International Liquid Terminals Association > Advocacy > Issues and Policy > Cybersecurity
International Liquid Terminals Association
  • Join
AdvocacyIssues and PolicyCybersecurity

Cybersecurity

27_Cybersecurity_262x255 Identifying, understanding and managing risks are a necessary core competency for any organization. Companies are increasingly facing new exposures, and cyber risks are now a major threat to businesses. A cyber incident can have significant financial, operational, legal and reputational impacts.

Federal regulation and oversight of cybersecurity is expanding rapidly, and terminal companies are continuously examining how they protect their most important assets, their critical intellectual property and sensitive customer information. This includes identifying threats to and protecting traditional information technology systems and operational technologies involved in the management of facilities and processes.

Coast Guard Guidelines for Addressing Cyber Risks

In July 2017, the U.S. Coast Guard issued a draft Navigation and Vessel Inspection Circular (NVIC) 05-17: Guidelines for Addressing Cyber Risks at Maritime Transportation Security Act (MTSA) Regulated Facilities. Specifically, it directs MTSA-regulated facilities to assess cyber risks and address vulnerabilities in facility security plans and provides guidance for developing a cyber risk management program based on the National Institute of Standards and Technology (NIST) Cybersecurity Framework and NIST Special Publication 800-82. In September 2017, ILTA provided comments to the Coast Guard stating that cybersecurity requirements should be focused on facility functions with a nexus to maritime transportation, the agency must clarify its expectations for implementation of cybersecurity controls, many of the requirements included in the guidelines are in fact regulatory and require notice and comment rulemaking, cybersecurity is often not managed at a facility but rather at a far distance and it must be clear how facility security plans should address that circumstance, and, finally, that the Coast Guard must provide adequate training and direction to its district personnel to ensure consistent application of the guidelines. The final NVIC is expected to be released sometime in 2020.