The benefits of using Unmanned Aircraft Systems (UAS) for tasks from catastrophe response to infrastructure inspection to construction site monitoring, and everything in between, are great. ...19 May 2016
Cyber at Sea: House-Passed Legislation Signals Focus on Maritime Cybersecurity
The importance of a secure maritime sector is well understood. Ninety percent of global commerce moves by sea; approximately three quarters of U.S. commerce moves through ports and waterways, amounting to over $1.3 trillion in cargo annually. Cyber-based risk is now a significant concern. Many ports are highly automated, creating potential vulnerabilities to cyber attack. And, many modern vessels and their critical systems, such as propulsion systems, can send and receive data from shore-based facilities thousands of miles away. Disruption of trade, damage to physical property or persons, and even silent intelligence gathering to support smuggling operations or other objectives, are among the cyber risks facing the maritime sector.
In the United States, government agencies and Congress continue to emphasize the importance of protecting this sector from cyber risks. If enacted, the Act would:
- Require the Department of Homeland Security (DHS) to involve at least one information sharing and analysis organization to represent the maritime community in the government’s primary hub for cyber threat monitoring, planning and response coordination, the National Cybersecurity Communications and Integration Center;
- Require the development of guidelines for voluntary reporting of maritime-related cybersecurity risks and incidents;
- Mandate DHS to issue and maintain a maritime cybersecurity risk assessment model; and
- Require the U.S. Coast Guard to engage with relevant advisory committees to facilitate the sharing of cybersecurity risks and incidents to address port-specific cybersecurity risks.
Arguably, much of what is proposed in H.R. 3878 can be accomplished under DHS’ and the Coast Guard’s existing authorities. DHS’ maritime security authority derives from the Maritime Transportation Security Act of 2002 (MTSA) and the Security and Accountability for Every Port Act of 2006 (SAFE Port Act), which are implemented through regulation by the Coast Guard. This includes the authority to set requirements for shipping firms and port facilities. DHS also has robust authorities in cybersecurity across critical infrastructure sectors, including maritime, as outlined in the Homeland Security Act of 2002, Presidential Policy Directive 21, and various executive orders. These critical infrastructure-focused authorities were expanded to cybersecurity more generally via the National Cybersecurity Protection Act and FISMA Modernization Act, both enacted in December 2014, and again in December 2015, with the passage of CISA.
Other vital industries such as energy, aviation, and financial services have continued to invest in public-private partnerships, industry-level collaborations, and company-specific cybersecurity programs. The maritime sector is likely to come under increasing scrutiny of its actions and posture in this respect as well. The passage of H.R. 3878 is only the latest indication of the continued focus of key U.S. government authorities on the sector’s progress in this area.
The start of 2016 may thus be an opportune time to take stock and plan new efforts in maritime-sector cybersecurity in light of these recent developments.
The health sector is under siege with cybersecurity threats. Some of the largest announced cyber attacks in U.S. history have targeted organizations in the health industry. Regulators have...02 May 2016
Last week, the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) launched the long-awaited Phase 2 HIPAA Audit Program. Earlier this month, the agency posted...29 March 2016