10/26/2018: National Cybersecurity Awareness Month – Area Maritime Security Committees

We continue our National Cybersecurity Awareness Month series with a post from the Domestic Ports Division of the Office of Port and Facility Compliance that discusses the important contributions the 43 Area Maritime Security Committees make at local levels to address cyber threats and vulnerabilities. In this post, we focus on the teamwork and cooperation of the AMSCs in Northern New England, the Sault Region, Hawaii and American Samoa, and Charleston, S.C.

Submitted by Dr. Robyn Kapperman, Office of Port and Facility Compliance

In the vast, fast-paced cyber landscape, effective cyber risk management is dependent on cooperation at the local, state, and federal levels of government as well as between public and private entities. Cooperation among stakeholders is a priority of the 43 Area Maritime Security Committees (AMSCs) led by the Coast Guard. Thirty AMSCs have established dedicated cybersecurity subcommittees, while the remaining 13 address cyber security through other pre-established subcommittees (e.g. law enforcement, facility security officer, etc.), to address cyber threats and vulnerabilities.

All 43 AMSCs continually produce successful partnerships, put forth great effort and complete tremendous work to bolster port security and protect the nation’s critical Marine Transportation System. The following provides a snapshot of the teamwork and cooperation taking place within AMSCs and local communities.

Northern New England (NNE) AMSC

The NNE AMSC welcomed members of the University of Southern Maine’s (USM) Cyber Security Cluster (MCSC) Lab to their committee in 2012. Students in the program developed cyber security training used during Area Maritime Security Exercise and Training Program (AMSTEP) Functional Exercises. The MCSC Lab also developed a cyber training course and assisted with conducting port Wi-Fi assessments. Port Security Grant Program (PSGP) funding received by USM is being used to enhance the assessment capabilities of its cyber lab. These capabilities will assist the AMSC to conduct a port wide cyber security risk assessment and validate the mitigating strategies currently implemented in the Area Maritime Security Plan (AMSP).

In 2017, the AMSC collaborated with Senator Collins’s and Senator King’s offices, USM, the Maine Emergency Management Agency, and the MCSC to hold a Cyber Security Summit. The summit was attended by 160 participants from various organizations to discuss cyber security strategy and objectives.

Sault Region AMSC

In 2017, the Sault Region AMSC established a partnership with Michigan’s Department of Technology Management and Budget for cyber security-related issues and training. The Michigan Cyber Disruption Response Team, a division of Michigan’s Department of Technology, provided a brief to the Federal Maritime Security Coordinator and was subsequently invited to be part of the Governor’s Cyber Advisory Council. This partnership enhanced the committee’s subject matter expertise in cyber security. The partnership built between the AMSC and the state has been invaluable to regional cyber security efforts and plays a prominent role with the committee’s annual cyber security assessments. Additionally, the coordinated effort better informs the local PSGP process of cyber-related projects that enhance cyber security capabilities.

Hawaii and American Samoa AMSC

Utilizing the unique capabilities of University of Hawaii’s Cyber Range, the AMSC was able to combine a functional, information technology-based exercise with a traditional discussion-based tabletop to address maritime cyber threats and better prepare for the future. The exercise brought IT managers and technical staff together with corporate leadership, maritime operations personnel, and government agencies. This fusion of disciplines highlighted the challenges faced when translating technical cyber security concepts to less tech-grounded decision makers, as well as the complexities of building secure network environments for maritime critical infrastructure.

The AMSC subsequently partnered with the FBI InfraGard to continue its collaborative efforts by chartering a joint Maritime Special Interest Group (SIG)/AMSC cyber security workgroup. Recognizing that the cyber-threat is not exclusive to the maritime domain, the SIG provides an ongoing opportunity for port security stakeholders to network and share information with colleagues from other economic sectors and industries. The committee can facilitate future AMSTEP scenarios to test security response to cyber incidents, and provide strategies to reduce cyber vulnerabilities, increase resiliency, protection, and deterrence, and mitigate consequences of a cyber incident.

Charleston AMSC

The AMSC’s cyber subcommittee collaborated with members from the White House National Security Council, Army Cyber Command, National Cyber Center of Excellence, and the U.S. Coast Guard Cyber Command to assist in efforts related to cyber prevention, protection, response, recovery, and resilience within the maritime domain. Additionally, the cyber subcommittee led efforts in leveraging Port Security Grant Program funds to establish a maritime-based cyber information-sharing portal through a newly formed AMSC member sponsored Maritime Transportation System-Information Sharing and Analysis Organization (MTS-ISAO). The MTS-ISAO delivers cyber solutions through routine multi-agency and multi-industry collaborations on emergent cyber security and response topics, as well as implementation of cutting-edge, cost-conscious, and user-friendly technical solutions. This project will greatly improve the region’s maritime logistics supply chain cyber risk management posture both in policy and in practice.

This blog is not a replacement or substitute for the formal posting of regulations and updates or existing processes for receiving formal feedback of the same. Links provided on this blog will direct the reader to official source documents, such as the Federal Register, Homeport and the Code of Federal Regulations. These documents remain the official source for regulatory information published by the Coast Guard.

Comments

comments

Tags: , ,