The Coast Guard published a notice (78 FR 16699-16700)
in Monday’s Federal Register (available on-line today) about the upcoming
meeting of the National Maritime Security Advisory Committee (NMSAC) on April 2nd
and 3rd, 2013 in Washington, DC.
NOTE: Normally I would have provided a link to the
organization in the paragraph above but the NMSAC
web site is so out-of-date that it has to be the worst US government
website that I have ever seen. The most recent entry is a link to the minutes
from their May 4th, 2009 meeting. SHAME
The Meeting
The agenda for the meeting includes:
Cyber Security
Executive Order: “NMSAC will be engaged to discuss and hear public comment
on the Executive Order and begin initial work in developing a framework for the
maritime community.”
Presidential Policy
Directive-21: “NMSAC will be engaged to discuss and hear public comment
on PPD-21 and its impacts on the maritime
community.”
Maritime Domain
Awareness and Information Sharing: Briefing and discussion.
National Suspicious
Activity Reporting Initiative (NSI): Briefing and discussion.
Radiation Portal
Monitoring: Continue discussion.
Port Security Grant
Program: Discussion and develop recommendations.
Public participation is encouraged. The Coast Guard is not
only making this available for physical attendees (registration required),
but also via phone
and web. Written comments on the agenda topics may be submitted via the
Federal eRulemaking Portal (www.Regulations.gov;
Docket# USCG-2012-0797). Comments should
be submitted by March 29th, 2013. A period for public oral comments
will be held at the end of each day; commenters should register with Ryan
Owens, Alternate Designated Federal Official (ADFO) of NMSAC (ryan.f.owens@uscg.mil).
Cybersecurity
Framework
The notice is a little misleading, neither the Coast Guard
nor NMSAC has been tasked with developing a cybersecurity framework for the
maritime community. NIST is responsible for the development of the
cybersecurity framework {EO 16336,
§7(a)} DHS through NPPD (according
to a recent MOU) is going to be providing advice to NIST about critical
infrastructure issues. Presumably (ah, hopefully) the Coast Guard will also be
providing input to NIST about unique maritime cybersecurity issues.
The Coast Guard, on the other hand, will be responsible for
the implementation of the Cybersecurity Framework. A reminder here that though,
in general, the implementation is voluntary, §10(a) of the EO does require
that:
“Agencies with responsibility for
regulating the security of critical infrastructure shall engage in a
consultative process with DHS, OMB, and the National Security Staff to review
the preliminary Cybersecurity Framework and determine if current cybersecurity
regulatory requirements are sufficient given current and projected risks.”
Then they are required to report to the President if they
have “clear authority to establish requirements based upon the Cybersecurity
Framework to sufficiently address current and projected cyber risks to critical
infrastructure, the existing authorities identified, and any additional
authority required”. The MTSA rules probably provide sufficient authority to
require implementation of the Framework.
It will be interesting to see what comes of this discussion.
Of course it may be some time (if ever) before it appears on the NMSAC web
site, but I will be watching the blog posts on that meeting from John C.W. Bennet.
Posts
No comments:
Post a Comment