Subscribe to our Mailing Lists (It's free!)
Friday, May 23, 2025
SAFETY4SEA
  • Home
  • Safety
    • All
    • Accidents
    • Alerts
    • Loss Prevention
    • Maritime Health
    • Regulation
    • Safety
    • Seafarers
    • Security
    seafarer

    CMCF: 86% of employers report difficulty recruiting

    NTSB

    NTSB Investigation: Unattended helm leads to grounding

    containership Norway

    Norwegian man wakes up to grounded containership in his garden

    NCSR 12

    IMO NCSR 12: Key outcomes

  • SEAFiT
    • All
    • Intellectual
    • Mental
    • Physical
    • Social
    • Spiritual
    Book Review: Building leaders the MMMA way

    Book Review: How to avoid a climate disaster

    mental health

    MOL takes step to enhance the mental health of its crew

    Book Review: Building leaders the MMMA way

    Book Review: The Art Of War

    relax

    In the calm lies the cure: Exploring the parasympathetic nervous system

  • Green
    • All
    • Arctic
    • Ballast
    • Emissions
    • Fuels
    • Green Shipping
    • Pollution
    • Ship Recycling
    • Technology
    Pacific Environment

    Pacific Environment: IMO’s carbon levy is a progress but more steps are needed

    Dutch-Canadian deal sees the establishment of green corridor

    Dutch-Canadian deal sees the establishment of green corridor

    US energy

    IGU World LNG Report: LNG trade grew by 2.4% in 2024

    estonia green retrofitting

    Estonia launches €25M grant to support green retrofitting of ships

  • Smart
    • All
    • Connectivity
    • Cyber Security
    • E-navigation
    • Energy Efficiency
    • Maritime Software
    • Smart
    cyber security

    CyberOwl raises alarm on phising and malware campaign

    Hong Kong

    Hong Kong launches smart port system for interconnectivity

    Port call optimization software gets nod by BV

    Port call optimization software gets nod by BV

    Cyberattacks

    Marlink: Stronger policy and user awareness against cyber threats

  • Risk
    • All
    • CIC
    • Detentions
    • Fines
    • PSC Focus
    • Vetting
    Malaysia

    Malaysia detains container ship for illegal anchoring

    estonia green retrofitting

    Estonia redirects maritime traffic following tanker detention by Russia

    PSC

    Black Sea MoU Annual Report: 4,587 inspections in 2024

    RISK4SEA unveils updated editions featuring worldwide data from the last 36M

    RISK4SEA unveils updated editions featuring worldwide data from the last 36M

  • Others
    • All
    • Diversity in shipping
    • Maritime Knowledge
    • Offshore
    • Ports
    • Shipping
    • Sustainability
    • Videos
    Baltic Exchange

    Baltic Exchange: Maritime market highlights 19-23 May

    Trump tariffs

    Xeneta: How the tariffs truce impacts transpacific shipping

    ocean economy

    Sustainable ocean economy could create 51 million jobs by 2050

    shanghai port

    Study finds port emissions on the rise despite initiatives

  • Columns
    bulk carrier

    Practical tips on the use of bulk carriers for transporting general cargo

    enclosed space

    IOMSR: Why urgent action is needed to improve enclosed space safety

    soft skills

    Soft skills training and development: Bridging the competency gap on the human element

    Trending Tags

    • Book Review
    • Career Paths
    • Human Performance
    • Industry Voices
    • Interviews
    • Maripedia
    • Maritime History
    • Regulatory Update
    • Resilience
    • Seafarers Stories
    • SeaSense
    • Training & Development
    • Wellness Corner
    • Wellness Tips
  • Events
  • Plus
No Result
View All Result
  • Home
  • Safety
    • All
    • Accidents
    • Alerts
    • Loss Prevention
    • Maritime Health
    • Regulation
    • Safety
    • Seafarers
    • Security
    seafarer

