Skip to Content

Notice

Guidance on Maritime Cybersecurity Standards

Document Details

Information about this document as published in the Federal Register.

Enhanced Content

Relevant information about this document from Regulations.gov provides additional context. This information is not part of the official Federal Register document.

Published Document

This document has been published in the Federal Register. Use the PDF linked in the document sidebar for the official electronic format.

Start Preamble

AGENCY:

Coast Guard, DHS.

ACTION:

Notice of public meeting and request for comments.

SUMMARY:

The U.S. Coast Guard announces a public meeting to be held in Washington, DC, to receive comments on the development of cybersecurity assessment methods for vessels and facilities regulated by the Coast Guard. This meeting will provide an opportunity for the public to comment on development of security assessment methods that assist vessel and facility owners and operators identify and address cybersecurity vulnerabilities that could cause or contribute to a Transportation Security Incident. The Coast Guard will consider these public comments in developing relevant guidance, which may include standards, guidelines, and best practices to protect maritime critical infrastructure.

DATES:

The meeting will be held on Thursday, January 15, 2015 from 9:00 a.m. to 12:00 p.m. The deadline to reserve a seat is Monday, January 5, 2015. All written comments and related material must either be submitted to the online docket via http://www.regulations.gov on or before January 29, 2015 or reach the Docket Management Facility by that date.

ADDRESSES:

The public meeting will be held at the Department of Transportation Headquarters, Oklahoma Room, 1200 New Jersey Avenue SE., Washington, DC 20590; the building telephone number is 202-366-1035. The building is accessible by taxi, public transit, and privately-owned conveyance. However, public parking in the vicinity of the building is extremely limited. Meeting participants are encouraged to use mass transit.

Seating is limited, so please reserve a seat as soon as possible, but no later than January 5, 2015. To reserve a seat, please email Josephine.A.Long@uscg.mil with the participant's first and last name for all U.S. Citizens, and additionally, official title, date of birth, country of citizenship, and passport number with expiration date for non-U.S. Citizens. To gain entrance to the Department of Transportation Headquarters building, all meeting participants must present government-issued photo identification (e.g., state-issued driver's license). If a visitor does not have a photo ID, that person will not be permitted to enter the facility. All visitors and any items brought into the facility will be required to go through security screening each time they enter the building.

The Coast Guard will provide a live video feed of the meeting. To access the video feed, email a request to LT Josephine Long at Josephine.A.Long@uscg.mil no later than January 13, 2015.

The docket for this notice is available for inspection or copying at the Docket Management Facility (M-30, U.S. Department of Transportation, West Building Ground Floor, Room W12-140, 1200 New Jersey Avenue SE., Washington, DC 20590, between 9 a.m. and 5 p.m., Monday through Friday, except Federal holidays. You may also find this docket on the Internet by going to http://www.regulations.gov, entering USCG-2014-1020 in the search box and following the instructions.

Written comments may also be submitted in response to this notice. All written comments and related material submitted before or after the meeting must either be submitted to the online docket via http://www.regulations.gov on or before January 29, 2015 or reach the Docket Management Facility by that date. You may submit written comments identified by docket number USCG-2014-1020 before or after the meeting using any one of the following methods:

(1) Federal eRulemaking Portal: http://www.regulations.gov.

(2) Fax: 202-372-1990.

(3) Mail: Docket Management Facility (M-30), U.S. Department of Transportation, West Building Ground Floor, Room W12-140, 1200 New Jersey Avenue SE., Washington, DC 20590-0001.

(4) Hand delivery: Same as mail address above, between 9 a.m. and 5 p.m., Monday through Friday, except Federal holidays. The telephone number is 202-366-9329.

To avoid duplication, please use only one of these four methods.

The Coast Guard will post a video recording and written summary of the meeting to the docket.

Start Further Info

FOR FURTHER INFORMATION CONTACT:

If there are questions concerning this meeting, please call or email LT Josephine Long, Coast Guard at 202-372-1109 or via email at Josephine.A.Long@uscg.mil or LCDR Joshua Rose, Coast Guard; at 202-372-1106 or via email at Joshua.D.Rose@uscg.mil. If there are questions on viewing or submitting material to the docket, call Ms. Cheryl Collins, Program Manager, Docket Operations, telephone 202-366-9826.

