Following prescient comments from industry, the Coast Guard no longer plans to recommend cruise ships and cargo vessels describe additional cybersecurity measures for responding to any increase in the Maritime Security (MARSEC) levels, which may result from security threats associated with pandemics such as COVID-19.
“Some changes in MARSEC level could involve cyber security threats but others may not, and a change in cyber security posture may not always be appropriate,” read guidelines set to be published in the Federal Register Friday.
An earlier draft of the Navigation and Vessel Inspection Circular recommended “facility owners and operators describe additional cyber-related measures to be taken during changes in MARSEC levels,” according to the Federal Register notice.
The Coast Guard enforces the Maritime Transportation Security Act of 2002, which applies to maritime vessels as well as offshore facilities such as oil rigs. It requires such entities to conduct facility security assessments and to accordingly implement facility security plans. The law notes that it applies to “computer systems and networks.”
The majority of the Coast Guard’s guidance is spent reassuring antsy commenters that the NVIC does not add regulations. Moreover, the guidance updates draft language to emphasize the flexibility entities have in doing their assessments and making their plans.
“The NVIC does not mandate that facilities use specific cyber security technology or take specific actions to mitigate a computer system or network vulnerabilities,” wrote Karl L. Schultz, U.S. Coast Guard admiral and commandant. “It simply reminds facility owners and operators o ..
Support the originator by clicking the read the rest link below.