    CMCF: 86% of employers report difficulty recruiting

    NTSB

    NTSB Investigation: Unattended helm leads to grounding

    containership Norway

    Norwegian man wakes up to grounded containership in his garden

    NCSR 12

    IMO NCSR 12: Key outcomes

  • SEAFiT
    • All
    • Intellectual
    • Mental
    • Physical
    • Social
    • Spiritual
    Book Review: Building leaders the MMMA way

    Book Review: How to avoid a climate disaster

    mental health

    MOL takes step to enhance the mental health of its crew

    Book Review: Building leaders the MMMA way

    Book Review: The Art Of War

    relax

    In the calm lies the cure: Exploring the parasympathetic nervous system

  • Green
    • All
    • Arctic
    • Ballast
    • Emissions
    • Fuels
    • Green Shipping
    • Pollution
    • Ship Recycling
    • Technology
    Pacific Environment

    Pacific Environment: IMO’s carbon levy is a progress but more steps are needed

    Dutch-Canadian deal sees the establishment of green corridor

    Dutch-Canadian deal sees the establishment of green corridor

    US energy

    IGU World LNG Report: LNG trade grew by 2.4% in 2024

    estonia green retrofitting

    Estonia launches €25M grant to support green retrofitting of ships

  • Smart
    • All
    • Connectivity
    • Cyber Security
    • E-navigation
    • Energy Efficiency
    • Maritime Software
    • Smart
    cyber security

    CyberOwl raises alarm on phising and malware campaign

    Hong Kong

    Hong Kong launches smart port system for interconnectivity

    Port call optimization software gets nod by BV

    Port call optimization software gets nod by BV

    Cyberattacks

    Marlink: Stronger policy and user awareness against cyber threats

  • Risk
    • All
    • CIC
    • Detentions
    • Fines
    • PSC Focus
    • Vetting
    Malaysia

    Malaysia detains container ship for illegal anchoring

    estonia green retrofitting

    Estonia redirects maritime traffic following tanker detention by Russia

    PSC

    Black Sea MoU Annual Report: 4,587 inspections in 2024

    RISK4SEA unveils updated editions featuring worldwide data from the last 36M

    RISK4SEA unveils updated editions featuring worldwide data from the last 36M

  • Others
    • All
    • Diversity in shipping
    • Maritime Knowledge
    • Offshore
    • Ports
    • Shipping
    • Sustainability
    • Videos
    Baltic Exchange

    Baltic Exchange: Maritime market highlights 19-23 May

    Trump tariffs

    Xeneta: How the tariffs truce impacts transpacific shipping

    ocean economy

    Sustainable ocean economy could create 51 million jobs by 2050

    shanghai port

    Study finds port emissions on the rise despite initiatives

  • Columns
    bulk carrier

    Practical tips on the use of bulk carriers for transporting general cargo

    enclosed space

    IOMSR: Why urgent action is needed to improve enclosed space safety

    soft skills

    Soft skills training and development: Bridging the competency gap on the human element

    Trending Tags

    • Book Review
    • Career Paths
    • Human Performance
    • Industry Voices
    • Interviews
    • Maripedia
    • Maritime History
    • Regulatory Update
    • Resilience
    • Seafarers Stories
    • SeaSense
    • Training & Development
    • Wellness Corner
    • Wellness Tips
  • Events
  • Plus
No Result
View All Result
SAFETY4SEA

USCG: FAQ to address cyber risks

by The Editorial Team
May 10, 2022
in Cyber Security
SeaSense
FacebookTwitterEmailLinkedin

The US Coast Guard published a list of Frequently Asked Questions (FAQ) related to navigation and Vessel Inspection Circular (NVIC) 01-20, Guidelines for Addressing Cyber Risks at Maritime Transportation Security Act (MTSA) Regulated Facilities.

Since October 1st, 2021, Maritime Transportation Security Act-regulated facilities have been incorporating cyber into their Facility Security Assessments (FSA) and Facility Security Plans (FSP) as part of their annual audit. Facilities still working on this aspect of their FSA and FSP should ensure that they are cognizant of their annual audit date, or engage in discussions with their local Captain of the Port to ensure the submissions are received prior to October 1st, 2022.

