Proceedings magazine is a communication tool for the Coast Guard's Marine Safety & Security Council. Each quarterly magazine focuses on a specific theme of interest to the marine industry.
Issue link: https://uscgproceedings.epubxp.com/i/436751
11 Winter 2014 – 2015 Proceedings www.uscg.mil/proceedings innovation, and economic prosperity while promoting safety, security, business confdentiality, privacy, and civil liberties." 6 The primary thrust of EO 13636 is the National Institute of Standards and Technology's Framework for Improv- ing Critical Infrastructure Cybersecurity and its push for the nation's critical infrastructure owners and opera- tors to adopt it. The responsibilit y for encouraging adopting the cybersecurity framework falls largely on the SSAs. In addition, SSAs are directed to review their respective agency authorities for cybersecurity and cybersecurity framework goals. Moving Forward The marine transportation system is vulnerable to cyber threats, but the Coast Guard has the authority to respond to these threats. The Maritime Transportation Security Act's assess- ment and planning requirements should encompass cybersecurity vulnerabilities, as well as physical secu- rity and personnel security vulnerabilities. MTSA also requires the reporting of cybersecurity events to the Coast Guard when those events meet the defnition of a suspicious activity, breach of security, or transportation security incident. Once reported, the captain of the port can draw upon his or her authorities under the Magnuson Act and Ports and Waterways Safety Act to institute safety and secu- rity zones to limit access to the port and its facilities and to control vessel movement. Using one or a combination of these authorities, the Coast Guard has a robust regulatory toolkit to help combat cybersecurity threats against the marine transportation system. About the authors: LCDR Brandy Parker is a U.S. Coast Guard attorney assigned to the Assis tant Commandant for Prevention Policy. She provides legal and policy advice on matters of port security and prevention policy. Mr. Glenn Gray is an intern for the U.S. Coast Guard with the Prevention Law Division in the Offce of Maritime and International Law. He is also a law student at Georgetown University. Endnotes: 1. See Department of Homeland Security National Infrastructure Protection Plan [hereinafter NIPP]. The NIPP was created to guide the national effort to manage risks to the Nation's critical infrastructure. The NIPP organizes the nation's criti- cal infrastructure into 16 sectors and designates sector-specifc agencies (SSA) for each sector. Within the sectors, there may be subsectors that also have a SSA des- ignated. See NIPP at 10. Each sector also has developed a plan for that sector that is an annex to the NIPP. See NIPP at 3, 9. The 2013 NIPP aligns with Exec. Order No.13636: Improving Critical Infrastructure Cybersecurity, 78 Fed. Reg. 11,739 (Feb. 19, 2013) and adds cyber elements into the physical and human elements of critical infrastructure in managing risk. 2. SSAs are "responsible for providing institutional knowledge and specialized expertise as well as leading, facilitating, or supporting the security and resilience programs and associated activities of its designated critical infrastructure sector in the all-hazards environment." 3. Presidential Policy Directive-21 (Feb. 12, 2013). 4. See NIPP at 15. 5. 78 Fed. Reg. 11,739 (Feb. 19, 2013). 6. Id. Maintaining compliance with MTSA's provisions regarding facility and vessel access control is imperative to prevent cyber attacks. U.S. Coast Guard photo by Petty Offcer Bobby Nash.