Cyber Regulations: In March of 2020, the Coast Guard released Navigation and Vessel Inspection Circular (NVIC) 01-20 titled “Guidelines for Addressing Cyber Risks at MTSA Regulated Facilities”. This NVIC clarifies the existing Maritime Transportation Security Act (MTSA) requirements related to computer system and network vulnerabilities of MTSA-regulated facilities. It provides owners and operators of facilities with guidance on how to analyze these vulnerabilities in their required Facility Security Assessment (FSA) and address them in the Facility Security Plan (FSP).During Fiscal Year 2022, MTSA regulated facilities are reminded they shall implement cybersecurity amendments into their FSAs and FSPs during their annual audit date. The Captain of the Port (COTP) may adjust when submissions are received based on resource demands or upon request from a facility, as long as all facility FSA and FSP submissions are received no later than October 1, 2022. Commandant (CG-FAC) will maintain review and approval responsibilities for Alternative Security Plans. Although the MTSA regulations in 33 CFR parts 105 and 106 are mandatory, it is up to each facility to determine how to identify, assess, and address the vulnerabilities of their computer systems and networks. NVIC 01-20 and the NVIC 01-20 Frequently Asked Questions contain helpful methods to enable facilities to comply with its provisions. Currently there is no Coast Guard approved list of cybersecurity standards. Per NVIC 01-20, Section 3.b, the Coast Guard encourages owners and operators to apply the standards of the National Institute of Standards and Technology (NIST) Cybersecurity Framework and the NIST Special Publication 800-82 to improve a facility’s cyber posture.Cyber FSP amendments may be submitted via mail or email to:
1) Sector New Orleans: U.S. Coast Guard, 200 Hendee St., New Orleans, LA 70114, Attn: Facility Compliance Branch or: FacilitiesNOLA@uscg.mil.
2) MSU Baton Rouge: 6041 Crestmount Dr. Baton Rouge, LA 70809 or: D08-SG-MSUBatonRouge-Respone-Facilities@uscg.mil
Email: Security Plan Amendments are Sensitive Security Information and shall be sent encrypted with the password sent separately in accordance with 49 CFR 1520.
Cyber Support: The Coast Guard’s Maritime Cyber Readiness Branch, Cyber Protection Teams (CPT) consist of cybersecurity professionals who are trained and certified in delivering the four core CPT services: Assess, Hunt, Clear, and Harden. MTSA Facilities are encouraged to familiarize themselves with CPT capabilities and contact the CPT directly at maritimecyber@uscg.mil to discuss service details and what CPT can do for your organization. While request are prioritized based on time, nature, and criticality, services can be done onsite or remotely at no cost to the facility.
The Cybersecurity and Infrastructure Security Agency (CISA) strengthens the security and resilience of cyberspace, an important homeland security mission. CISA offers a wide array of various no-cost and cost services through their online catalog. The catalog is interactive, allowing users to filter quickly and hone in on applicable services.
Cyber Reporting: All facilities are reminded to follow the reporting requirements outlined in 33 CFR 101.305 and in CG-5P Policy Letter No. 08-16 to notify the COTP and the National Response Center (NRC) of any cyber related suspicious activities and breaches of security. The NRC can be contacted at 800-424-8802.
For further questions or information, please contact Sector New Orleans Facility Compliance Branch: (504) 329-2370 or MSU Baton Rouge: (225) 298-5400.