[smlsubform prepend=”GET THE SAFETY4SEA IN YOUR INBOX!” showname=false emailtxt=”” emailholder=”Enter your email address” showsubmit=true submittxt=”Submit” jsthanks=false thankyou=”Thank you for subscribing to our mailing list”]

RelatedNews

CyberOwl raises alarm on phising and malware campaign

CMCF: 86% of employers report difficulty recruiting

The Coast Guard previously published Navigation and Vessel Inspection Circular (NVIC) 01-20: Guidelines for Addressing Cyber Risks at MTSA Regulated Facilities as voluntary guidance for complying with MTSA requirements for addressing cyber risks.  As part of that messaging, the Coast Guard published a Frequently Asked Questions (FAQ) document supporting the NVIC and cyber inclusion in FSPs.

As the Coast Guard continues to work with its Facility Inspectors in the field, as well as maritime industry stakeholders, we will continue to update these FAQs based on feedback.  In keeping with this goal, the Coast Guard announces the availability of updated FAQs

…says the Coast Guard.

Q: Is the Navigation and Vessel Inspection Circular (NVIC) 01-20 a new regulation or new requirement?

No. NVIC 01-20 is not a regulation. It is intended only to provide clarity regarding existing requirements under the law. It does not change any legal requirements, and does not impose new requirements on the public. This NVIC provides guidance to facility owners and operators in complying with the existing regulatory requirements to assess, document, and address computer system or network vulnerabilities.

Not all recommendations will apply to all facilities, depending on individual facility operations. Facility owners and operators may use a different approach than this NVIC recommends, if that approach satisfies the legal requirements.

EXPLORE MORE AT USCG’S CIRCULAR ON CYBER RISKS

Q: Are there approved standards or third parties that can help with training, education, etc.? 

While the Coast Guard does not maintain a list of recommended third parties to help with training and education, facilities are welcome to seek out third parties that are qualified and working independently to provide training, education, and other services regarding the assessment and implementation of cyber in the FSAs, FSPs, and Alternative Security Programs (ASPs), as well as general facility operations.

Additionally, there are numerous cybersecurity standards that may assist in incorporation of cybersecurity and cyber risk management into the FSA, FSP, and operations. Currently there is not a Coast Guard-approved list of cybersecurity standards, though the NIST Cybersecurity Framework is one example that has been widely utilized.

Q: Do MTSA facilities have to rewrite their FSP? 

No. If the FSA identifies a vulnerability to the computer system or network that is not already addressed in the FSP, the FSP needs to be amended to address that vulnerability and submitted to the Local Captain of the Port (COTPs) for review and approval. The Coast Guard will accept an annex, addendum, or other method identified by the facility owner/operator so long as the requirements within regulation are met. A complete rewrite is not necessary, unless the facility owner/operator prefers that approach.

Q: Does a form CG-6025 for Facility Vulnerability and Security Measures Summary need to be submitted? 

Yes. The requirements for submission of form CG-6025 remain unchanged in light of the incorporation of cyber into the FSA and FSP. In accordance with 33 Code of Federal Regulations Part 105.405(a)(18) and (c), the Facility Vulnerability and Security Measures Summary, Form CG-6025) is required.

Q: What is the deadline for updating FSA and FSPs to address computer systems and networks? 

The Coast Guard allowed a 1.5 year implementation period of the cybersecurity requirement, which ended on 09/30/2021. Facility owners and operators who already address cybersecurity in their FSAs and FSPs or ASPs should continue doing so, while considering whether the guidance in NVIC 01-20 can improve their ongoing practices. As of 10/01/2021, facilities are required to submit a cybersecurity FSA and FSP/ASP amendments or annexes by the facility’s annual audit date, based on the facility’s FSP/ASP approval date.

Captains of the Port still have the flexibility based on resource demands, or based upon request from a facility, to adjust when submissions are received, as long as all facility FSA and FSP/ASP submissions are received by the end of the one-year period, no later than 10/01/2022.

