Last week, the Coast Guard’s Office of Port and Facility Compliance hosted an interagency public meeting called ‘Guidance on Maritime Cybersecurity Standards.’ The Coast Guard, along with the National Institute of Standards and Technology, Nuclear Regulatory Commission and the Industrial Control Systems Cyber Emergency Response Team, presented on cyber security as it relates to the maritime domain.
Maritime Commons is providing you with condensed remarks from the meeting as well as useful resource links in a five-part series. The information shared in this post is meant to provide you with resources related to cyber to assist you in dealing with cyber security. Read the other four posts for additional summarized comments and resources on maritime cyber security standards.
Subscribe and stay tuned!
Many of the cyber security related resources available to maritime industry come from the National Institute of Standards and Technology, Nuclear Regulatory Commission and the Industrial Control Systems Cyber Emergency Response Team.
The NIST Cybersecurity Framework is among on of the top resources available to you. The Framework has 17 core pages that assist in the development of a cyber security plans and practices. It provides full illustrative references and a standardization of language that can assist with get people on the ‘same page’ in preparing for, responding to or recovering from a cyber incident.
Executive Order 13636: Improving Critical Infrastructure Cybersecurity
Framework for Improving Critical Infrastructure Cybersecurity
Critical Infrastructure Cyber Community Voluntary Program
NIST Roadmap for Improving Critical Infrastructure Cybersecurity
Presidential Policy Directive: Critical Infrastructure Security and Resilience
Industrial Control Systems Cyber Emergency Response Team website
Industrial Control Systems- Cyber Emergency Response Team Information Products
Industrial Control Systems-Cyber Emergency Response Team Training webpage
Industrial Control Systems-Cyber Emergency Response Team Recommended Practices webpage
Industrial Control Systems-Cyber Emergency Response Team Standards and References webpage
Regulatory Guide 5.71: Cyber Security Programs for Nuclear Facilities
NEI 08-09 Rev. 6: Cyber Security Plan for Power Reactors
The Nuclear Regulatory Commission uses 10 CFR 73.54 Basic Requirements:
1. Identify Critical Digital Assets
2. Apply and maintain a defense-in-depth protective strategy
3. Address security controls for each CDA
4. Identify, respond and militate against cyber attacks
4. Training commensurate with roles and responsibilities to facility personnel
5. Review and maintain the cyber security plan as a component of the physical security plan
6. Retain records and supporting technical documentation
Hopefully these resources are useful to you. The Coast Guard is seeking information on the resources you find useful and also wants to hear your critiques, input and questions! You can provide these on the docket which will be open until April 15, 2015.
The entire public meeting was recorded and is available for public viewing on YouTube. You can view it here! Follow @maritimecommons on Twitter for live updates at Coast Guard events.
In addition to this post, be sure to read the other four posts from the ‘Guidance on Maritime Cybersecurity Standards Public Meeting.’
Part 1: From the Deputy Commandant for Operations
Part 2: From the Office of Port and Facility Compliance
This blog is not a replacement or substitute for the formal posting of regulations and updates or existing processes for receiving formal feedback of the same. Links provided on this blog will direct the reader to official source documents, such as the Federal Register, Homeport and the Code of Federal Regulations. These documents remain the official source for regulatory information published by the Coast Guard.