The Maritime Transportation System (MTS) in the United States contributes to 25% of all US gross domestic product (GDP) and consists of a complex network of waterways, ports, shipyards, and bridges, which interconnect with critical highways, railways, airports, and pipelines. To outline how the U.S. government can better protect U.S. MTS infrastructure from increasing cyber threats targeting both information technology (IT) and operational technology (OT) systems, the White House recently released a National Maritime Cybersecurity Plan detailing ways to mitigate current and future cyber risks to the maritime sector.
The document is divided into three main objectives with priority actions for achieving each. The three objectives include addressing the need for cybersecurity standards, enabling information sharing within the industry, and developing a highly skilled maritime cybersecurity workforce. While the plan is focused on outlining potential government actions, the vast majority of maritime critical infrastructure is owned, operated and controlled by entities outside of the U.S. federal government. So, what should MTS stakeholders do next? We’ll dig into each objective in the National Maritime Cybersecurity Plan and give our take on what the MTS stakeholders responsible for cyber risk management can do to get a head start and potentially align their efforts to what the government may enact.
The National Maritime Cybersecurity Plan highlights the critical role of the MTS in both national security and the supply chain and increases awareness around the need to improve its cyber resiliency. This plan will likely continue to evolve with time, but for now, we recommend familiarizing yourself with the NIST CSF, engaging with the MTS-ISAC, and applying for cybersecurity grants from DHS to get the resources you need to create a cyber resilient future.
To learn more about the NIST CSF, check out our Compliance Guide, which explains what this framework is and how to benchmark your progress within it, plus helpful tips from our cybersecurity experts.