Q: A facility has incorporated cybersecurity into their FSA/FSP but the COTP has determined that cybersecurity is not adequately addressed. Should a discrepancy be issued to the facility? 

The implementation period should have provided industry time to evaluate and incorporate cybersecurity into their FSA and FSP. FSOs, Facility owners and operators should be engaged in discussion with their COTP to work towards acceptable documentation. Discrepancies are not recommended at this time, though the COTP ultimately has the responsibility to ensure the safety and security of the port.

As a reminder, FSA and FSP/ASP cyber annex/addendums need to be submitted by the facility’s annual audit date to COTPs but no later than 10/01/2022. After 10/1/2022, discrepancies will follow the same regulatory author as with physical security discrepancies.

Q: Why focus on this now? 

Per the National Cyber Strategy (September 2018), maritime cybersecurity is of particular concern because lost or delayed shipments can result in strategic economic disruptions and potential spillover effects on downstream industries and the supply chain.

Given the criticality of maritime transportation to the United States and global economy, the United States will move quickly to clarify maritime cybersecurity roles and responsibilities; promote and enhance mechanisms for international coordination and information sharing; and accelerate the development of next-generation cyber-resilient maritime infrastructure. To this end, the Coast Guard has worked closely with industry and other government agencies to provide guidance on complying with cybersecurity requirements for MTSA regulated facilities.

Since the 2018 National Cyber Strategy, the Coast Guard Cyber Strategic Outlook (CSO) was published in 2021, which involves three lines of effort to address cybersecurity issues:

#1 Defend and operate the enterprise mission platform,

#2 Protect the Marine Transportation and

#3 Operate in and through cyberspace.

Q: Does this NVIC address cybersecurity for vessels? 

No. This NVIC addresses cybersecurity for facilities. The Coast Guard is currently developing separate guidance to address cybersecurity on board vessels.

Q: What cyber training or resources does the Coast Guard recommend to Facility Security Officers (FSO) and other facility security personnel for implementation of NVIC 01-20?

At this time, there are no Coast Guard approved or recommended cyber training(s) for FSOs. FSOs and facility owner/operators are encouraged to seek out and build relationships within their company’s IT/technical staffs to continue bridging the cyber knowledge and awareness gaps and to further assist in identifying potential cyber vulnerabilities.

Q: What if a MTSA facility’s IT system is controlled remotely, such as at the corporate or enterprise level (not at the facility itself)? In this circumstance, how does the facility owner/operator or FSO adequately identify cyber vulnerabilities within their FSA, and then also address those vulnerabilities within their FSP? 

The facility owner/operator or FSO should determine who within their company is responsible for their IT network and systems. It is common, especially within larger organizations, for a facility’s IT systems be controlled and managed by an IT department at the corporate or enterprise level. Historically, IT staff/department may not have had significant engagement or interaction with FSOs or facility level operators/managers. However, this engagement is highly encouraged to adequately conduct the cyber portion of a facility’s FSA, and to address cyber vulnerabilities at a facility.

Once the FSO, facility owner/operator, and IT staff have jointly identified which vulnerabilities may impact a given facility, and at what level (corporate/enterprise, local, etc.), the FSO should then work with those IT individuals to determine how those vulnerabilities would then need to be addressed within the FSP cyber annex/addendum (in other words, conduct cyber portion of FSA/incorporate cyber into the FSA). For example, an FSO may determine with the assistance of the company’s IT personnel that certain IT policies or plans be included or referenced within the FSP to address known vulnerabilities.

