Anonymous Reporting
MCA Chatter
V-ID Terminal
My Account


Icon representing US Coast Guard Bulletin: Cyber Adversaries Targeting Commercial Vessels
US Coast Guard Bulletin: Cyber Adversaries Targeting Commercial Vessels

June 21st 2019
Icon representing Would you pay $1m for a laptop full of malware?
Would you pay $1m for a laptop full of malware?

May 23rd 2019
Icon representing Singapore Opens Maritime Cybersecurity Operations Centre (MSOC)
Singapore Opens Maritime Cybersecurity Operations Centre (MSOC)

May 22nd 2019

US Coast Guard Bulletin: Cyber Adversaries Targeting Commercial Vessels

June 21st 2019
Source: USCG

Last month, the US Coast Guard issued the following Maritime Safety Information Bulletin , entitled Cyber Adversaries Targeting Commercial Vessels:

This bulletin is to inform the maritime industry of recent email phishing and malware intrusion attempts
that targeted commercial vessels. Cyber adversaries are attempting to gain sensitive information
including the content of an official Notice of Arrival (NOA) using email addresses that pose as an
official Port State Control (PSC) authority such as: port @ pscgov.org. Additionally, the Coast Guard
has received reports of malicious software designed to disrupt shipboard computer systems. Vessel
masters have diligently reported suspicious activity to the Coast Guard National Response Center (NRC)
in accordance with Title 33 Code of Federal Regulations (CFR) §101.305 – Reporting, enabling the
Coast Guard and other federal agencies to counter cyber threats across the global maritime network.

As a reminder, suspicious activity and breaches of security must be reported to the NRC at (800) 424-
8802. For cyber attempts/attacks that do not impact the operating condition of the vessel or result in a
pollution incident, owners or operators may alternatively report to the 24/7 National Cybersecurity and
Communications Integration Center (NCCIC) at (888) 282-0870 in accordance with CG-5P Policy
Letter 08-16, “Reporting Suspicious Activity and Breaches of Security.” When reporting to the NCCIC,
it is imperative that the reporting party notify the NCCIC that the vessel is a Coast Guard regulated
entity in order to satisfy 33 CFR §101.305 reporting requirements. The NCCIC will in turn forward the
report to the NRC that will then notify the cognizant Coast Guard Captain of the Port (COTP).

The Coast Guards urges maritime stakeholders to verify the validity of the email sender prior to
responding to unsolicited email messages. If there is uncertainty regarding the legitimacy of the email
request, vessel representatives should try contacting the PSC authority directly by using verified contact
information. Additionally, vessel owners and operators should continue to evaluate their cyber defense
meaures to reduce the effect of a cyber-attack. For more information on the NCCIC’s services, cyberrelated information, best practices, and other resources, please visit: https://www.dhs.gov/CISA.

The Coast Guard applauds companies and their vessels for remaining vigilant in the identification and
prompt reporting of suspicious cyber-related activities. Questions pertaining to this bulletin may be
directed to the Coast Guard Office of Commercial Vessel Compliance’s Port State Control Division (CGCVC-2) at PortStateControl@uscg.mil.