Maritime Cyber Security
Posted by John Crowley on August 29, 2017 11:10 AM EDT
Suggest discussion of roles and responsibilities for cyber security within the global information space - the internet
The Coast Guard has published a draft Navigation and Vessel Inspection Circular (NVIC) to provide guidance on maritime cyber security. The Coast Guard seeks comments not later than September 11th. Most of us have been aware for some time of necessary local security measures whether they be access control with passwords or restricted use of external devices such thumb drives. Use of firewalls and updates or patches to software are also accepted local efforts. There are others depending on the owned/operated cyber system.
However, the many technology advances we enjoy, including cargo loading and tracking, often utilize the world wide web – the internet. As a mariner I think of the internet as the “high seas” of information transmission. Also using the internet are non-state actors with global criminal and terrorist intentions. The international community and individual nations work to ensure peaceful uses of the “high seas.” What is the parallel response by the international community and individual nations to ensure the safe and secure use of the internet?
With the development of the International Ship and Port Facility Security (ISPS) code, the Maritime Transportation Security Act (MTSA), and implementing regulations in the Code of Federal Regulations (33CFR Chapter I, Subchapter H), assignments were made for responsibility to secure vessels and facilities. At that time physical access to facilities, including IT equipment, was addressed to protect against the incursion of people and dangerous devices. I remember an extensive discussion on whose responsibility it was to provide waterside security with the predominant responsibility falling to various elements of government. I remember no discussion on providing security of information either within the facility or on the internet once transmission on the global information system.
Therefore, I ask the question and encourage a discussion as to the appropriate assignments of responsibility for security of information put on the global information system, the internet. As we review the Coast Guard’s NVIC, what is the individual business responsibility for financial stability, what is the individual business responsibility to assist in preventing a transportation security incident, and what is the government’s responsibility to police or defend the peaceful uses of the internet?