USCG updates cyber compliance timeline for non-SMS vessels

The United Sates Coast Guard (USCG) has updated its cyber rules to include a compliance timeline and inspection process for Non Safety Management System vessels, with a deadline at the end of this year.

The Coast Guard Office of Commercial Vessel Compliance updated its Vessel Cyber Risk Management Work Instruction with the new timeline, which applies to ships that do not require Safety Management Systems subject to the Marine Transportation Safety Act of 2002.

These vessels are required to address cybersecurity vulnerabilities within their Vessel Security Assessment no later than December 31, 2021, USCG says.

The document highlights the basic questions to be asked by Marine Inspectors during Maritime Transportation Security Act (MTSA) verification procedures, the first of which is to query whether the ship’s Vessel Security Plan (VSP) addresses measures taken to address cybersecurity vulnerabilities and whether those measures are now in place.

If those measures have not been highlighted in the plan and put into practice the issue may be escalated with the designated Company Security Officer, and could result in a ‘Security Violation’ deficiency being recorded.

Inspectors may also ask for a report of any cybersecurity events experienced by the vessel within the past 12 months, examples of which are listed in the guidance note.

These include intrusions into communications equipment, computer, and networked systems linked to security plan functions (e.g., access control, cargo control, monitoring), unauthorised root or administrator access to security and industrial control systems, successful phishing attempts or malicious insider activity that could allow outside entities access to internal IT systems.

Details of any instances of viruses, Trojan Horses or “other malicious software that have a widespread impact or adversely affect one or more on-site mission critical servers that are linked to security plan functions” can also be requested.

The full updated USCG document is available here.

Share this story

About the Author

Picture of Rob O'Dwyer
Rob O'Dwyer

Rob is Chief Network Officer and one of the founders of Smart Maritime Network. He also serves as Chairman of the Smart Maritime Council. Rob has worked in the maritime technology sector since 2005, managing editorial for a range of leading publications in the transport and logistics sector. Get in touch by email by clicking here, or on LinkedIn by clicking here.

Further Reading

News Archive