The U.S. Coast Guard will implement an updated rule starting on July 16 to better protect the country’s marine transportation system against existing and emerging cyberthreats.
The new rule will impose minimum cybersecurity requirements for U.S.-flagged vessels, outer continental shelf facilities and other facilities subject to the Maritime Transportation Security Act of 2002, USCG said in a Friday notice on Federal Register. It aims to help vessel and maritime facility operators detect risks and address cybersecurity incidents.
Table of Contents
Addressing Cybersecurity Incidents
The final rule requires operators to establish a cybersecurity plan that includes account and device security measures and documentation for a cyber incident response program. The latter should outline instructions for resolving a security breach and identify personnel’s roles and responsibilities during the event.
The rule also directs owners and operators to appoint a cybersecurity officer tasked to ensure that the required measures are implemented. In addition, the officer will ensure that the cybersecurity plans are updated and arrange site inspections and cyber training for vessel and facility personnel.
Seeking Public Comments
Before the cyber requirements take effect, the USCG is inviting the public to comment on a potential delay of two to five years in the rule’s implementation period for U.S.-flagged vessels. Feedback will be accepted until March 18.