The U.S. Coast Guard recently published CG-5P Policy Letter 08-16: Reporting Suspicious Activity and Breaches of Security, which outlines the criteria and process for reporting such events.
An owner or operator of a vessel or facility that is required to maintain an approved security plan in accordance with parts 104, 105 or 106 of Title 33, Code of Federal Regulations, Subchapter H shall, without delay, report activities that may result in a transportation security incident to the National Response Center.
Now, the policy letter also covers reporting requirements and guidance on reporting cybersecurity related events to Department of Homeland Security National Cyber Security and Communications Integration Center.
Due to the increasing reliance on telecommunications equipment, computers, and networked systems for controlling physical operations, a growing portion of all security risks have a network or computer nexus, states the Policy Letter.
“Plausible terrorist attack scenarios include combined cyber and physical incidents. Vessel and facility operators should consider this possibility when evaluating a cyber incident, including the possibility that a cyber incident is a precursor to a physical attack, or that cyber related suspicious activity and breaches of security may be an attempt by actors to identify weaknesses or to plan for later attacks.
“The target and intent of malicious cyber activity can be difficult to discern. The fact that business and administrative systems may be connected to operational, industrial control and security systems further complicates this matter. The Coast Guard strongly encourages vessel and facility operators to minimize, monitor, and wherever possible, eliminate any such connections.”
The Policy Letter is available here.