US Maritime Critical Infrastructure Stakeholders Form Nonprofit to Promote Cybersecurity Information Sharing

June 4, 2020

The Maritime Transportation System Information Sharing and Analysis Center (MTS-ISAC) was formed as a 501(c)(6) nonprofit in February 2020 by a group of U.S.-based maritime critical infrastructure stakeholders to promote cybersecurity information sharing throughout the community. Industry leaders representing seaports, vessel owners and operators, and terminal operators recognized the need to improve cybersecurity resiliency in their respective organizations. With limited resources available inside each organization, they realized the best approach was to work with trusted MTS peers, including both private and public sector partners, to identify, protect against, and detect cyber threats targeting their networks, systems, and people.

The Department of Homeland Security recognizes the Maritime Transportation System (MTS) as one of the seven critical subsectors within the Transportation Systems Sector. The maritime subsector alone accounts for 26 percent of the U.S. economy, equaling $5.4 trillion in total economic activity. The backbone of the maritime sector is international freight being transported to and from the U.S., with vessels moving 41.9 percent of the value and 70.7 percent of the weight of U.S. international trade in 2018. As a result, the American Association of Port Authorities believes the MTS is worthy of cybersecurity protection.

The MTS-ISAC serves as a centralized point of coordination between the private and public sector to share timely and actionable cyber threat information between trusted stakeholders. Information sharing and analysis efforts focus on threats to both information technology (IT) and operational technology (OT) systems that stakeholders can use to prevent and/or minimize potential cyber incidents. The MTS-ISAC’s services assist MTS critical infrastructure stakeholders with understanding and addressing cyber risk areas that are outlined in the 2021 IMO requirements and the recently released US Coast Guard Navigation and Vessel Inspection Circular (NVIC) 01-20, “Guidelines for Addressing Cyber Risks at Maritime Transportation Security Act (MTSA) Regulated Facilities”.

Scott Dickerson, the MTS-ISAC’s Executive Director, explains, “As the maritime sector continues to rapidly increase its reliance upon and integration of new technologies into operational capabilities, we’re seeing the need for stakeholders to pool limited cybersecurity resources to understand and manage the associated risks in effective ways. We’re actively seeing an increase in cyber threat activity, and effective information sharing between our stakeholders has been a force multiplier for their risk management efforts. While IMO 2021 and the USCG NVIC [01-20] help provide guidance to industry, we believe effective maritime public-private partnerships will be a cornerstone for successful maritime cyber risk management efforts moving forward. The MTS-ISAC structure is helpful for the maritime industry, which owns and operates the critical infrastructure, to engage the public sector on an equal and protected footing in regards to cybersecurity information sharing efforts. The MTS-ISAC is helping to build the maritime cybersecurity community, and we believe stakeholders will find our approach to collaboration and information sharing highly reflective of the maritime community’s current operating environment, while also providing much needed information sharing protection mechanisms.”

Initial board members for the ISAC include the Alabama State Port Authority, Greater Lafourche Port Commission (Port Fourchon), Jacksonville Port Authority (JAXPORT), Port of New Orleans, Port of San Diego, Port Vancouver USA, and six other maritime critical infrastructure stakeholders.

David Cordell, CIO for the Port of New Orleans, offers, “By correlating cybersecurity information across MTS critical stakeholders, the ISAC provides all of us with the early warning needed to protect our individual organizations from incidents. We see value from our participation in the MTS-ISAC that we could not obtain elsewhere.”

“Response to the MTS-ISAC has been phenomenal. Strong leadership from our board and executive team, early adopter sharing of suspicious and malicious activity targeting their organizations, and quality partnerships have led to an extraordinarily successful launch”, said Christy Coffey, MTS-ISAC VP of Operations.

You must login or register in order to post a comment.

ON DEMAND: DevSecOps creates an environment of shared responsibility for security, where AppSec and development teams become more collaborative. With the right training and tools, developers can become more hands-on with security and, with that upskilling, stand out among their peers... however, they need the security specialists on-side, factoring them into securing code from the start and championing this mindset across the company.

ON DEMAND: The insider threat—consisting of scores of different types of crimes and incidents—is a scourge even during the best of times. But the chaos, instability and desperation that characterize crises also catalyze both intentional and unwitting insider attacks. Learn how your workers, contractors, volunteers and partners are exploiting the dislocation caused by today's climate of Coronavirus, unemployment, disinformation and social unrest.

Security Magazine

2020 November

This month, Security magazine brings you the Security 500 Report, Rankings and Thought Leader Profiles. How does your enterprise compare to others? Which security programs are leading the way? Also this month, we highlight how to plan, prepare for and build resilience to protests and other unplanned events, video surveillance tools for SMBs and more.

View More Create Account

US Maritime Critical Infrastructure Stakeholders Form Nonprofit to Promote Cybersecurity Information Sharing

Related Articles

Related Products

Report Abusive Comment