Commercial Vessel Compliance

12/16/2015: Back to the future – Cyber risk management training

From the desk of Capt. Andrew Tucci, chief of the Office of Port and Facility Compliance

I recently visited the Coast Guard’s Training Center in Yorktown, Virginia. My Coast Guard career began there as an Officer Candidate in 1989. I have been back many times since then, first as a student in various courses, later as a guest instructor at some of those same courses.

My reason for this trip was for something new: to oversee a “train the trainer” session for cyber-related risks in the marine transportation system. Every Coast Guard Sector and Marine Safety Unit has now sent a representative to this first-of-its-kind training. They, in turn, will be training all Coast Guard marine inspectors, facility inspectors and port security specialists across the service. This will enable those personnel to work with the maritime industry at the local level to identify and address cyber risks.

The marine industry is becoming increasingly dependent on cyber technology in recent years. Cyber-based systems drive a wide range of safety and security systems on vessels and at port facilities. Technology as simple as a security camera, or as complex as a dynamic positioning system, has a cyber connection. Maintaining the cyber integrity of these systems is as important as maintaining the physical integrity of the equipment they control or protect.

In July of this year, the Commandant of the Coast Guard signed the Coast Guard Cyber Strategy, which specifically identifies the protection of maritime infrastructure as a priority. In support of that objective, the Coast Guard has been working with various advisory committees, industry groups, government agencies and academic institutions to improve our knowledge of cyber risks in the marine transportation system. The recent cyber training at Yorktown is the latest step in that process.

Vessel and facility operators can find resources and information about cyber risk management on the cybersecurity tab of the Coast Guard’s Homeport site, at DHS CERT and ICS-CERT, and by reviewing the NIST Framework. The Coast Guard strongly encourages industry to take advantage of these resources. Operators can also work with their local Area Maritime Security Committee to identify and address port wide cyber risks.

You can be sure that my reception at Yorktown as a Captain overseeing a new training program was somewhat different than when I reported as a trainee back in 1989. For one thing, this time, my day did not begin at 0500 to the sound of revile and the shouts of platoon officers demanding 20 push-ups as they inspected the barracks! What has remained the same is the Coast Guard’s commitment to training our members to the highest standards in order to continue to protect our nation from all hazards and threats. I am proud to be part of the efforts that are preparing the Coast Guard to operate in the cyber domain.

This blog is not a replacement or substitute for the formal posting of regulations and updates or existing processes for receiving formal feedback of the same. Links provided on this blog will direct the reader to official source documents, such as the Federal Register, Homeport and the Code of Federal Regulations. These documents remain the official source for regulatory information published by the Coast Guard.