Maritime Computer Emergency Response Team M-CERT

Services

M-CERT coordinates and maintains the following services tailored for the maritime and port sectors to the extent possible, depending on its resources and on the type of service (free/paid).

Services concern mainly two different subsets: Incident Response and Proactive Activities.

Concerning Incident Response:

  1. Incident Management
    M-CERT aims at being the relevant point of contact for the maritime and port sector and at providing support to collect, identify, centralize and manage cyber incidents in accordance with laws and regulations that apply.
  2. Incident Response Coordination
    M-CERT aims at supporting the maritime sector in handling the technical and organizational aspects of incidents. In particular, M-CERT provides 2 major services in the field of Incident Response Coordination: Incident Triage and Incident Coordination.

Concerning Proactive Activities:

  1. Alerts and Warnings
    In case of a specific event, such as an alert, an incident or a crisis, M-CERT disseminates information to its constituency and provides recommendations to tackle the issue. Such alerts and warnings may be passed on to other CERTs, CSIRTs, ISACs, SOCs and similar bodies if deemed necessary of useful for them to prevent further cyber attacks and on a need-to-know basis. Such information services are available via dedicated and closed mailing lists.
  2. Announcements
    M-CERT provides regular information on published vulnerabilities, new attack tools and security measures needed to protect its constituency’s information systems by the publication of regular bulletins on maritime cybersecurity. M-CERT is not responsible for the implementation of its recommendations. Such alerts and warnings may be passed on to other CERTs, CSIRTs, ISACs, SOCs and similar bodies if deemed necessary of useful for them to prevent further cyber attacks and on a need-to-know basis. Such information services are available via dedicated and closed mailing lists.
  3. Awareness and Dissemination
    M-CERT aims at sharing its knowledge and experience to enhance awareness on maritime cyber security topics through dissemination, by its participation in research activities and projects, by the use of dedicated communication channels with Chief Security Officers (CSOs) and Chief Information Security Officers (CISOs), but also through its participation in cybersecurity and/or maritime and port events and conferences.
    "ADMIRAL" dataset
    For awareness and research purposes, the M-CERT maintains and develops an open dataset on maritime cybersecurity public incidents, called ADMIRAL.
  4. Cyber Threat Intelligence
    M-CERT provides its constituency with regular information and analysis on the maritime and port cyber threat landscape. M-CERT also builds and shares artefacts, such as Indicators of Compromise (IoCs). Such alerts and warnings may be passed on to other CERTs, CSIRTs, ISACs, SOCs and similar bodies if deemed necessary of useful for them to prevent further cyber attacks and on a need-to-know basis. Such information services are available via dedicated and closed mailing lists.
  5. Passive Preventive Monitoring
    M-CERT performs passive preventive monitoring actions on maritime and port assets to detect potential breaches or vulnerabilities and misconfigurations which may be leveraged during cyber attacks. When necessary, reports are sent to the concerned parties in due time, respecting legal frameworks and the sensitivity of the potential discovered vulnerabilities.
  6. Research and Survey
    M-CERT aims at conducting cyber security research, expertise and survey activities for the whole maritime and port sector to detect new vulnerabilities and enhance cybersecurity. M-CERT provides the “Advanced Database of Maritime cyber Incidents Released for Litterature” (ADMIRAL) which tries to include all disclosed maritime cyber security incidents for research and education purposes.
  7. Vulnerability Disclosure
    In accordance with its Vulnerability Disclosure Policy (see Section 4.4 of our RFC2350), M-CERT will act as a Coordinator, between a Reporter (organization or unit triggering the incident process) and Third Parties (stakeholders involved in the resolution of the incident or other CSIRTs).
  8. Vulnerability Monitoring
    When mandated by a constituency, M-CERT is able to watch available public announcements on vulnerabilities concerning specific software or hardware and alert the concerned party in case of discovery.