Friday, February 23, 2024

Review - CG Marine Cybersecurity NPRM – Cybersecurity Officer

Yesterday, the CG published a notice of proposed rulemaking for “Cybersecurity in the Marine Transportation System”. The proposed regulations would update the maritime security regulations by adding regulations specifically focused on establishing minimum cybersecurity requirements for U.S.-flagged vessels, Outer Continental Shelf facilities, and U.S. facilities subject to the Maritime Transportation Security Act of 2002 regulations. This is the second in a series of posts about the provisions of that rule.

Owner Responsibilities

Section 106.620 provides that the owner-operator of any covered vessel or facility has primary responsibility for the implementation of the requirements of this new Subpart F. One of the enumerated responsibilities §106.620(b) is the requirement to designate in writing the Cybersecurity Officer for each covered vessel of facility. Subparagraph (b)(3) requires that the CySO be “accessible to the Coast Guard 24 hours a day, 7 days a week”. It also requires that the appointment document specify how the CG can contact the CySO.

Cybersecurity Officer

Section 106.625 spells out the requirements and responsibilities of the Cybersecurity Officer. In the preamble to the rule, the CG notes that there is broad latitude on who may be appointed to this role. Paragraph (d) specifies the specific responsibilities of the CySO for ‘each vessel, facility, or OCS facility for which they are designated’. Paragraph (e) outlines the qualifications for Cybersecurity Officers.


For more details about the requirements for the Cybersecurity Office, see my article CFSN Detailed Analysis - - subscription required.

No comments:

/* Use this with templates/template-twocol.html */