Adrian Johnson
TLDR:
– US Coast Guard issued new cyber-security regulations for US flagged vessels
– Industry feedback critical of burden, implementation, and lack of alignment to existing measures
In late February, the United States Coast Guard (USCG) issued a Notice of Proposed Rulemaking (NPRM) regarding cyber security for US flagged vessels. The proposed changes aim to establish minimum cybersecurity requirements for US-flagged vessels, facilities on the Outer Continental Shelf, and US facilities subject to regulations under the Maritime Transportation Security Act of 2002. Industry feedback on the new regulations has been critical, with concerns about the level of burden, practicality of implementation, and lack of alignment to existing measures.
Comments from affected parties highlighted the challenges for smaller companies with limited Information Technology (IT) departments, the need for risk-based plans, streamlined incident reporting, and rethinking the role of cyber-security officers on vessels. Companies like Maersk Line and Liberty Global Logistics offered detailed responses, suggesting improvements in clarity, efficiency, and alignment with existing programs to enhance cybersecurity posture without creating undue burdens.
Overall, the industry expresses concerns about the onerous nature of the new regulations, financial burdens, impractical timelines, and ultimate implementation challenges. The focus is on finding a balance between enhancing cybersecurity measures while ensuring feasibility and alignment with industry best practices.
