As informed, the NIST Cybersecurity Framework was developed in 2014 to address cybersecurity risk in a cost-effective way, based on business needs and without placing additional regulatory requirements on businesses. These profiles reflect how organizations align the NIST framework’s cybersecurity activities, outcomes, and informative references to organizational business requirements, risk tolerances, and resources. They outline a desired minimum state of cybersecurity and cyber risk management, and provide the opportunity to plan for future business decisions.
These two new profiles follow the November 2016 release of the Maritime Bulk Liquid Transfer cybersecurity framework profile, a voluntary cyber risk assessment tool developed in conjunction with the NIST as well as industry stakeholders. The series of industry profiles are the first of their kind for the marine transportation system sector, and they are the result of the coordination between the USCG Office of Port and Facility Compliance, the NIST’s National Cybersecurity Center of Excellence (NCCoE), key industry stakeholders, and trade associations.
One of the primary focuses of the Coast Guard and NCCoE during the development of these profiles was to ensure they were industry-focused and leveraged existing standards and recommended practices.
“The cybersecurity framework profiles are designed to assist organizations in assessing cyber risks, and offer guidance on how to allocate limited resources in order to improve their cyber resiliency. The Coast Guard hopes these profiles will assist organizations in answering these questions and help with mitigating concerns,” said Lt. Cmdr. Brandon Link, a marine safety expert in the Critical Infrastructure Branch within the Coast Guard’s Office of Port and Facility Compliance.
The Coast Guard anticipates working with the NCCoE on at least one additional profile addressing navigation and automated systems onboard vessels as well as facilities.