- Cargo & Facilities

12/12/2014: Coast Guard cyber security public meeting

As a courtesy to our audience, Maritime Commons will provide a daily compilation of nationally-relevant Federal Register notices. To provide comments for the public record, follow the Federal Register link for each individual piece. Please note, the Coast Guard cannot respond to comments on these notices outside of the Federal Register.

As noted in previous blog posts, the Coast Guard is increasingly concerned about cyber security risks to the Maritime Transportation System.

10/1/2014: Senior levels of management need to address cybersecurity
10/17/2014: Importance of cyber safety and security to the Maritime Transportation System
10/24/2014: Cybersecurity 101

The Coast Guard is beginning a policy development process to help vessel and facility operators to identify and address cyber security vulnerabilities that could cause or contribute to a Transportation Security Incident, or TSI.

The Coast Guard published a notice in the Federal Register inviting the public to comment on this important topic at a public meeting. The meeting will be on January 15, 2015 from 9:00 a.m. to 12:00 p.m. at the Department of Transportation Headquarters, Oklahoma Room, 1200 New Jersey Avenue SE, Washington, DC 20590.

This meeting will provide an opportunity for the public to provide suggestions and comments on the topic of cyber security, including the following questions:

• What cyber-dependent systems, commonly used in the maritime industry, could lead or contribute to a TSI if they failed, or were exploited by an adversary?

• What procedures or standards do vessel and security operators now employ to identify potential cybersecurity vulnerabilities to their operations?

• Are there existing cybersecurity assurance programs in use by industry that the Coast Guard could recognize? If so, to what extent do these programs address vessel or facility systems that could lead to a TSI?

• To what extent do current security training programs for vessel and facility personnel address cybersecurity risks and best practices?

• What factors should determine when manual backups or other non-technical approaches are sufficient to address cybersecurity vulnerabilities?

• How can the Coast Guard leverage Alternative Security Programs to help vessel and facility operators address cybersecurity risks?

• How can vessel and facility operators reliably demonstrate to the Coast Guard that critical cyber-systems meet appropriate technical or procedural standards?

• Do classification societies, protection and indemnity clubs, or insurers recognize cybersecurity best practices that could help the maritime industry and the Coast Guard address cybersecurity risks?

See also: http://www.dhs.gov/publication/cybersecurity-insurance

Please read the Federal Register notice carefully for details on how to attend the meeting or to provide written comments. The meeting is open to the public; however, seating is limited. Please reserve a seat no later than January 5, 2015.

To reserve a seat, please email Josephine.A.Long@uscg.mil or Joshua.D.Rose@uscg.mil with the participant’s first and last name. Non U.S. citizens must also provide official title, date of birth, country of citizenship and passport number with expiration date. To gain entrance to the Department of Transportation Headquarters building, all meeting participants must present government-issued photo identification such as a state driver’s license. If a visitor does not have a photo ID, they will not be permitted to enter the facility. All visitors and any items brought to the facility will be required to go through security screening each time they enter the building.

A live video feed of the meeting will be available upon request to Josephine.A.Long@uscg.mil.

The Coast Guard will accept comments at the public meeting. The public may also submit comments to the docket as described in the Federal Register notice.

This blog is not a replacement or substitute for the formal posting of regulations and updates or existing processes for receiving formal feedback of the same. Links provided on this blog will direct the reader to official source documents, such as the Federal Register, Homeport and the Code of Federal Regulations. These documents remain the official source for regulatory information published by the Coast Guard.