The American Waterways Operators has released best practices to help the U.S. tugboat, towboat and barge industry in identifying and managing cyber risks and detecting and responding to cyberattacks or accidents.
The document “Cyber Risk Management: Best Practices for the Towing Industry, Version 1.0” is the product of a year-long initiative undertaken by the Cyber Risk Management Quality Action Team, a working group of the Coast Guard-AWO Safety Partnership, the oldest public-private partnership between the U.S. Coast Guard and its stakeholders.
Recognizing that the companies that make up the towing industry are diverse in size and complexity and that, when it comes to cybersecurity, one size won't fit all, the Quality Action Team encourages companies to take a tailored approach to cyber risk management that incorporates a cyber risk management policy and related procedures into a company's existing safety management system.
The best practices are aligned with the National Institute of Standards and Technology's Cybersecurity Framework — the gold standard for managing cyber-related risk, which the Coast Guard has incorporated into guidance for other segments of the maritime industry — and clarify and expand on them to make them actionable for towing companies. The document also includes information about how to conduct a cyber risk assessment and report a cyber incident.
"The tugboat, towboat and barge industry is a vital component of our nation's critical infrastructure, transporting annually over 760 million tons of commodities that power the American economy, and working in constant partnership with the Coast Guard to keep our waterways safe and secure,” AWO president & CEO Tom Allegretti said in a statement announcing the release of the document. “As our industry continues to integrate cyber systems into all aspects of its operations in order to meet the demand for efficient maritime cargo transport, we recognize the importance of providing our companies with resources to mitigate against the growing range of cyber threats. We are very pleased to offer these best practices as a resource for members as we continue to work with our government partners to address this substantial challenge."