Ports and Facilities

10/3/2016: Cyber risk management in the marine transportation system

From the desk of Rear Adm. Paul Thomas, assistant commandant for prevention policy

October is nationally recognized as Cyber Security Awareness Month, and there is no better time to discuss the importance of cybersecurity and the Coast Guard’s role in cyber risk management.

I want to thank you for your engagement on this topic since the U. S. Coast Guard Cyber Strategy was signed in June of 2015. Your interaction with me and my staff have allowed us to better understand the challenges faced by the maritime industry. Specifically, with your efforts and input we’ve increased the number of Area Maritime Security Committees with a cyber subcommittee, we’ve worked with IMO to create interim guidelines on maritime cyber risk management for vessels, and we’ve increased partnerships with other government agencies such as the National Institute of Standards and Technology (NIST) and the Federal Energy Regulatory Commission (FERC), researchers, and, most importantly, industry members.

While we remain dedicated to promoting awareness and information sharing of cyber vulnerabilities and risks, it is time to advance the conversation on cybersecurity and risk management programs. To properly protect our nation’s infrastructure, a cybersecurity and risk management program should identify cyber vulnerabilities and address these vulnerabilities. The first step is to establish an appropriate level of governance, which includes inventorying critical operational cyber systems, identifying the roles and responsibilities of key cybersecurity personnel, providing cyber awareness training for all employees, and increasing organizational resilience protocols post-incident.

Throughout the remainder of the month, Maritime Commons will highlight the direction the Coast Guard will take to identify and address cyber vulnerabilities within our maritime infrastructure, which will include some recommended practices and how they can assist with the development of a strong cybersecurity and risk management program.

I look forward to advancing our dialogue on cybersecurity and risk management, and encourage you to share your thoughts, questions or concerns with us via the comment section on the blog or on Twitter by tweeting to @maritimecommons.

Have input or ideas on this topic? Join the discussion by leaving your comments or questions in the section below or by using #MaritimeCyber on Twitter.

This blog is not a replacement or substitute for the formal posting of regulations and updates or existing processes for receiving formal feedback of the same. Links provided on this blog will direct the reader to official source documents, such as the Federal Register, Homeport and the Code of Federal Regulations. These documents remain the official source for regulatory information published by the Coast Guard.