New Maritime Cyber Security Guidelines Released by U.S. Coast Guard

In a bid to bolster security measures within the maritime industry, the U.S. Coast Guard has released Navigation and Vessel Inspection Circular No. 02-24 (NVIC 02-24) on February 21, 2024. This circular outlines comprehensive guidance for compliance with reporting requirements concerning Breaches of Security (BOS), Suspicious Activity (SA), Transportation Security Incidents (TSI), and Cyber Incidents.

Under the provisions of this NVIC, U.S. Coast Guard Captains of the Port (COTP), Area Maritime Security Committees (AMSC), Maritime Transportation Security Act (MTSA)-regulated entities, and other stakeholders within the Maritime Transportation System (MTS) are mandated to adhere to the prescribed reporting protocols for cyber incidents as stipulated in Part 6 of Title 33 of the Code of Federal Regulations (33 CFR Part 6).

Furthermore, the Executive Order issued on the same day, titled “Amending Regulations Relating to the Safeguarding of Vessels, Harbors, Ports, and Waterfront Facilities of the United States,” introduced a crucial definition for “cyber incident” and imposed an obligation to report any evidence of actual or impending cyber incidents involving or posing a threat to vessels, harbors, ports, or waterfront facilities to pertinent authorities, including the Coast Guard, the Federal Bureau of Investigation (FBI), and the Cybersecurity and Infrastructure Security Agency (CISA).

This move comes in response to the escalating use of networked technology within the maritime sector, which while enhancing operational efficiencies, also escalates the risk landscape, exposing MTS stakeholders and MTSA-regulated entities to vulnerabilities through telecommunications equipment, computers, and networks.

Highlighting the critical nature of cyber security, the Coast Guard emphasizes the potential implications of cyber threats, especially in conjunction with physical attacks. MTS stakeholders are urged to remain vigilant and consider the possibility of cyber incidents serving as precursors to more sinister activities.

Acknowledging the complexity of discerning the targets and motives behind malicious cyber activities, the Coast Guard strongly advises MTS stakeholders to adopt measures to minimize, monitor, mitigate, and ideally sever any connections between business and administrative systems and operational, industrial control, and security systems.

With these new guidelines in place, the maritime industry is poised to enhance its resilience against cyber threats, ensuring the safety and security of the Maritime Transportation System in the face of evolving risks. Stay tuned for further updates as the industry continues to fortify its cyber defenses in the pursuit of safeguarding critical infrastructure and maritime assets.

Loader Loading...
EAD Logo Taking too long?
Reload Reload document
| Open Open in new tab

Download [149.28 KB]

11 March 2024
Inline Feedbacks
View all comments
Michael Thomas
Michael Thomas
10 March 2024 22:11

It doesn’t seem to mention seaport cranes. Given the number of modems found in nearly every Chinese manufactured crane, this seems curious why this critical piece of infrastructure is not being considered.

LOGINSIGN UPHOMEPlease login to access the content.

If you are not a member, you can access all contents
on Cyber Onboard with a free membership.
Go Back