritime public-private partnerships will be a cornerstone for successful maritime cyber risk management efforts moving forward. The MTS-ISAC structure is helpful for the maritime industry, which owns and operates the critical infrastructure, to engage the public sector on an equal and protected footing in regards to cybersecurity information sharing efforts. The MTS-ISAC is helping to build the maritime cybersecurity community, and we believe stakeholders will find our approach to collaboration and information sharing highly reflective of the maritime community’s current operating environment, while also providing much needed information sharing protection mechanisms.”

Initial board members for the ISAC include the Alabama State Port Authority, Greater Lafourche Port Commission (Port Fourchon), Jacksonville Port Authority (JAXPORT), Port of New Orleans, Port of San Diego, Port Vancouver USA, and six other maritime critical infrastructure stakeholders.

David Cordell, CIO for the Port of New Orleans, offers, “By correlating cybersecurity information across MTS critical stakeholders, the ISAC provides all of us with the early warning needed to protect our individual organizations from incidents. We see value from our participation in the MTS-ISAC that we could not obtain elsewhere.”

“Response to the MTS-ISAC has been phenomenal. Strong leadership from our board and executive team, early adopter sharing of suspicious and malicious activity targeting their organizations, and quality partnerships have led to an extraordinarily successful launch”, said Christy Coffey, MTS-ISAC VP of Operations.

ON DEMAND: Business-impacting events such as severe weather, man-made disasters, and supply chain disruption are increasing in frequency and making impacts around the globe.

In today's rapidly evolving security landscape, organizations face an ever-growing array of disruptive events, security threats and risks. Traditional reactive approaches to security intelligence often leave businesses vulnerable and ill-prepared to anticipate and mitigate emerging threats that could impact the safety of their people, facilities or operations.