In a bid to bolster security measures within the maritime industry, the U.S. Coast Guard has released Navigation and Vessel Inspection Circular No. 02-24 (NVIC 02-24) on February 21, 2024. This circular outlines comprehensive guidance for compliance with reporting requirements concerning Breaches of Security (BOS), Suspicious Activity (SA), Transportation Security Incidents (TSI), and Cyber Incidents.
Under the provisions of this NVIC, U.S. Coast Guard Captains of the Port (COTP), Area Maritime Security Committees (AMSC), Maritime Transportation Security Act (MTSA)-regulated entities, and other stakeholders within the Maritime Transportation System (MTS) are mandated to adhere to the prescribed reporting protocols for cyber incidents as stipulated in Part 6 of Title 33 of the Code of Federal Regulations (33 CFR Part 6).
Furthermore, the Executive Order issued on the same day, titled “Amending Regulations Relating to the Safeguarding of Vessels, Harbors, Ports, and Waterfront Facilities of the United States,” introduced a crucial definition for “cyber incident” and imposed an obligation to report any evidence of actual or impending cyber incidents involving or posing a threat to vessels, harbors, ports, or waterfront facilities to pertinent authorities, including the Coast Guard, the Federal Bureau of Investigation (FBI), and the Cybersecurity and Infrastructure Security Agency (CISA).
This move comes in response to the escalating use of networked technology within the maritime sector, which while enhancing operational efficiencies, also escalates the risk landscape, exposing MTS stakeholders and MTSA-regulated entities to vulnerabilities through telecommunications equipment, computers, and networks.
Highlighting the critical nature of cyber security, the Coast Guard emphasizes the potential implications of cyber threats, especially in conjunction with physical attacks. MTS stakeholders are urged to remain vigilant and consider the possibility of cyber incidents serving as precursors to more sinister activities.
Acknowledging the complexity of discerning the targets and motives behind malicious cyber activities, the Coast Guard strongly advises MTS stakeholders to adopt measures to minimize, monitor, mitigate, and ideally sever any connections between business and administrative systems and operational, industrial control, and security systems.
With these new guidelines in place, the maritime industry is poised to enhance its resilience against cyber threats, ensuring the safety and security of the Maritime Transportation System in the face of evolving risks. Stay tuned for further updates as the industry continues to fortify its cyber defenses in the pursuit of safeguarding critical infrastructure and maritime assets.
Loading...
Reload document 
Open in new tab 
The 
It doesn’t seem to mention seaport cranes. Given the number of modems found in nearly every Chinese manufactured crane, this seems curious why this critical piece of infrastructure is not being considered.
Your comment is absolutely right. Cranes in ports are exposed to various cyber risks, and it is required to take appropriate precautions. My assumption is that cranes may not have been mentioned in the published circular because it might be challenging to take preventive measures against the cyber risks associated with OT equipment in ports. I do not believe that it has been overlooked.