VIEW MORE ON US COAST GUARD’S FAQ

USCG: FAQ to address cyber risksUSCG: FAQ to address cyber risks
USCG: FAQ to address cyber risksUSCG: FAQ to address cyber risks
Tags: cyber securityFAQsmaritime securityreportsUSCG
Previous Post

How ESG affects shipping: Key challenges

Next Post

5 ways that ships threaten marine ecosystems

Related News

US energy
Fuels

IGU World LNG Report: LNG trade grew by 2.4% in 2024

May 23, 2025
shanghai port
Emissions

Study finds port emissions on the rise despite initiatives

May 23, 2025
Britannia Club
Alerts

Britannia Club: Stowaway incidents remain high

May 22, 2025
un maritime security
Security

UN Sec-Gen: Without maritime security, there can be no global security

May 22, 2025
Safer Seas Digest
Accidents

NTSB: Safer Seas Digest 2024

May 22, 2025
Cyberattacks
Cyber Security

Marlink: Stronger policy and user awareness against cyber threats

May 21, 2025

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Explore more

No Result
View All Result
MARITIME EVENTS

Explore

  • Safety
  • SEAFiT
  • Green
  • Smart
  • Risk
  • Others
  • SAFETY4SEA Events
  • SAFETY4SEA Plus Subscription

Useful Links

  • About
  • Disclaimer
  • Editorial Policies
  • Advertising
  • Content Marketing
  • Contact

© 2025 SAFETY4SEA

No Result
View All Result
  • Safety
    • Accidents
    • Alerts
    • Loss Prevention
    • Maritime Health
    • Regulation
    • Safety
    • Seafarers
    • Security
  • SEAFiT
    • Intellectual
    • Mental
    • Physical
    • Social
    • Spiritual
  • Green
    • Arctic
    • Ballast
    • Emissions
    • Fuels
    • Green Shipping
    • Pollution
    • Ship Recycling
    • Technology
  • Smart
    • Connectivity
    • Cyber Security
    • E-navigation
    • Energy Efficiency
    • Maritime Software
    • Smart
  • Risk
    • CIC
    • Detentions
    • Fines
    • PSC Case Studies
    • PSC Focus
    • Vetting
  • Others
    • Diversity in shipping
    • Maritime Knowledge
    • Offshore
    • Ports
    • Shipping
    • Sustainability
    • Videos
  • Columns
    • Book Review
    • Career Paths
    • Human Performance
    • Industry Voices
    • Interviews
    • Maripedia
    • Maritime History
    • Opinions
    • Regulatory Update
    • Resilience
    • Seafarers Stories
    • SeaSense
    • Tip of the day
    • Training & Development
    • Wellness Corner
    • Wellness Tips
  • SAFETY4SEA Events
  • SAFETY4SEA Plus Subscription

© 2025 SAFETY4SEA

Manage your privacy
We use technologies like cookies to store and/or access device information. We do this to improve browsing experience and to show (non-) personalized ads. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage {vendor_count} vendors Read more about these purposes
Manage options
{title} {title} {title}
No Result
View All Result
  • Safety
    • Accidents
    • Alerts
    • Loss Prevention
    • Maritime Health
    • Regulation
    • Safety
    • Seafarers
    • Security
  • SEAFiT
    • Intellectual
    • Mental
    • Physical
    • Social
    • Spiritual
  • Green
    • Arctic
    • Ballast
    • Emissions
    • Fuels
    • Green Shipping
    • Pollution
    • Ship Recycling
    • Technology
  • Smart
    • Connectivity
    • Cyber Security
    • E-navigation
    • Energy Efficiency
    • Maritime Software
    • Smart
  • Risk
    • CIC
    • Detentions
    • Fines
    • PSC Case Studies
    • PSC Focus
    • Vetting
  • Others
    • Diversity in shipping
    • Maritime Knowledge
    • Offshore
    • Ports
    • Shipping
    • Sustainability
    • Videos
  • Columns
    • Book Review
    • Career Paths
    • Human Performance
    • Industry Voices
    • Interviews
    • Maripedia
    • Maritime History
    • Opinions
    • Regulatory Update
    • Resilience
    • Seafarers Stories
    • SeaSense
    • Tip of the day
    • Training & Development
    • Wellness Corner
    • Wellness Tips
  • SAFETY4SEA Events
  • SAFETY4SEA Plus Subscription

© 2025 SAFETY4SEA