End Further Info End Preamble Start Supplemental Information

SUPPLEMENTARY INFORMATION:

Background and Purpose

On February 12, 2013, the President signed Executive Order (E.O.) 13636 “Improving Critical Infrastructure Cybersecurity.” The E.O. provided the national approach to protecting critical infrastructure cybersecurity and directed federal agencies to assess cyber risk to critical infrastructure. Pursuant to E.O. 13636, the National Institute of Standards and Technology (NIST) developed a voluntary Preliminary Cybersecurity Framework,[1] followed by the February 12, 2014 publication of a Framework for Improving Critical Infrastructure Cybersecurity [2] (Cybersecurity Framework). The Cybersecurity Framework serves to help industry stakeholders reduce their cyber risk and vulnerabilities. The Coast Guard encourages vessel and facility owners and operators to adopt the Cybersecurity Framework voluntarily to achieve a minimum standard of cybersecurity protection.

Section 7(d) of E.O. 13636 states that in developing the Cybersecurity Framework, the Director of NIST “shall engage in an open public review and comment process” and consult with stakeholders including owners and operators of critical infrastructure. Start Printed Page 73897Similarly, the Coast Guard will host this public meeting to engage the public and obtain comments to assist in the drafting of procedures to enable operators of vessels and facilities regulated pursuant to the Maritime Transportation Security Act of 2002 (MTSA) to identify and address cybersecurity risks that could result in a Transportation Security Incident (TSI).[3] This may include standards, guidelines, and best practices to protect maritime critical infrastructure. The meeting will include the following topics:

(1) Identify: What cyber dependent systems perform vital functions that are addressed in MTSA requirements, such as access control, cargo control, and communications?

(2) Protect: What standards are suitable to ensure the integrity of these systems?

(3) Detect: What procedures are available to owners and operators to detect cyber intrusions that could compromise the integrity of vital systems or contribute to a TSI?

(4) Respond: What response and notification procedures can minimize the consequences of cyber events?

(5) Recover: What procedures can owners and operators take to promote rapid maritime transportation system recovery after a cyber incident?

In addition to the topics outlined above, the Coast Guard is posting several supplemental documents to the online docket for this notice. The supplemental documents provide additional background information that may be useful for the public to consider in formulating comments. We encourage individuals interested in participating in the public meeting and/or submitting comments to the docket to review the supplemental documents. To view the supplemental documents and other documents mentioned in this notice as available in the docket, please follow the instructions described above in the ADDRESSES section. If you do not have access to the Internet, you may view the docket online by visiting the Docket Management Facility in Room W12-140 on the ground floor of the Department of Transportation West Building, 1200 New Jersey Avenue SE., Washington, DC 20590, between 9 a.m. and 5 p.m., Monday through Friday, except Federal holidays. The Coast Guard has an agreement with the Department of Transportation to use the Docket Management Facility.

The Coast Guard encourages the public to participate by submitting comments either in person at the meeting or in writing. The public may submit written comments to Coast Guard personnel at the meeting. The Coast Guard will post these comments to the online public docket. All comments received will be posted without change to http://www.regulations.gov and will include any personal information you have provided.

Privacy Act

Anyone can search the electronic form of comments received into any of the dockets by the name of the individual submitting the comment (or signing the comment, if submitted on behalf of an association, business, labor union, etc.). There is a Privacy Act notice regarding the public dockets for review in the January 17, 2008, issue of the Federal Register (73 FR 3316).

Information on Services for Individuals With Disabilities

For information on facilities or services for individuals with disabilities or to request special assistance at the public meeting, contact LT Josephine Long at the telephone number or email address indicated under the FOR FURTHER INFORMATION CONTACT section of this notice.

Authority

This notice is issued under the authority of 5 U.S.C. 552(a).

Start Signature

Dated: December 3, 2014.

Andrew Tucci,

Chief, Office of Port & Facility Compliance, U.S. Coast Guard.

End Signature End Supplemental Information

Footnotes

1.  The Preliminary Cybersecurity Framework is available for viewing online at http://www.nist.gov/​itl/​upload/​preliminary-cybersecurity-framework.pdf.

Back to Citation

2.  The Framework for Improving Critical Infrastructure Cybersecurity is available for viewing online at http://www.nist.gov/​cyberframework/​upload/​cybersecurity-framework-021214.pdf.

Back to Citation

3.  A Transportation Security Incident is defined in 33 CFR 101.105 to mean a security incident resulting in a significant loss of life, environmental damage, transportation system disruption, or economic disruption in a particular area.

Back to Citation

[FR Doc. 2014-29205 Filed 12-11-14; 8:45 am]

BILLING CODE 9110-04-P