Proceedings magazine is a communication tool for the Coast Guard's Marine Safety & Security Council. Each quarterly magazine focuses on a specific theme of interest to the marine industry.
Issue link: https://uscgproceedings.epubxp.com/i/436751
17 Winter 2014 – 2015 Proceedings www.uscg.mil/proceedings Notably, implementing the cybersecurity framework or other well-known cybersecurity standards can be leveraged to great effect in the insurance context. Underwriters will typically only extend coverage to entities that have demon- strably strong security practices, and the framework or other standards can serve as a useful benchmark. Moreover, robust cybersecurity practices could also lead to lower premiums. Some insurance brokers and provid- ers have reduced premiums if the covered technology has received SAFETY Act designation or certifcation. Moving Forward Adopting cybersecurity standards, acquiring cyber insur- ance, and obtaining protection under the SAFETY Act for cybersecurity technologies can signifcantly reduce busi- ness risks as well as overhead expenses for ports, terminals, vessels, and other MTS segments. Not surprisingly, those who operate airports, sea ports, and other critical infrastructure components have obtained SAFETY Act coverage for their physical security measures. The same should be considered for technology used to pro- tect cyber-related infrastructure, including in the MTS. The unfortunate reality, however, is that many businesses, including ports, marine terminals, and other MTS segments, even if they currently have strong cybersecurity programs and technologies, are unaware of the SAFETY Act and its protections. As cyber risk and the potential for increased liability related to cybersecurity within the MTS grow, how- ever, the SAFETY Act may become better known, and, more importantly, utilized. About the authors: Mr. David Dickman is a member of Venable's Environmental and Mari time Groups. He is a retired Coast Guard offcer with signifcant practical and legal experience on maritime security matters and has represented and advised ports and other MTS segment clients on security issues under the Maritime Transportation Security Act and other security laws and regula tions. Mr. Dickman is a coauthor on maritime security for Benedict on Admiralty. He has been recognized in the 2013 and 2014 editions of Cham- bers USA, in the shipping category. Mr. Dismas Locaria is a member of Venable's Government Contracts Group. He represents a number of clients in homeland securityrelated matters including drafting guidelines for information handling. He has assisted sev eral clients in receiving SAFETY Act certifcation. Mr. Locaria has pub lished on the topic of the SAFETY Act and is a coauthor and contributor to Venable's Homeland Security Desk Book. Mr. Jason Wool is a member Venable's Energy Group and an experienced cybersecurity attorney who advises clients on the North American Electric Reliability Corporation critical infrastructure protection reliability stan dards and other cybersecurity standards and regulations. He contributed to developing federal cybersecurity regulation and policy, including the cybersecurity framework. Mr. Wool advises independent systems operators and regional transmission operators on reliability compliance and variety of other issues. Endnotes: 1. Wagstaff, J. All at sea: global shipping feet exposed to hacking threat, Reuters (Apr. 23, 2014). Available at www.reuters.com/assets/print?aid=USBREA3M20820140423. 2. Examples are ISO 27001/2 standards relating to information security systems and NIST's SP800-53 standard relating to security and privacy controls for federal information systems. 3. See www.uscg.mil/announcements/alcoast/122-14_ALCOAST.txt. 4. Subtitle G, of Title VIII, Public Law 107-296 (codifed at 6 U.S.C. 441-444), available at https://www.safetyact.gov/pages/homepages/SamsStaticPages.do?insideIfram e=Y&contentType;=application/pdf&path;=sams\refdoc\Safety_Act_Legislation. pdf. 5. An "act of terrorism" is an act, determined by the Secretary of DHS, that (i) is unlawful; (ii) causes harm to a person, property, or entity, in the United States or to a U.S.-fag vessel (or vessel based principally in the U.S. on which U.S. income tax is paid and whose insurance coverage is subject to regulation in the U.S.), inside or outside the U.S.; and (iii) uses or attempts to use instrumentalities, weapons or other methods designed or intended to cause mass destruction, injury or other loss to citizens or institutions of the U.S. 6 U.S. Code§444(2). 6. The SAFETY Act's benefts apply not only to sellers/suppliers of technologies and to businesses that develop and implement covered security programs, but also to their customers. In fact, end-users (regardless of whether the technology is desig- nated or certifed) receive third-party immunity arising from acts of terrorism for utilizing a SAFETY Act-approved technology. 7. The scope of the SAFETY Act may be expanded in the near future, as a bill was recently unanimously approved by the House Homeland Security Committee that would provide coverage against "qualifying cyber incidents" that may not otherwise meet the defnition of an Act of Terrorism. Sec. 202, H.R. 3696, National Cybersecurity and Critical Infrastructure Protection Act of 2013. Bibliography: Chemical makers' cyber, physical security program approved for SAFETY Act liability coverage. Inside Cybersecurity, March 4, 2014. Commander Joseph Kramek (2013). The Critical Infrastructure Gap: U.S. Port Facili ties and Cyber Vulnerabilities. Center for 21 st Century Security and Intelligence at Brookings. Commander Ulysses Mullins (2014) Cyber Security: The boundary without borders. Proceedings of the Marine Safety & Security Council. Dismas L., and Andrew Bigart. SAFETY Act: A Cybersecurity WinWin for Govern ment. Industry, Law360, Apr. 24, 2014. Analysis of Cyber Security Aspects in the Maritime Sector. European Network and Information Security Agency, Nov. 2011. National Cybersecurity and Critical Infrastructure Protection Act of 2013. H.R. 3696, Wagstaff, J. All at sea: global shipping feet exposed to hacking threat. Reuters, Apr. 23, 2014. H.R. 4005, Coast Guard and Maritime Transportation Act of 2014. Kouwenhoven,N., Martin Borrett, and Milind Wakankar. The implications and threats of cyber security for ports. Port Technology International, February 2014. Cybersecurity Alert: NIST Releases Framework for Improving Critical Infrastructure Cybersecurity. Venable LLP, February 2014. olm26250 / iStock / Thinkstock