Strengthening Cybersecurity Information Sharing and Coordination in our Ports
Posted by John Crowley on October 30, 2017 3:55 PM EDT
The House of Representatives passed HR 3101, Strengthening Cybersecurity Information Sharing and Coordination in our Ports. How will this assist facility operators to be more effective in their efforts to be cyber secure?
The House of Representatives passed HR 3101, Strengthening Cybersecurity Information Sharing and Coordination in our Ports. The Senate is yet to pass a similar measure. It seems fair on its face that we should strengthen Cybersecurity in our ports. Sharing information as long as its not classified or proprietary in nature appears commendable. And, adding Cybersecurity within the scope of risk assessments and security planning required by the Maritime Transportation and Security Act seems at the very least to be timely.
Everything we do today seems dependent on the use of cyber systems (is this even a defined term?). That’s a lot of stuff! To borrow a phrase that can always be put to good use, ‘if everything’s important – nothing is important.’ Everyday, marine terminal operators focus on the specific business operation by which they move marine cargo, assess risks to that operation, and have a plan to minimize that risk. In short, they take action. I am sure they welcome efforts out of which that action will be more successful.
The goodness of national efforts at “strengthening Cybersecurity,” “assessing risks,” “sharing information,” and “planning to mitigate risks” will not be realized if focus is not brought to the task. What cyber tasks within the port are critical? Which risks demand this federal attention and will benefit from it? How are cyber risks different from cyber vulnerabilities? What information is actionable? When government sources are asked to share information, a common response is “we don’t know what is actionable,” does HR 3101 assist the marine terminal operator to be more effective in their “actions” with respect to Cybersecurity?
Maybe the more basic question is what our objective in adding these Cybersecurity requirements should be? When terminal operations were told to provide physical security for the video perimeter surveillance systems, the objective was clear and the requirement actionable. NAWE members are available to share their expertise with the Congress and the operating agencies in formulating clear objectives and actionable requirements.