Cybersecurity

Focus on new US maritime cyber security regulations


US Coast Guard (USCG) is now receiving comments on a Notice of Proposed Rulemaking (NPRM) that would impose minimum cyber security requirements for ports, which are already subject to the broader post 9-11 Maritime Transportation Security Act of 2002 (MTSA 2002). US flagged vessels, as well as drilling and offshore wind installations off the coasts are also the subjects of NPRM.

The USCG’s initiatives followed a late February Executive Order, from President Joe Biden, that directed it “to respond to malicious cyber activity in the nation’s MTS by requiring vessels and waterfront facilities to mitigate cyber conditions that may endanger the safety of a vessel, facility, or harbor.”

The Port of LA webinar included an appearance by Anne Neuberger,  a top White House advisor on cyber matters, who presented a broad overview of the ongoing Federal initiative. She also highlighted  the efforts at the Port of LA to get ahead of cyber related risks; the port established its Cyber Resilience Center, in conjunction with IBM- which operates the platform, in early 2022. The aim of the Cyber Resilience Center she said is to provide, “a state-of-the-art port community cyber defense solution created to improve the cybersecurity readiness of the Port and enhance its threat-sharing and recovery capabilities among supply chain stakeholders”.

It follows on efforts beginning in 2014 when Port of LA established an earlier Cyber Operations Center. Neuberger told Seroka, “It’s remarkable work…we think that it’s really a best practice…and thank you for establishing the Cyber Resiliency Center, bringing in the key companies, and for the effective way in which it serves as a resource for government and the private sector.”

When NPRMs are issued, in advance of actual changes to Federal regulations, the private sector is invited to comment on it, and important players in the cargo and carrier side are expected to offer their detailed views prior to the mid-May deadline.

Various trade organizations including American Waterway Operators, World Shipping Council and the US Chamber of Commerce had all requested a lengthened comment period; originally comments were due by mid-April.

One entity from the port community has weighed in so far; the West Coast port of Olympia, Washington, in conjunction with a local cyber-security provider suggested a fine-tuning of the reporting process, with the aim of “narrow[ing] down the actionable incidents that proper authorities should spend time and resources investigating.”

Resources:

Biden Executive Order

https://www.whitehouse.gov/briefing-room/statements-releases/2024/02/21/fact-sheet-biden-harris-administration-announces-initiative-to-bolster-cybersecurity-of-u-s-ports/

Federal Register NPRM

https://www.federalregister.gov/documents/2024/02/22/2024-03075/cybersecurity-in-the-marine-transportation-system

Comments on the NPRM

https://www.regulations.gov/document/USCG-2022-0802-0001/comment

Maritime security directive re Chinese cranes

https://www.maritime.dot.gov/msci/2024-002-worldwide-foreign-adversarial-technological-physical-and-cyber-influence

 



Source

Related Articles

Back to top button