10/1/2014: Senior levels of management need to address cybersecurity

Capt. Andrew Tucci, chief of the Office of Port and Facility Compliance, is responsible for the Coast Guard’s safety and security policies for our nation’s ports and facilities. One of the most emergent and current issue on this front is cybersecurity. October 2014 is the 11th annual National Cyber Security Awareness Month sponsored by the Department of Homeland Security. As a part of this effort, the Coast Guard will be hosting a discussion about cybersecurity on Maritime Commons throughout the month of October. We will be sharing tips, resources and useful information to protect against cyber threats and accidents within the maritime community.

Written by Capt. Andrew Tucci.

While a gap in a fence, an unguarded gate, or a damaged security camera might be readily apparent to crewmembers and employees, the threats and vulnerabilities that lurk inside our computer systems are invisible to most of us. This lack of visibility makes it easy to overlook or underestimate cybersecurity risks to an organization.

To highlight the need for senior management to tackle cybersecurity for their organizations, I’d like to share a speech by U.S. Securities and Exchange Commissioner Luis Aguilar, “Cyber Risks and the Boardroom ” at a New York Stock Exchange conference.

In his speech, Aguilar encourages responsible company officials to include cyber security as part of an organization’s broad risk management program. He also points out that in assessing their risks, boards of directors should consider the Cybersecurity Framework, a voluntary collection of industry standards and best practices developed by the National Institute of Standards and Technology, or NIST.

The Coast Guard encourages the maritime industry to review the Framework as well. When considering cyber related risks, vessel and facility operators should ensure that they apply the Framework or equivalent standards to cyber dependent systems that perform vital security, safety, and environmental functions on vessels, and in ports and on waterfront facilities. This voluntary program can make a real difference in reducing the risk of a transportation security incident that could harm people, the environment, property, or otherwise disrupt business activity.

I encourage you to read Commissioner Aguilar’s speech, and to think about how you can evaluate and address cyber security risks. The Coast Guard has more cyber security information on the cyber security section of Homeport.

• Respond here on Maritime Commons or tweet your questions or comments to @maritimecommons and use the hashtag #maritimecyber
• We will take comments and questions during the month of October
• One question per tweet or blog post so we can fully address each one individually
• Stay on topic and keep questions to issues involving cyber
• Comments are moderated and those that stray off topic or are unprofessional will not be approved

This blog is not a replacement or substitute for the formal posting of regulations and updates or existing processes for receiving formal feedback of the same. Links provided on this blog will direct the reader to official source documents, such as the Federal Register, Homeport and the Code of Federal Regulations. These documents remain the official source for regulatory information published by the Coast Guard.

Comments

comments

Tags: ,