Houston Maritime Security Collaboration Group
By Chris Wolski, Port Houston
Each year various reports are released from think tanks indicating the risks of cyberattacks continue to grow. The speed and sophistication of the attackers, whether criminal or nation-state, has increased to the point that defenders typically have less than 20 minutes to react. When responding to attacks, often focused on specific industries, we can develop indicators derived from the attacker's tactics, techniques, and procedures, also known as TTPs. As members of the maritime industry, we are responsible for ensuring others understand the cyber threats that can impact us all.
That is the premise behind the development of the Houston Maritime Security Collaboration Group (HMSCG) that was formed in May 2020. This joint venture was funded by the Houston Ship Channel Security District, and works with the Port of Houston Authority and the Houston-Galveston Infragard Area Maritime Security Committee/Cybersecurity Subcommittee. HMSCG enables the freesharing of TTPs among trusted organizations on the Houston Ship Channel and regional port authorities. Comprised of about 200 members from the joint venture organizations and companies, HMSCG shares cyber threats and non-law enforcement physical security information. The HMSCG is administered by Chris Worley, Director, Information Security Officer, Port Houston.
In 2015, the President issued Executive Order 13691 to promote the sharing of private-sector cybersecurity information. The intent is to collaborate on the data as rapidly as possible regarding cybersecurity risks, threats, and incidents so that others can put into place measures that protect their environment. To act on this, the Houston Maritime Security Collaboration Group has partnered with the Maritime Transportation System (MTS) Information Sharing and Analysis Center (ISAC) to create the Houston Maritime Information Sharing and Analysis Organization or HM-ISAO. Members of HM-ISAO must agree to conduct information sharing in a way that protects the privacy and civil liberties of individuals, ensures the confidentiality of member business information, and safeguards the shared data.
Sharing the knowledge of TTPs of a cyber-attack or physical security event provides member organizations indications and warnings useful for protecting themselves or identifying the activity within their technology environment. Often this knowledge comes late in the form of news articles or summaries from the industry. To be effective, the rapid transfer of knowledge is necessary for ensuring the greater good of the maritime sector. To enable the quick sharing of information among member organizations, the HM-ISAO utilizes Slack, a channel-based messaging platform.
Since forming the group, the value of information sharing has paid dividends by preventing successful attacks at facilities. For example, phishing campaign attempts at one facility were thwarted by the realtime sharing of the threat to other members This resulted in removing the phishing emails before organizational employees had the chance to interact with them. (The FBI estimates that from January 2014 through October 2019, they received complaints representing more than $2.1 billion in actual losses from business email compromise scams).
Being good stewards within the maritime industry includes being smart about securing our environment. Sharing the knowledge of threats amongst those who can be impacted is just one effort needed to protect the United States' critical infrastructure that has been entrusted to us.
To learn more about scams and safety go to: https://www.fbi.gov/scams-and-safety/common-scams-and-crimes/business-email-compromise. If you would like more information on the Houston Maritime Security Collaboration Group, please email Chris Wolski at firstname.lastname@example.org.