IN 1332 – Cyber security risk management: US Coast Guard (USCG) guidance

  • Information Note
  • Published on 5 October 2016
  • 3 minute read

1. Introduction

Members operating in US waters will wish to be aware of the guidance published by the US Coastguard (USCG), on measures that it is proposing are applied to the marine sector for cyber security risk management. 

The content of this Information Note is sourced from the USCG’s Blog for Maritime Professionals as shown below.

2. Cyber risk management in the marine transportation system

From the desk of Rear Adm. Paul Thomas, assistant commandant for prevention policy.

October is nationally recognized as Cyber Security Awareness Month, and there is no better time to discuss the importance of cybersecurity and the Coast Guard’s role in cyber risk management.

I want to thank you for your engagement on this topic since the U. S. Coast Guard Cyber Strategy was signed in June of 2015. Your interaction with me and my staff have allowed us to better understand the challenges faced by the maritime industry. Specifically, with your efforts and input we’ve increased the number of Area Maritime Security Committees with a cyber subcommittee, we’ve worked with IMO to create interim guidelines on maritime cyber risk management for vessels, and we’ve increased partnerships with other government agencies such as the National Institute of Standards and Technology (NIST) and the Federal Energy Regulatory Commission (FERC), researchers, and, most importantly, industry members.

While we remain dedicated to promoting awareness and information sharing of cyber vulnerabilities and risks, it is time to advance the conversation on cybersecurity and risk management programs. To properly protect our nation’s infrastructure, a cybersecurity and risk management program should identify cyber vulnerabilities and address these vulnerabilities. The first step is to establish an appropriate level of governance, which includes inventorying critical operational cyber systems, identifying the roles and responsibilities of key cybersecurity personnel, providing cyber awareness training for all employees, and increasing organizational resilience protocols post-incident.

Throughout the remainder of the month, Maritime Commons will highlight the direction the Coast Guard will take to identify and address cyber vulnerabilities within our maritime infrastructure, which will include some recommended practices and how they can assist with the development of a strong cybersecurity and risk
management program.

I look forward to advancing our dialogue on cybersecurity and risk management, and encourage you to share your thoughts, questions or concerns with us via the comment section on the blog or on Twitter.

Posted by LT Katie Braynard. Monday, October 3, 2016.

3. Implications

IMCA will continue to engage with the USCG on the practical application of this guidance and the USCG will be represented at the next IMCA Central & North America Section meeting taking place at the Marriott Energy Corridor Hotel in Houston on Thursday 13 October 2016.

IMCA is organising a Security Seminar at the Millennium Gloucester Hotel in London, UK, on Thursday 10 November 2016 on the subject of Human Factors in Security. Two topics will be covered namely, the ‘internal cyber security threat’ and the ‘global risk exposure to our people’.

We may use anonymised cookies for some functionality on this site. With your consent, we would also like to use tracking to improve our online offering. Find out more.