US Coast Guard warns mariners of ongoing ‘SolarWinds Hack’ drama

By Michael McGrady, Maritime Direct Americas & Pacific Correspondent

WASHINGTON — Rear Admiral Richard V. Timme, the assistant commandant for prevention policy for the US Coast Guard, issued a Marine Safety Information Bulletin (MSIB) indicating that the marine regulator “continues to monitor the maritime impact from the ongoing Advanced Persistent Threat (APT) cyber incident,” which “will require a sustained and dedicated effort to remediate.”

“Even if you do not own SolarWinds Orion, you may be impacted as your third-party networks, services, and vendors may use SolarWinds Orion [software],” Timme wrote in the MSIB. “It is critical that the Coast Guard understands the potential risks of this APT actor on marine transportation system networks and supply chain connections. 

“Reporting malicious cyber activity enhances maritime domain awareness and allows us all to be better postured to prevent and respond to cyber incidents that could disrupt commerce or jeopardize national security,” the bulletin states. 

Under federal law, any owner or operator of a facility or vessel is under the Maritime Transportation Security Act’s purview. 

The Coast Guard is tasked with the central enforcement and regulation of the act in the United States.

That means that the MSIB documentation issued on this occasion and others should be followed.

“The [Coast Guard] believes that the APT actor’s compromise of the SolarWinds Orion supply chain affected approximately 18,000 public and private sector customers and that the actor targeted a much smaller subset of that group with follow-on activity,” states the MSIB.

“Any potential threat to the physical security or cybersecurity of your vessel or facility should be taken seriously,” the bulletin states, adding that security breaches should be reported to the Guard’s National Response Center at 1-800-424-8802.