Written by Cmdr. Brandon Link and Dr. Robyn Kapperman, Office of Port and Facility Compliance
Editor’s note: In our second installment on cybersecurity and cyber risk management in observance of DHS’s National Cybersecurity Awareness Month, the Domestic Ports Division discusses the Area Maritime Security Committee as a valuable resource to combat cyber-related threats.
Area Maritime Security Committees (AMSCs) serve as an integral component in addressing cybersecurity and cyber risk management of the Marine Transportation System (MTS). AMSCs continue to engage in cybersecurity-focused activities through various activities and subcommittees, to include the 31 established cybersecurity subcommittees. The AMSC subcommittees assist in addressing cyber risks, facilitating information sharing, and identifying ways to enhance preparedness and resilience related to cyber-related incidents. During the most recent review of the AMSC annual reports, there were numerous examples of accomplishments and initiatives for cyber risk management in the MTS.
Within the North Carolina AMSC, the cybersecurity subcommittee provides cybersecurity threat briefs, training, and cybersecurity best practice tips to maritime industry partners. This sharing of knowledge and information has bolstered the cyber posture within the area and facilitated cooperation between partners. The Ohio Valley AMSC has also had success with facilitating cybersecurity workshops and arranging cybersecurity training for port partners.
AMSCs such as Long Island Sound, Northern California, South Texas, Southeastern New England, and others have emphasized the information sharing aspect of cyber readiness, disseminating various “Situational Awareness” slides, quarterly newsletters, and other reports to their members, regional maritime partners, and other stakeholders within the MTS.
AMSC cybersecurity subcommittees provide a nexus for their stakeholders to discuss cyber vulnerabilities in the port and strategies to reduce risks. Within the Fifth Coast Guard District, these subcommittees are addressing protocols for reporting, responding, and mitigating efforts in order to bolster existing guidance and further maritime cyber responsiveness.
In an effort to continue building on established and growing relationships within individual AMSCs, and among the AMSC community nationwide, the Coast Guard’s Office of Port and Facility Compliance hosts National AMSC Cybersecurity Subcommittee calls to facilitate the sharing of knowledge, available resources, and accomplishments in cybersecurity and cyber risk management.
The Navigation and Vessel Inspection Circular (NVIC) 09-02, change 5 provides guidance to the Coast Guard and AMSC members in developing and maintaining the Area Maritime Security Assessments and Plans. The updated NVIC included a new Cyber Incident Response Template modeled after the Department of Homeland Security’s National Cyber Incident Response Plan. A number of AMSC cybersecurity subcommittees are engaged in developing and implementing this annex for their Area Maritime Security Plans (AMSPs).
The Coast Guard applauds all of the Area Maritime Security Committees for their efforts and initiative in addressing the continually-evolving nature of cyber threats and vulnerabilities. The maritime community’s use of this resource continues to increase and we encourage industry, the public, and all levels of government to take advantage of their local AMSC to build on the hard work already underway.
For more information and resources from this year’s Own IT. Secure IT. Protect IT. campaign, visit the 2019 National Cybersecurity Awareness Month website.
This blog is not a replacement or substitute for the formal posting of regulations and updates or existing processes for receiving formal feedback of the same. Links provided on this blog will direct the reader to official source documents, such as the Federal Register, Homeport and the Code of Federal Regulations. These documents remain the official source for regulatory information published by the Coast Guard.