April 2017 Digital Edition

Click Here

March 2017 Digital Edition

Click Here

Feb. 2017 Digital Edition

Click Here

January 2017 Digital Edition

Click Here

Nov/Dec 2016 Digital Edition

Click Here

Oct 2016 Digital Edition

Click Here

Technology Sectors

Market Sectors

New Cybersecurity Framework “Profile” to Help Ensure Safe Transfer of Hazardous Liquids at Ports

The U.S. Coast Guard (USCG) oversees approximately 800 waterfront facilities that, among other activities, transfer hazardous liquids between marine vessels and land-based pipelines, tanks or vehicles. These “maritime bulk liquid transfers” increasingly rely on computers to operate valves and pumps, monitor sensors and perform many other vital safety and security functions. This makes the whole system more vulnerable to cybersecurity issues ranging from malware to human error, and is the reason behind a new voluntary cybersecurity guide for the industry.

Maritime bulk liquid transfer processes are part of a complex and sophisticated supply chain of the oil and natural gas industry that brings together various types of organizations and systems. The USCG and industry representatives joined with the National Cybersecurity Center of Excellence (NCCoE), part of the National Institute of Standards and Technology (NIST), to develop a profile to help those organizations assess their cybersecurity risk (link is external).

The document is the first in a series of planned profiles that will help maritime industry organizations make the most of the voluntary Framework for Improving Critical Infrastructure Cybersecurity, published by NIST in February 2014. The profile pulls into one document recommended cybersecurity safeguards to provide a starting point for organizations to review and adapt their risk management processes, and it describes a desired minimum state of cybersecurity.

“Working with the U.S. Coast Guard to engage the oil and natural gas industry in creating this profile is a prime example of the collaboration that takes place at the NCCoE,” said Don Tobin, NIST senior security engineer. “Organizations working in this critical mission area can leverage the profile to develop a plan to reach their desired state of cybersecurity.”

The profile is aimed at those involved in overseeing, developing, implementing and managing the cybersecurity components of maritime bulk liquid transfer. This includes operations executives, risk managers, cybersecurity professionals and vessel operators. It recognizes a need for security controls on operational technologies such as storage, transfer, pressure and vapor monitoring, emergency response and spill mitigation systems. The profile provides guidance on appropriate security controls for information technology to reliably support these increasingly connected processes, as well as traditional ones such as human resources, training and business communication.

“These facilities face inherent cybersecurity vulnerabilities and the U.S. Coast Guard hopes this profile will assist organizations with mitigating them, and provide a long-term process for developing an internal cyber risk management program,” said Lt. Josephine Long, a marine safety expert in the Critical Infrastructure Branch within the USCG’s Office of Port & Facility Compliance.
 
The profile can help individual companies clarify how cybersecurity fits into their mission priorities and how best to allocate resources to secure their information and operational systems. Benefits also include improved understanding of the environment to foster consistent analysis of cybersecurity risks, and alignment of industry and USCG cybersecurity priorities.

According to Long, the USCG plans to work with the NCCoE to build additional profiles that will cover mobile offshore drilling operations, passenger vessel and terminal operations.
The NCCoE works with industry, academia and other government agencies to address real-world cybersecurity problems with existing technology.

The Maritime Bulk Liquid Transfer Cybersecurity Framework Profile (link is external) is available on the USCG website, and more information is available in a blog post (link is external) on Maritime Commons (link is external).

 

Recent Videos

HID Global is opening the door to a new era of security and convenience.  Powered by Seos technology, the HID Mobile Access solution delivers a more secure and convenient way to open doors and gates, access networks and services, and make cashless payments using phones and other mobile devices. ...
Mobile device forensics can make a difference in many investigations, but you need training that teaches you how to get the most out of your mobile forensics hardware and software, and certifies you to testify in court. Read this white paper to learn how to evaluate mobile forensics training...
PureTech Systems is a software company that develops and markets PureActiv, its geospatial analytics solution designed to protect critical perimeters and infrastructure.  Its patented video analytics leverage thermal cameras, radars and other perimeter sensors to detect, geo-locate, classify, and...
PureTech Systems is a technology leader in the use of geospatial video, focusing on perimeter security.  When combining geospatial capabilities with video analytics and PTZ camera control, managers of critical facilities can benefit by allowing the video management system to aid them in the process...