Proceedings magazine is a communication tool for the Coast Guard's Marine Safety & Security Council. Each quarterly magazine focuses on a specific theme of interest to the marine industry.
Issue link: https://uscgproceedings.epubxp.com/i/436751
15 Winter 2014 – 2015 Proceedings www.uscg.mil/proceedings Within our nation's marine transportation system (MTS), computers, information networks, and telecommunications systems support fundamental port and maritime opera- tions. While this technology provides great benefts, it also introduces vulnerabilities. In several recent incidents, bad actors exploited cyber weak- nesses within MTS elements with signifcant repercussions. Some examples include: • Somali pirates have exploited online navigational data to choose which vessel to target for hijack; • hackers incapacitated a foating oil rig by tilting it and forcing it to shut down; • malware caused another drilling rig to shut down for 19 days, after bringing systems to a standstill; • hackers infltrated computers connected to the Port of Antwerp, located specific containers, made off with smuggled drugs, and deleted the records. 1 Help is Here Fortunately, MTS component owners and operators can take action to reduce cyber risk. The National Institute of Standards and Technology recently released the Framework for Improving Critical Infrastructure Cybersecurity, which allows users to leverage existing standards and guidelines 2 to tailor the framework to their specifc needs and systems. For instance, MTS owners and operators using industrial control systems (ICS) will be able to choose guidance spe- cifc to those types of devices, such as NIST's SP800-82. Given that the cybersecurity framework was specifcally developed for owners and operators of critical infrastructure, each MTS sector member — including those who currently follow established cybersecurity standards — should, at a minimum, access the framework to perform an internal assessment of its cybersecurity program. Such an assessment is particularly relevant and, frankly, necessary, if owners or operators of ports, terminals, or other MTS segments have previously suffered a cyber attack or unexplained ICS failures. The Coast Guard considers such attacks or failures for vessels and facilities regulated under the Maritime Transportation Security Act to be reportable incidents under 33 C.F.R. 101.305 if such systems have con- nections to the MTS. 3 Reducing Potential Liability Despite the benefts of adopting the framework, MTS seg- ment owners and operators should be aware that this alone is unlikely to completely limit potential liability following a cybersecurity incident. Two options that ports, facilities, vessels, and other MTS segment members should consider Reducing Cyber Risk Marine transportation system cybersecurity standards, liability protection, and cyber insurance. by MR. DaviD DiCkMan Environmental Group and Maritime Group Venable LLP Governance MR. DisMas n. lOCaRia Government Contracts Group Venable LLP MR. JasOn WOOl Energy Group Venable LLP The electric industry is subject to mandatory cybersecurity standards. Purestock / / Thinkstock