Maritime Cyber Security

Posted by John Crowley on August 29, 2017 11:10 AM EDT

Suggest discussion of roles and responsibilities for cyber security within the global information space - the internet

The Coast Guard has published a draft Navigation and Vessel Inspection Circular (NVIC) to provide guidance on maritime cyber security.  The Coast Guard seeks comments not later than September 11th.   Most of us have been aware for some time of necessary local security measures whether they be access control with passwords or restricted use of external devices such thumb drives.  Use of firewalls and updates or patches to software are also accepted local efforts.  There are others depending on the owned/operated cyber system. 

However, the many technology advances we enjoy, including cargo loading and tracking, often utilize the world wide web – the internet.  As a mariner I think of the internet as the “high seas” of information transmission.  Also using the internet are non-state actors with global criminal and terrorist intentions.  The international community and individual nations work to ensure peaceful uses of the “high seas.”  What is the parallel response by the international community and individual nations to ensure the safe and secure use of the internet?

With the development of the International Ship and Port Facility Security (ISPS) code, the Maritime Transportation Security Act (MTSA), and implementing regulations in the Code of Federal Regulations (33CFR Chapter I, Subchapter H), assignments were made for responsibility to secure vessels and facilities.  At that time physical access to facilities, including IT equipment, was addressed to protect against the incursion of people and dangerous devices.  I remember an extensive discussion on whose responsibility it was to provide waterside security with the predominant responsibility falling to various elements of government.  I remember no discussion on providing security of information either within the facility or on the internet once transmission on the global information system.

Therefore, I ask the question and encourage a discussion as to the appropriate assignments of responsibility for security of information put on the global information system, the internet.  As we review the Coast Guard’s NVIC, what is the individual business responsibility for financial stability, what is the individual business responsibility to assist in preventing a transportation security incident, and what is the government’s responsibility to police or defend the peaceful uses of the internet?

There is 1 comment



Comments on the Coast Guard NVIC 05-17 may now be made up until Oct 11, 2017. There is additional time to consider these comments prior to the Coast Guard evaluating its position.

John Crowley photo
John Crowley

1 month ago

Sign in to add your comment.

Latest Posts

FMC to hold hearings on pending petition regarding detention and demurrage practices.
FMC to hold hearings on pending petition regarding detention and demurrage practices.
read more
Maritime Cyber Security
Suggest discussion of roles and responsibilities for cyber security within the global information...
read more
Congressional Authorization of the Federal Maritime Commission (FMC) and Amendments to the Shipping Act
NAWE comments on pending authorizing legislation for the Federal Maritime Commission (FMC). NAWE...
read more
Cyber Security in the Maritime Port Sector: 
I summarize NAWE's position on cyber security in view of recent attacks.
read more
Port Statistics Working Group - My Observations
On December 4, the Port Performance Freight Statistics Working Group, which was formed as a result...
read more