The United States Coast Guard (USCG) published its final rule to introduce cybersecurity requirements for US-flagged vessels, along with port/terminal facilities and outer continental shelf facilities.
The rule takes effect from 16 July 2025 and will commence a 24-month period to achieve full compliance with the standards required in the rule.[1]
Key points:
Several years ago, I presented a joint panel discussion in Las Vegas on the integration of Physical and Cyber Security, in conjunction with Human Relations departments. I am not sure that message has resonated within all the various business sectors, but many are adopting this new synergy. Red Sky would like to provide some security predictions for 2025.
Cyber Security - 12 CIS Experts' Cybersecurity Predictions for 2025: The 2024 general election...the CrowdStrike Falcon outage...insider thre
Concerns about the security risks of mobile messaging are increasing with concerns over the security of messaging between platforms like iPhone and Android have significantly increased. At the same time, Apple has launched its own RCS messaging system that will compete with WhatsApp and other messaging platforms. US authorities are telling the public to adopt fully encrypted communication services to protect against growing cyber threats. The FBI and the Cybersecurity and Infrastructure Securi
Efforts by the US DHS, Transportation Security Administration (TSA) to address cybersecurity issues faced significant criticism this week from government watchdogs, members of Congress and regulated companies. A US Government Accountability Office (GAO) report last week said four of the six cybersecurity recommendations made to TSA since 2018 have still not been addressed, including one centered around the agency’s efforts to protect companies from ransomware. “For example, in January 2024, GA
A subtle shift in rhetoric has seen IMO secretary-general Arsenio Dominguez turn the tables on industry demands for regulatory clarity and highlight the reciprocal requirement for private partnership and proactive engagement. Dominguez, ‘It’s now [every single actor’s] turn to take actions in how they define their own goals in decarbonizing.’ Regulation alone will not be sufficient to decarbonize the maritime sector; it requires more proactive engagement from industry stakeholders across the s
It is not the federal government that’s responsible for the cyber defense of critical infrastructure. The responsibility falls on the critical infrastructure operators themselves and most aren’t equipped for the fight. Cyber threats to the United States' critical infrastructure are on the rise. On 31 January 2024, FBI Director Christopher Wray testified before Congress, highlighting how Chinese government hackers are attempting “‘to find and prepare to destroy or degrade the civilian critical
With new rules on Cyber Security coming down from the US Coast Guard, Angeliki Zisimatou, Director Cybersecurity, ABS, is uniquely positioned to discuss maritime cyber security in the round, with insights on what she’s seen and heard from the draft rules, with advice on what it could mean for vessel owners. Cyber security and all that it entails is quickly climbing the priority ladder in maritime, as increasing dependance on connectivity is a double edge sword of promise and peril. While the l
Professional sporting events have been prime targets for violent attacks and terrorism, because of their large audiences. In recent years, these events have become targets of cyberattacks as adversaries exploit venue operations to disrupt events, abuse payment systems for fraud, breach networks to steal data, and take advantage of how athletes interact with fans.
