Written by Lt. Cmdr. Yamaris Barril, Office of Port and Facility Compliance (CG-FAC)

October is National Cybersecurity Awareness Month and the Office of Port and Facility Compliance encourages you to follow our weekly blogs throughout the month that contain important information on cybersecurity risk management. Additionally, please visit the Department of Homeland Security’s website dedicated to NCSAM for further resources on cybersecurity.

During the past year, the Coast Guard has made significant strides in addressing cybersecurity risk management in the maritime domain. Maritime Commons has covered a wide variety of these subjects: shipboard application of cyber risk management, policy on reporting suspicious activity and breaches of security, and the release of the Maritime Bulk Liquids Transfer (MBLT) Cybersecurity Framework Profile.

• The shipboard application of cyber risk management implements elements from the National Institute of Standards and Technology Cybersecurity Framework into the culture of the company at all levels, from the ship’s crew and port workers to the senior executives of the company in the same way that the industry has embraced a safety-culture through the implementation of Safety Management Systems.
• CG-5P Policy Letter 08-16: Reporting Suspicious Activity and Breaches of Security outlines the criteria and process for suspicious activity and breach of security reporting. This policy letter also covers reporting requirements and guidance on reporting cybersecurity related events to Department of Homeland Security National Cyber Security and Communications Integration Center. Coast Guard Captains of the Port, Area Maritime Security Committees and the operators of vessels and facilities regulated by the MTSA may use this policy letter when evaluating suspicious activity and breach of security incidents.
• The MBLT Cybersecurity Framework Profile implements how organizations align the Framework’s cybersecurity activities, outcomes, and informative references to organizational business requirements, risk tolerances, and resources. Through this industry-focused Profile, MBLT facilities are provided a pathway for integrating the Framework into organizational operations.

CG-FAC would also like to take this opportunity to remind our readers that there is an extension on the comment period for the draft NVIC 05-17, Guidelines for Addressing Cyber Risks at Maritime Transportation Security Act (MTSA) Regulated Facilities . CG-FAC highly encourages comments on the draft NVIC, which can be submitted to the online docket at Docket No. USCG–2016–1084 or reach the Docket Management Facility on or before Oct. 11, 2017.

CG-FAC encourages everyone to subscribe to Maritime Commons for the latest information on issues related to the Marine Transportation System. We look forward to advancing our dialogue on cybersecurity and risk management, and encourage you to share your thoughts, questions or concerns with us via the comment section below.

For more Maritime Commons coverage of cyber risk management topics, check out some of our recent posts.

This blog is not a replacement or substitute for the formal posting of regulations and updates or existing processes for receiving formal feedback of the same. Links provided on this blog will direct the reader to official source documents, such as the Federal Register, Homeport and the Code of Federal Regulations. These documents remain the official source for regulatory information published by the Coast Guard.