Transfer of hazardous liquids between marine vessels and land-based pipelines, tanks or vehicles has become a greater concern than usual since the process has become more reliant on computer systems.
When you look at valves and pumps connected to computer systems, that means they are increasingly online, which can add up to an environment vulnerable to attackers.
Knowing that, there is a new voluntary cybersecurity guide for the maritime bulk liquid transfer industry.
Maritime bulk liquid transfer processes are part of a complex and sophisticated supply chain of the oil and natural gas industry that brings together various types of organizations and systems.
The United States Coast Guard (USCG) and industry leaders joined with the National Cybersecurity Center of Excellence (NCCoE), part of the National Institute of Standards and Technology (NIST), to develop a profile to help those organizations assess their cybersecurity risk.
The document is the first in a series of planned profiles that will help maritime industry organizations make the most of the voluntary Framework for Improving Critical Infrastructure Cybersecurity, published by NIST in February 2014. The profile pulls into one document recommended cybersecurity safeguards to provide a starting point for organizations to review and adapt their risk management processes, and it describes a desired minimum state of cybersecurity.
“Organizations working in this critical mission area can leverage the profile to develop a plan to reach their desired state of cybersecurity,” said Don Tobin, NIST senior security engineer.
The profile helps those involved in overseeing, developing, implementing and managing the cybersecurity components of maritime bulk liquid transfer. This includes operations executives, risk managers, cybersecurity professionals and vessel operators. It recognizes a need for security controls on operational technologies such as storage, transfer, pressure and vapor monitoring, emergency response and spill mitigation systems.
The profile provides guidance on appropriate security controls for information technology to reliably support these increasingly connected processes, as well as traditional ones such as human resources, training and business communication.
“These facilities face inherent cybersecurity vulnerabilities and the U.S. Coast Guard hopes this profile will assist organizations with mitigating them, and provide a long-term process for developing an internal cyber risk management program,” said Lt. Josephine Long, a marine safety expert in the Critical Infrastructure Branch within the USCG’s Office of Port & Facility Compliance.
Click here to download the Maritime Bulk Liquid Transfer Cybersecurity Framework Profile.