Captain’s Corner – Winter is Coming
As November begins, the winds of change are in the air for us, as well as our members, with the approach of winter and a new year hailing a time of reflection, introspection and evaluation. With this in mind, I spent several days in mid-October meeting with the other Executive Directors from MISNA, the group of Marine Exchanges from around the country whose job it is to track vessels along our respective waterfronts, and provide the community with sources of timely and accurate information.
I listened as we discussed business continuity plans, resiliency and a topic that keeps popping up and challenging our attention, no matter our business line: cybersecurity. I first heard about cybersecurity when I was with the Coast Guard. I thought of it as something that I’d have my IT wizards work on using resources brought down from Headquarters and the rest of the government. I figured it was a new front on which we could be attacked, so the solution was to have technical experts build a strong defense. As I sit in meetings with MISNA, the regional Area Maritime Security Committee, the Houston Ship Channel Security District and members, I realize that cybersecurity isn’t like a fence, where you build it and make slight repairs every so often. Rather it’s a part of culture like safety, security, or environmental compliance, where everybody has their own part to play and has to make constant changes to improve. When any employee can open the wrong email or download an infected file, it’s up to all of us to work together.
The thing is, as a small business, the Port Bureau doesn’t have the resources to develop a robust, enterprise-level cybersecurity program. But what I’ve learned is – we don’t have to. The Department of Homeland Security, the National Institute of Standards and Technology (NIST) and the US Computer Emergency Readiness Team (US-CERT) all have massive amounts of information, easy-to-use resources and helpful guides to help implement scalable solutions. From ensuring that our data is backed up and taking basic precautions like having robust passwords that rotate, to keeping employees vigilant to new threats, these resources are a great way to take the first steps necessary to protecting our business.
So in an effort to learn more, I’ve spent some time this month digging into the issues. In addition to port security specialists and members, I’ve spoken with my friend and colleague Marcus Woodring at the Port of Houston Authority who is appointed by the DHS secretary to represent Ports Authority on the National Maritime Security Advisory Committee (NMSAC). He’s come back with good information about how the Coast Guard is approaching a range of issues, from what constitutes Especially Hazardous Chemicals to what they’re looking to do on Cybersecurity.
What it looks like is this: by the beginning of 2017, the Coast Guard is going to start looking for public comments on cybersecurity. In the maritime realm, this will begin a process that can end in either a Notice of Proposed Rulemaking – the first step towards new regulation, or a Navigation and Vessel Inspection Circular (NVIC), which is the way that the Coast Guard provides guidance on how to meet an already-existing rule. Currently, Port Security Specialists and Coast Guard Officers across the country are taking the stance that even though the section of regulation that deals with facility security (33 CFR 105) doesn’t mention cyber, because cyber-incidents can lead to TSIs, they want to see that aspect addressed in your facility security assessment. This is a way to ensure that you are looking forward at a hazard that may affect your facility and those around you and dealing with it in an effective manner.
This kind of information is valuable and meeting with our members and partners across industry helps all of us as we continue through our individual planning processes. So as I look at what’s happened this year, and begin getting ready for next year, I realize that the first step to planning is staying informed. At the Port Bureau, we’re staying informed so that we can help our members meet next year’s challenges, and as always, our networking events mean that you can stay connected with friends and colleagues. Winter may be coming, but we’re going to be ready for it together.
- Date November 17, 2016
- Tags November 2016