The maritime industry is on the cusp of significant changes as vessel operators may soon be facing new federal regulations to prevent cyber security attacks. The U.S. Coast Guard has proposed regulations that would establish minimum cybersecurity requirements for U.S.-flagged vessels and maritime facilities under the Maritime Transportation Security Act.

According to the recently published Notice of Proposed Rulemaking, vessel and facility operators would be mandated to conduct a cybersecurity assessment and develop a Coast Guard-approved cybersecurity plan that could be integrated into an existing security plan. This new plan would cover various areas of operation, including personnel training, drills and exercises, device and data security, reporting, and risk and supply chain management, all susceptible to cyber infiltrations.

The scope of the proposed rule includes offshore drilling units, cargo vessels, most passenger vessels, barges, towing vessels, and tankships. Each owner or operator would need to designate a qualified individual to develop and implement the cybersecurity plan. The primary goal of the proposed rule is to address current and emerging cybersecurity threats in the marine transportation system.

As the maritime industry evolves with the increased use of cyber-connected systems, the Coast Guard recognizes the necessity for changes to protect against potential cyberattacks. The agency acknowledges that while these systems enhance vessel and port facility operations, they also bring forth challenges in design, operations, safety, security, training, and workforce management. The increased reliance on information technology systems exposes the maritime domain to cyber threats that could disrupt operations of U.S. facilities and vessels.

The proposed regulations highlight the vulnerabilities posed by autonomous vessel technology, automated operational systems, and remotely operated machines. These technologies serve as prime targets for cyberattacks from various sources, including insider threats, criminal organizations, and nation-state actors. Concerns also arise regarding cyberattacks altering a vessel’s navigational system, which could lead to accidents or groundings, disrupt communications with ports, and impact national and global maritime commerce.

To counter these threats, the Coast Guard believes that implementing new cyber risk management measures outlined in the proposed rule would better equip the maritime industry to detect, respond to, and recover from cybersecurity breaches. Updating regulations to include minimum cybersecurity requirements is seen as a step towards strengthening security posture and increasing resilience against cyber threats.

Vessel owners and operators would be granted a 12-18 month period following the effective date of the final rule to determine the best approach to implement and comply with the new requirements. The Coast Guard is currently seeking input from the maritime industry on the proposed regulations until April 22 to ensure that all perspectives are considered.

Meanwhile, additional measures have been introduced to clarify reporting requirements for security breaches and suspicious activity within the maritime industry. A notice from the Coast Guard establishes guidelines for reporting cyber incidents, with owners or operators of vessels or facilities required to immediately report any actual or threatened cyber incidents to relevant authorities.

The proposed regulations and clarification on reporting requirements emphasize the growing importance of cybersecurity in the maritime industry and the need for proactive measures to safeguard against potential threats. By staying vigilant and implementing robust cybersecurity practices, vessel operators can ensure the safety and security of their operations in an increasingly digital environment.

Source link