Senior management and cybersecurity threats 

While a gap in a fence, an unguarded gate, or a damaged security camera might be readily apparent to crewmembers and employees, the threats and vulnerabilities that lurk inside our computer systems are invisible to most of us. This lack of visibility makes it easy to overlook or underestimate cybersecurity risks to an organization.

To highlight the need for senior management to tackle cybersecurity for their organizations, I’d like to share a speech by U.S. Securities and Exchange Commissioner Luis Aguilar, “Cyber Risks and the Boardroom”, delivered at a New York Stock Exchange conference. In his speech, Aguilar encourages responsible company officials to include cybersecurity as part of an organization’s broad risk management program. He also points out that in assessing their risks, boards of directors should consider the Cybersecurity Framework, a voluntary collection of industry standards and best practices developed by the National Institute of Standards and Technology, or NIST.

The Coast Guard encourages the maritime industry to review the Cybersecurity Framework as well. When considering cyber-related risks, vessel and facility operators should ensure that they apply the framework or equivalent standards to cyber-dependent systems that perform vital security, safety, and environmental functions on vessels, and in ports and on waterfront facilities. This voluntary program can make a real difference in reducing the risk of a transportation security incident that could harm people, the environment, property, or otherwise disrupt business activity.

I encourage you to read Aguilar’s speech, and to think about how you can evaluate and address cybersecurity risks. The Coast Guard has more cybersecurity information on the cybersecurity section of Homeport.

 

Capt. Andrew Tucci  

Chief, Office of Port and Facility Compliance 

U.S. Coast Guard  

Washington, D.C.