View non-flash version
16 Maritime Reporter & Engineering News ? DECEMBER 2013 On February 12, 2013, Presi-dent Obama issued Execu-tive Order 13636 ? Improv-ing Critical Infrastructure Cybersecurity. Citing repeated elec- tronic intrusions into critical infrastruc-ture, the document states that it is the policy of the United States Govern-ment to increase the volume, timeli-ness, and quality of cyber threat infor- mation shared with U.S. private sector entities so that these entities may better protect and defend themselves against cyber threats. It directs the Secretary of Homeland Security (DHS), in co-ordination with Sector-Speci Þ c Agen- cies, to establish the Voluntary Critical Infrastructure Cybersecurity Program together with the owners and operators of critical infrastructure and other in-terested entities. If current regulatory requirements are deemed to be insuf-Þ cient to protect critical infrastructure from electronic intrusions, the Sector- SpeciÞ c Agencies are to propose priori- tized, risk-based, efÞ cient, and coordi- nated actions to mitigate cyber risk.The preÞ x ?cyber? is derived from a Greek adjective meaning skilled in steering or governing. The pre Þ x is commonly used in the computer and electronic context to denote control. Thus, cybersecurity means control of computer or electronic security. The National Institute for Standards and Technology (NIST) has developed a Preliminary Cybersecurity Frame-work (on the web at http://www.nist. gov/itl/upload/preliminary-cybersecu-rity-framework.pdf). It provides guid-ance to public and private organizations on managing cybersecurity risk. The objective is to encourage organizations to consider cybersecurity risk as a pri-ority similar to Þ nancial, safety, and op- erational risk, while factoring in larger systemic risks inherent to critical infra-structure.The DHS has established a Cybersecu-rity Training & Exercises Website (on the web at http://www.dhs.gov/cyber- security-training-exercises) to assist or- ganizations in becoming familiar with and staying current on cybersecurity threats and available countermeasures. The site itself, though, is frequently outdated.Of more relevance to the maritime community is the US Coast Guard cybersecurity site accessible through Homeport. I have to admit that I am not a fan of the Coast Guard?s broad use of the Homeport website. Few things on the site are directly accessible. To get to the cybersecurity site, go the Homeport (on the web at https://homeport.uscg.mil), then click on Maritime Security under Missions on the left side of the screen, and then click on Cybersecurity, the third topic down in the center of the new screen. The site provides access to a variety of background documents and links to other cyber-related websites. The National Infrastructure Protection Plan (NIPP), (available on the web at https://www.dhs.gov/sites/default/ Þ les/publications/NIPP_Plan.pdf), provides overall guidance regarding govern-ment efforts and recommendations for protection of critical infrastructure. Implementing that overall plan are 18 sector-speci Þ c plans, including the Transportation Systems Sector-Speci Þ c Plan (TSSSP), (available on the web at http://www.dhs.gov/xlibrary/assets/ nipp-ssp-transportation-systems-2010.pdf). In accordance with Presiden-tial Policy Directive 21 (PPD-21) on Critical Infrastructure Security and Resilience, the Department of Home-land Security and the Department of Transportation serve as co-chairs of the Transportation Systems Sector. The US Coast Guard advises the co-chairs on maritime issues. The Coast Guard has included cyber- security issues in its various Area Mari- time Security Plans. It also hosts the Cybersecurity Homeport Community. To join the Community, you must al- GOVERNMENT UPDATE Marine CybersecurityDennis L. Bryant, Maritime Regulatroy Consulting, Gainsville, Fla.t: 352-692-5493e: dennis.l.bryant@gmail.comThere is a growing threat to marine safety, security, and environmental protection from the over-reliance on electronics to accomplish operational tasks. MR #12 (10-17).indd 16MR #12 (10-17).indd 1611/27/2013 2:29:34 PM11/27/2013 2:29:34 PM