If Russia can hack its way into our elections and digital mischief makers in China can deface the White House website, what chance do vessel operators have of maintaining cybersecurity within their fleets?
Once we’re networked, there probably is no such thing as absolute security, but given our dependence on digital data for everything from navigation to vessel maintenance — to say nothing of life safety — we cannot ignore the need to protect our operations from exploitation or attack.
As part of its mission to promote human safety, marine safety and environmental safety, the U.S. Coast Guard, with the support of the Transportation Security Administration, is leading the charge for cybersecurity in the maritime community.
During a presentation Tuesday at the Passenger Vessel Association Annual Meeting at MariTrends in Savannah, Ga., Lt. Cmdr. Brandon Link, a marine safety expert with the Coast Guard’s Critical Infrastructure Branch, said the stars are aligning for such an effort by passenger vessel operators, among others. The Coast Guard is developing specific cybersecurity “profiles” for maritime sectors and has completed three, for maritime bulk liquid transfers, offshore operations and passenger vessels.
The next profile will focus on navigation and automation.
“The cybersecurity framework profiles are designed to assist organizations in assessing cyber risks and offer guidance on how to allocate limited resources in order to improve their cyber resiliency,” Link said.
Link said the profiles are designed to facilitate implementation. They leverage existing standards and recommended practices. In the case of passenger operations, for example, the profile was developed in consultation with the Cruise Line Industry Association and the PVA. “We cannot stress enough our appreciation to the stakeholders from all sectors of industry for their assistance in drafting these profiles," he said.
Moreover, he said, cost-effectiveness was critical, as was the need to avoid creating a lot of new regulations. “We do hope this is a useful tool,” he told PVA attendees.
You can access more information on the Coast Guard’s cybersecurity effort, as well as offer feedback, at the Maritime Commons blog.