Cybersecurity Updates
International Liquid Terminals Association
  • Join
News & ResourcesNewsletter

Newsletter

A respected industry publication for ILTA members, this monthly newsletter highlights legislative and regulatory activities affecting terminal facilities. It also provides news on recent business development within the terminal industry, including new construction, expansions, acquisitions and additions to ILTA's membership, as well as important information about ILTA's committee meetings, conferences and training events. ILTA also offers ILTA News Plus to members. This publication, sent on weeks that ILTA News is not published, aggregates industry and member news.

Not a member? Join ILTA today and stay up-to-date withILTA News and ILTA News Plus.
Michael Stroud
/ Categories: ILTA News Articles

Cybersecurity Updates

There are two cybersecurity updates.

#1- Development of Comments to Cybersecurity Strategy

First, for ILTA Members, the Office of the National Cyber Director (ONCD) is developing the Biden Administration’s National Cybersecurity Strategy and the Oil and Natural Gas Sector Coordinating Council (ONG SCC) leadership is facilitating the collection of comments on behalf of the ONG SCC.  The cybersecurity strategy will nest within and complement the soon-to-be released National Security Strategy. As the ONCD develops the cybersecurity strategy, the Sector Coordinating Councils (SCCs) were invited to provide perspectives, either as a consensus under the Critical Infrastructure Protection Advisory Council (CIPAC) structure or as individual SCC members, on the following topics:

  • How the government and industry can better work together and collaborate on cybersecurity challenges;
  • The roles, mission, integration, and vision of the various government collaborations centers, such as the Joint Cyber Defense Collaborative (JCDC) and sector-specific collaboration centers;
  • How the government can most helpfully and productively engage in cybersecurity regulation and regulation harmonization;
  • Any legal or policy impediments to greater public private collaboration; and
  • Any other topics that the National Cybersecurity Strategy should address.

 

The ONG SCC leadership collected industry comments and will continue to accept any information from stakeholders until Monday, July 11.  Additionally, the National Security Council has also offered to meet virtually with the SCCs to discuss these questions and receive individual viewpoints and perspectives from participants, and not as a consensus, through July 15, 2022.  Please let ILTA staff, Michael Stroud, know if you have any questions or would like to meet with ONCD about the National Cybersecurity Strategy and ILTA can work to arrange a meeting.

#2- Development of DHS and NIST Common Baselines for Cybersecurity for Critical Infrastructure Continue

Second, the ONG SCC is also working with the CIPAC to coordinate cross-sector Common Baseline goals and objectives for cybersecurity to protect critical infrastructure. The CIPAC started its work in fall 2021, with several meetings in early 2022. The ongoing ONG SCC is working to provide insights from ILTA Members and other sector stakeholders to help inform the Common Baseline.

In July 2021, the U.S. Department of Homeland Security (DHS) and the National Institutes of Standards and Technology (NIST) were tasked with developing the preliminary cybersecurity performance goals that will drive adoption of effective practices and controls.

CISA and NIST identified nine categories of recommended cybersecurity practices and used these categories as the foundation for preliminary control system cybersecurity performance goals. Each of the nine goals includes specific objectives that support the deployment and operation of secure control systems that are further organized into baseline and enhanced objectives.  These goals represent high-level cybersecurity best practices.  They are:

Risk Management and Cybersecurity Governance

Architecture and Design

Configuration and Change Management

Physical Security

System and Data Integrity, Availability, and Confidentiality

Continuous Monitoring and Vulnerability Management

Training and Awareness

Incident Response and Recovery

Supply Chain Risk Management

 

As part of the continued DHS performance goals process DHS has passed along the “Controls List” document represents the substantive core of the Common Baseline. Also DHS circulated a “review guidance” document, that provides guiding questions to consider as you review the mitigation and goals list as well as an FAQ document. CISA will provide a second package of ancillary content (including introductory content and glossaries) in July.

DHS CISA has set a deadline of August 10, 2022 for submission of feedback and has asked for the Sector Risk Management Agencies (SRMA) to consolidate all input and feedback into a single submission. To allow for compilation of feedback, the ONG SCC has requested that ILTA Members please submit your comments in the attached comment form to Michael Stroud, with ILTA, no later than COB  Wednesday, August 3th.

In addition to this review process, CISA will hold three workshops for industry to provide feedback. The goals of these workshops are to ensure that partners have a robust understanding of the purpose and updated content of the Common Baseline mitigation and goal list and to answer any questions. 
 

The workshops are on the following dates, with registration details forthcoming. The public workshop will be publicized via public outreach channels.

•             July 13, 2022 (open to sector and cross-sector partners) 

•             July 20, 2022 (open to the public)

•             July 25, 2022 (open to sector and cross-sector partners
 

Please let Michael Stroud know if you have any questions.

 

 

 

 

 

 

 

Previous Article ILTA Supports Coast Guard Foundation at Annual D.C. Gala
Next Article PFAS Federal, State Policy Update
Print
438 Rate this article:
No rating
Please login or register to post comments.
International Liquid Terminals Association
  • Join