Commercial Vessel Compliance

1/12/2016: Transportation Research Board Annual Meeting – Maritime cyber risk management

Yesterday, the Coast Guard’s Director of Inspections and Compliance, Capt. Verne Gifford, was a key speaker at the Transportation Research Board of the National Academy of Science annual meeting on Monday, January 11th. The annual meeting covered all transportation modes and addressed topics of interest to policy makers, administrators, practitioners, researchers and representatives of government, industry and academic institutions.

Gifford’s remarks focused on the Coast Guard’s approach toward cyber risk management in the marine transportation system.

“All activities must take place against the backdrop of the training, education and policies needed to promote a culture of cybersecurity,” said Gifford.

Gifford explained the three strategic priorities in the Coast Guard’s Cyber Strategy, released in 2015, and explained that the likelihood of an incident is near certain.

“Vulnerability increases with every new device,” said Gifford.

Gifford outlined some ongoing, collaborative, Coast Guard initiatives:

  • Working the National Institute of Standards and Technology to develop a Maritime Transportation System Implementation Guide
  • Review of existing policy for cyber updates (drafting NVIC for domestic policy and looking at IMO proposal)
  • Standardizing terms and definitions
  • Clarifying notification procedures
  • Collaborating with NIST to evaluate guidance and tools for industry on risk reduction processes

The Coast Guard notes that the marine industry is making increasing use of cyber technology.

“While these technologies generally improve efficiency and reliability, they also introduce risk,” said Gifford. “The failure, unintended misuse or exploitation of systems controlling functions such as navigation, propulsion, cargo control and security and environmental monitoring could have significant consequences.”

Gifford encouraged industry to review the NIST Framework, the resources available at CERT, and on the cyber security tab of Homeport to improve their cyber risk management practices.

This blog is not a replacement or substitute for the formal posting of regulations and updates or existing processes for receiving formal feedback of the same. Links provided on this blog will direct the reader to official source documents, such as the Federal Register, Homeport and the Code of Federal Regulations. These documents remain the official source for regulatory information published by the Coast Guard.

Leave a Reply