Saturday, March 16, 2013

Coast Guard Announces NMSAC Meeting – 4-2-13

The Coast Guard published a notice (78 FR 16699-16700) in Monday’s Federal Register (available on-line today) about the upcoming meeting of the National Maritime Security Advisory Committee (NMSAC) on April 2nd and 3rd, 2013 in Washington, DC.

NOTE: Normally I would have provided a link to the organization in the paragraph above but the NMSAC web site is so out-of-date that it has to be the worst US government website that I have ever seen. The most recent entry is a link to the minutes from their May 4th, 2009 meeting. SHAME

The Meeting

The agenda for the meeting includes:

Cyber Security Executive Order: “NMSAC will be engaged to discuss and hear public comment on the Executive Order and begin initial work in developing a framework for the maritime community.”
Presidential Policy Directive-21: “NMSAC will be engaged to discuss and hear public comment
on PPD-21 and its impacts on the maritime community.”
Radiation Portal Monitoring: Continue discussion.
Port Security Grant Program: Discussion and develop recommendations.

Public participation is encouraged. The Coast Guard is not only making this available for physical attendees (registration required), but also via phone and web. Written comments on the agenda topics may be submitted via the Federal eRulemaking Portal (; Docket#  USCG-2012-0797). Comments should be submitted by March 29th, 2013. A period for public oral comments will be held at the end of each day; commenters should register with Ryan Owens, Alternate Designated Federal Official (ADFO) of NMSAC (

Cybersecurity Framework

The notice is a little misleading, neither the Coast Guard nor NMSAC has been tasked with developing a cybersecurity framework for the maritime community. NIST is responsible for the development of the cybersecurity framework {EO 16336, §7(a)} DHS through NPPD (according to a recent MOU) is going to be providing advice to NIST about critical infrastructure issues. Presumably (ah, hopefully) the Coast Guard will also be providing input to NIST about unique maritime cybersecurity issues.

The Coast Guard, on the other hand, will be responsible for the implementation of the Cybersecurity Framework. A reminder here that though, in general, the implementation is voluntary, §10(a) of the EO does require that:

“Agencies with responsibility for regulating the security of critical infrastructure shall engage in a consultative process with DHS, OMB, and the National Security Staff to review the preliminary Cybersecurity Framework and determine if current cybersecurity regulatory requirements are sufficient given current and projected risks.”

Then they are required to report to the President if they have “clear authority to establish requirements based upon the Cybersecurity Framework to sufficiently address current and projected cyber risks to critical infrastructure, the existing authorities identified, and any additional authority required”. The MTSA rules probably provide sufficient authority to require implementation of the Framework.

It will be interesting to see what comes of this discussion. Of course it may be some time (if ever) before it appears on the NMSAC web site, but I will be watching the blog posts on that meeting from John C.W. Bennet.

No comments:

/* Use this with templates/template-twocol.html */