Coast Guard Cyber Update

By Tessa Andres | April 5, 2023

Welcome to April! The sight of robust commerce is a delight to me as the weather warms up. Tows are moving up and down the river beautifully. Your facilities are vital to this commerce, and I applaud you all on working so hard to keep our rivers active and safe. I wish I could tell you all that everything is perfectly secure in the world of maritime cybersecurity, but that would make me the ultimate April Fool. Here are some issues to consider examining as we all work to strengthen our cyber-resilience and stop attacks before they happen:

  1. Critical Infrastructure is being targeted by typosquatting. This attack happens when a forgery website is created with a similar name or spelling of a legitimate website. Victims enter login credentials which are then stolen and used for other purposes later. This is an active threat affecting many different organizations inside and outside the maritime transportation system. You can search for possible typosquatting websites using called “dnstwister.” This is available online at www.dnstwister.report. Not every similarly spelled website is typosquatting, but it never hurts to investigate.
  2. WAGO, a leading PLC manufacturer, released some patches to address vulnerabilities that could allow compromise. We do not know of any actual instances of compromise, but WAGO recommends scheduling and performing the software update. You can contact them at: https://www.wago.com/us/technical-support-contact-page or call 1-800-346-7245
  3. Speaking of PLCs and other Internet of Things (IoT) devices. There is a search engine called Shodan that allows people to look for devices connected to the Internet. It is both fascinating and frightening to know that our homes or businesses could show up on a map indicating available technology. Our friends at CISA published a “how to guide” you can use to make your IoT more difficult to search. A nerdy joke in my world: The “S” in IoT stands for security.
  4. CISA also has a new program called the Ransomware Vulnerability Warning Pilot (RVWP). CISA may reach out to your company if they detect a vulnerability. You can learn more about this program and the voluntary Cyber Hygiene Vulnerability Scanning service here: Ransomware Vulnerability Warning Pilot (RVWP) | CISA

Tyson B. Sigette
USCG Sector Upper Mississippi
Marine Transportation System Specialist (CYBER)
314-269-2567

Posted in CISA/DHS News