While game time is pivotal, sports franchise operators and event organizers must also allocate resources to address many other vulner
The US Department of Homeland Security has outlined plans to enhance cyber security through the Maritime Transport System (MTS). The department’s aim is to protect the system and infrastructure used to ensure safe and free navigation of US waterways. Ports are a vital part of the US economy, contributing $649 to GDP and generating 13 million jobs. The request for information will be used to help develop research to test the vulnerabilities of the port infrastructure. The study will help to d
On 1 May 2024 the CEO of United Health Group was invited to Washington, DC to spend the day getting raked over the coals by US Senator Ron Wyden (D-Oregon) Chairman of the Senate Finance Committee and others at a meeting titled “Hacking America’s Health Care: Assessing the Change Healthcare Cyber Attack and What’s Next.” Wyden set the tone early when he described the UNH cyber incident this way, “The Change Healthcare hack is considered by many to be the biggest cybersecurity disruption to heal
Amid an onslaught of high-profile cyberattacks showing how companies often neglect basic security measures, the Department of Justice is trying to use a law passed during the Civil War to put businesses on notice that these failures are unacceptable. Under the umbrella of DOJ’s Civil Cyber-Fraud Initiative, US government attorneys have since early 2022 deployed the pointedly named False Claims Act to punish contractors that mislead the government about their cybersecurity defenses, hoping to se
Microsoft has recently declared that security will now be the company's topmost priority "above all else," even taking precedence over shipping new product features and capabilities. This commitment to making security job #1 comes on the heels of a string of incidents, including a major breach disclosed just two months ago, where Russian state-sponsored hackers tracked as Midnight Blizzard or Nobelium gained disturbing levels of access to Microsoft's internal systems and source code repositorie
The UN Security Council’s (UNSC) most recent Arria-formula meeting on a cyber-related topic occurred on 4 April 2024. Organized by the Republic of Korea (ROK) and co-hosted by Japan and the United States (US), the session focused on the “Evolving Cyber Threat Landscape and Its Implications for The Maintenance of International Peace And Security.” The informal meeting included interventions from more than 30 delegations preceded by technical briefings from Deputy to the High Representative for
In the realm of cyber security, the objective is to shield systems, networks, and software applications from digital assaults. These digital threats typically have the intentions of either evaluating, altering, or compromising confidential data, extracting money from users, or disrupting regular business operations. The task of establishing robust cyber security defenses presents a formidable challenge in the contemporary landscape, chiefly due to the proliferation of devices surpassing the huma
A look back - All has not been quiet on the malicious cybersecurity front over the past 12 months. Innovation, cyberattacks and cyberespionage, and data breaches, malicious or inadvertent, have remained a constant. At the same time, defenders have scored notable victories, including in Ukraine as well as by disrupting some big-name ransomware players.[1] GovInforSecurity provides 12 notable incidents and trends of 2023 and their implications for the bigger cybersecurity picture:
Clop's MOVEit
Terrorism, both foreign and domestic, remains a top threat to the Homeland, but other threats are increasingly crowding the threat space. During the next year, we assess that the threat of violence from individuals radicalized in the United States will remain high, but largely unchanged, marked by lone offenders or small group attacks that occur with little warning. Foreign terrorist groups like al-Qa’ida and ISIS are seeking to rebuild overseas, and they maintain worldwide networks of support
Staying Connected - Cruise company Carnival Corporation has agreed a partnership with Neuron, formerly ESpace Networks, to implement Neuron’s vendor-neutral connectivity management platform to optimize internet access on its ships. The move is part of Carnival Corporation’s wider connectivity optimization strategy, which is focused on providing the best available connection at sea. The Neuron 360 platform provides an end-to-end view of connectivity operations and real-time data to proactively
According to researchers, despite industries best efforts, 67% of businesses say they need to improve security and compliance measures with 24% rating their organization’s security and compliance strategy as reactive. The expansion of attack surfaces in a post-pandemic hybrid world, combined with shrinking teams and budgets and the rapid rise of generative AI, are fueling an urgent need for companies to improve and prove their security posture.
For companies of all sizes, limited risk visibilit
The attack surface widens by the day, with new threats being posed by artificial intelligence (AI) and increasingly cunning social engineering exploits. And, while the global cybersecurity workforce has grown to help defend against mounting threats, the gap of required workers remains at an all-time high, according to ISC2’s annual Cybersecurity Workforce Study out today. To adapt to that reality, the nonprofit member association emphasizes, organizations must move beyond legacy practices.
Yes
The cybersecurity landscape is full of threats and new ones are emerging. This makes it increasingly difficult for businesses to protect themselves and their supply chains from cyberattacks. One way to mitigate supply chain risk is to implement a global cybersecurity rating system. This would allow businesses to assess the security posture of their suppliers and identify any potential risks.
Could there be a service/system where businesses could simply check a rating to see how secure their s
