Call
Ask an Expert
Tel: +1-281-673-2800
Find an Office
Email
Email Us
Project Profile

Reducing Cybersecurity Risks in MTSA-Regulated Facilities

Discover how we increased visibility and reduced cybersecurity risks in MTSA-Regulated Facilities by conducting vulnerability assessments and creating a mitigation plan and roadmap to enhance cyber posture. 

Project Objectives

Reducing Cybersecurity Risks in MTSA-Regulated Facilities

Project Overview

Cybersecurity attacks are now moving from the information technology (IT) networks that run business’s data to the operational technology (OT) networks that physically control the facility operations. In response to growing cyber threats ABS Consulting was selected to perform a vulnerability and risk assessment for Maritime Transportation Security Act (MTSA)-regulated facilities in one of the major U.S. maritime ports. MTSA-regulated facilities in this port handled bulk cargo, petroleum and LNG shipment and storage.

The goal was to evaluate the current cybersecurity posture and identify cybersecurity risks that may cause financial impacts, operational disruptions or even physical consequences that could result in a Transportation Security Incident (TSI) in ports or waterways.

Based on the vulnerability assessment the client wanted to develop a vulnerability mitigation plan and a roadmap to enhance the cybersecurity posture.

Client Needs
  • Assessment of cybersecurity posture
  • Determine the facilities' top 10 cybersecurity vulnerabilities 
  • Create a roadmap to address identified vulnerabilities in alignment with NVIC 01-20
 

Our Solution

Conduct Cybersecurity Assessments

ABS Consulting experts utilized the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) to determine the grading score of the cyber stance of each facility. For consistency with industry best practices and to assist the facility integration of cybersecurity into an existing physical security plan outlined in the Facility Security Plan (FSP), the NIST CSF subcategories were aligned to the 15 cybersecurity recommendations from United States Coast Guard’s (USCG) Navigation and Vessel Inspection Circular NVIC 01-20 and requirements outlined in 33 CFR 105.

Assessments were conducted through questionnaires, document reviews and interviews that provided an initial baseline of the facilities’ cybersecurity posture. The assessments were tailored to mirror the physical Facility Security Assessment (FSA), which provided employees, including the Facility Security Officer (FSO) and Facility Operations personnel, with a better understanding of the cybersecurity assessment processes. After the assessment was complete, a debrief was conducted with each facility to discuss the top recommendations and assist them in prioritizing steps to improve their cybersecurity posture.

Determine Cybersecurity Maturity Levels

Our experts analyzed the findings against Security Maturity Levels (ML) which demonstrated the current level of implementation for each cybersecurity practice and where they can improve their implementation to boost the security of the facility and critical systems to reach a desired security maturity level. Cybersecurity maturity levels help to distinguish the robustness of cybersecurity implementations for each NIST CSF subcategory. Using a cybersecurity maturity model provides an analysis of current posture and a path forward to achieve the desired level of maturity while also enabling facilities to periodically assess where they are on the path.

Aggregate Assessment Results

The ABS Consulting team aggregated the cybersecurity assessment results from all the participating facilities and provided a procedural recommendation to the client about cybersecurity plans, training, drills and exercises. These were combined with technological recommendations about asset management, hardening of the assets and monitoring solutions.

 

Value Delivered

This project represented a critical first step in determining the overall cybersecurity stance of MTSA-regulated facilities in one of the major maritime ports in the U.S. ABS Consulting conducted the assessments as well as provided recommendations to the facilities with regards to the newly released NVIC 01-20 guidelines. The client received a detailed road map and the tools necessary to enhance its overall cybersecurity posture. 

Back to top