Reducing Cybersecurity Risks in MTSA-Regulated Facilities
Discover how we increased visibility and reduced cybersecurity risks in MTSA-Regulated Facilities by conducting vulnerability assessments and creating a mitigation plan and roadmap to enhance cyber posture.
Determine cybersecurity priorities in accordance with the U.S. Coast Guard NVIC 01-20 guidelines
Conduct individual facility assessments applying NIST standards, NVIC 01-20 guidelines
Develop cybersecurity assessment reports, including recommendations for managing and minimizing cybersecurity risk
Present conclusion, including aggregated analysis, scorecard findings, identified gaps and risk mitigation
Conduct Cybersecurity Assessments
SWOT24 experts utilized the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) to determine the grading score of the cyber stance of each facility. For consistency with industry best practices and to assist the facility integration of cybersecurity into an existing physical security plan outlined in the Facility Security Plan (FSP), the NIST CSF subcategories were aligned to the 15 cybersecurity recommendations from United States Coast Guard’s (USCG) Navigation and Vessel Inspection Circular NVIC 01-20 and requirements outlined in 33 CFR 105.
Assessments were conducted through questionnaires, document reviews and interviews that provided an initial baseline of the facilities’ cybersecurity posture. The assessments were tailored to mirror the physical Facility Security Assessment (FSA), which provided employees, including the Facility Security Officer (FSO) and Facility Operations personnel, with a better understanding of the cybersecurity assessment processes. After the assessment was complete, a debrief was conducted with each facility to discuss the top recommendations and assist them in prioritizing steps to improve their cybersecurity posture.
Determine Cybersecurity Maturity Levels
Our experts analyzed the findings against Security Maturity Levels (ML) which demonstrated the current level of implementation for each cybersecurity practice and where they can improve their implementation to boost the security of the facility and critical systems to reach a desired security maturity level. Cybersecurity maturity levels help to distinguish the robustness of cybersecurity implementations for each NIST CSF subcategory. Using a cybersecurity maturity model provides an analysis of current posture and a path forward to achieve the desired level of maturity while also enabling facilities to periodically assess where they are on the path.
Aggregate Assessment Results
The SWOT24 team aggregated the cybersecurity assessment results from all the participating facilities and provided a procedural recommendation to the client about cybersecurity plans, training, drills and exercises. These were combined with technological recommendations about asset management, hardening of the assets and monitoring solutions.
This project represented a critical first step in determining the overall cybersecurity stance of MTSA-regulated facilities in one of the major maritime ports in the U.S. SWOT24 conducted the assessments as well as provided recommendations to the facilities with regards to the newly released NVIC 01-20 guidelines. The client received a detailed road map and the tools necessary to enhance its overall cybersecurity posture.