[Federal Register Volume 79, Number 239 (Friday, December 12, 2014)]
[Notices]
[Pages 73896-73897]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2014-29205]


-----------------------------------------------------------------------

DEPARTMENT OF HOMELAND SECURITY

Coast Guard

[Docket No. USCG-2014-1020]


Guidance on Maritime Cybersecurity Standards

AGENCY: Coast Guard, DHS.

ACTION: Notice of public meeting and request for comments.

-----------------------------------------------------------------------

SUMMARY: The U.S. Coast Guard announces a public meeting to be held in 
Washington, DC, to receive comments on the development of cybersecurity 
assessment methods for vessels and facilities regulated by the Coast 
Guard. This meeting will provide an opportunity for the public to 
comment on development of security assessment methods that assist 
vessel and facility owners and operators identify and address 
cybersecurity vulnerabilities that could cause or contribute to a 
Transportation Security Incident. The Coast Guard will consider these 
public comments in developing relevant guidance, which may include 
standards, guidelines, and best practices to protect maritime critical 
infrastructure.

DATES: The meeting will be held on Thursday, January 15, 2015 from 9:00 
a.m. to 12:00 p.m. The deadline to reserve a seat is Monday, January 5, 
2015. All written comments and related material must either be 
submitted to the online docket via http://www.regulations.gov on or 
before January 29, 2015 or reach the Docket Management Facility by that 
date.

ADDRESSES: The public meeting will be held at the Department of 
Transportation Headquarters, Oklahoma Room, 1200 New Jersey Avenue SE., 
Washington, DC 20590; the building telephone number is 202-366-1035. 
The building is accessible by taxi, public transit, and privately-owned 
conveyance. However, public parking in the vicinity of the building is 
extremely limited. Meeting participants are encouraged to use mass 
transit.
    Seating is limited, so please reserve a seat as soon as possible, 
but no later than January 5, 2015. To reserve a seat, please email 
[email protected] with the participant's first and last name 
for all U.S. Citizens, and additionally, official title, date of birth, 
country of citizenship, and passport number with expiration date for 
non-U.S. Citizens. To gain entrance to the Department of Transportation 
Headquarters building, all meeting participants must present 
government-issued photo identification (e.g., state-issued driver's 
license). If a visitor does not have a photo ID, that person will not 
be permitted to enter the facility. All visitors and any items brought 
into the facility will be required to go through security screening 
each time they enter the building.
    The Coast Guard will provide a live video feed of the meeting. To 
access the video feed, email a request to LT Josephine Long at 
[email protected] no later than January 13, 2015.
    The docket for this notice is available for inspection or copying 
at the Docket Management Facility (M-30, U.S. Department of 
Transportation, West Building Ground Floor, Room W12-140, 1200 New 
Jersey Avenue SE., Washington, DC 20590, between 9 a.m. and 5 p.m., 
Monday through Friday, except Federal holidays. You may also find this 
docket on the Internet by going to http://www.regulations.gov, entering 
USCG-2014-1020 in the search box and following the instructions.
    Written comments may also be submitted in response to this notice. 
All written comments and related material submitted before or after the 
meeting must either be submitted to the online docket via http://www.regulations.gov on or before January 29, 2015 or reach the Docket 
Management Facility by that date. You may submit written comments 
identified by docket number USCG-2014-1020 before or after the meeting 
using any one of the following methods:
    (1) Federal eRulemaking Portal: http://www.regulations.gov.
    (2) Fax: 202-372-1990.
    (3) Mail: Docket Management Facility (M-30), U.S. Department of 
Transportation, West Building Ground Floor, Room W12-140, 1200 New 
Jersey Avenue SE., Washington, DC 20590-0001.
    (4) Hand delivery: Same as mail address above, between 9 a.m. and 5 
p.m., Monday through Friday, except Federal holidays. The telephone 
number is 202-366-9329.
    To avoid duplication, please use only one of these four methods.
    The Coast Guard will post a video recording and written summary of 
the meeting to the docket.

FOR FURTHER INFORMATION CONTACT: If there are questions concerning this 
meeting, please call or email LT Josephine Long, Coast Guard at 202-
372-1109 or via email at [email protected] or LCDR Joshua Rose, 
Coast Guard; at 202-372-1106 or via email at [email protected]. If 
there are questions on viewing or submitting material to the docket, 
call Ms. Cheryl Collins, Program Manager, Docket Operations, telephone 
202-366-9826.

SUPPLEMENTARY INFORMATION:

Background and Purpose

    On February 12, 2013, the President signed Executive Order (E.O.) 
13636 ``Improving Critical Infrastructure Cybersecurity.'' The E.O. 
provided the national approach to protecting critical infrastructure 
cybersecurity and directed federal agencies to assess cyber risk to 
critical infrastructure. Pursuant to E.O. 13636, the National Institute 
of Standards and Technology (NIST) developed a voluntary Preliminary 
Cybersecurity Framework,\1\ followed by the February 12, 2014 
publication of a Framework for Improving Critical Infrastructure 
Cybersecurity \2\ (Cybersecurity Framework). The Cybersecurity 
Framework serves to help industry stakeholders reduce their cyber risk 
and vulnerabilities. The Coast Guard encourages vessel and facility 
owners and operators to adopt the Cybersecurity Framework voluntarily 
to achieve a minimum standard of cybersecurity protection.
---------------------------------------------------------------------------

    \1\ The Preliminary Cybersecurity Framework is available for 
viewing online at http://www.nist.gov/itl/upload/preliminary-cybersecurity-framework.pdf.
    \2\ The Framework for Improving Critical Infrastructure 
Cybersecurity is available for viewing online at http://www.nist.gov/cyberframework/upload/cybersecurity-framework-021214.pdf.
---------------------------------------------------------------------------

    Section 7(d) of E.O. 13636 states that in developing the 
Cybersecurity Framework, the Director of NIST ``shall engage in an open 
public review and comment process'' and consult with stakeholders 
including owners and operators of critical infrastructure.

[[Page 73897]]

Similarly, the Coast Guard will host this public meeting to engage the 
public and obtain comments to assist in the drafting of procedures to 
enable operators of vessels and facilities regulated pursuant to the 
Maritime Transportation Security Act of 2002 (MTSA) to identify and 
address cybersecurity risks that could result in a Transportation 
Security Incident (TSI).\3\ This may include standards, guidelines, and 
best practices to protect maritime critical infrastructure. The meeting 
will include the following topics:
---------------------------------------------------------------------------

    \3\ A Transportation Security Incident is defined in 33 CFR 
101.105 to mean a security incident resulting in a significant loss 
of life, environmental damage, transportation system disruption, or 
economic disruption in a particular area.
---------------------------------------------------------------------------

    (1) Identify: What cyber dependent systems perform vital functions 
that are addressed in MTSA requirements, such as access control, cargo 
control, and communications?
    (2) Protect: What standards are suitable to ensure the integrity of 
these systems?
    (3) Detect: What procedures are available to owners and operators 
to detect cyber intrusions that could compromise the integrity of vital 
systems or contribute to a TSI?
    (4) Respond: What response and notification procedures can minimize 
the consequences of cyber events?
    (5) Recover: What procedures can owners and operators take to 
promote rapid maritime transportation system recovery after a cyber 
incident?
    In addition to the topics outlined above, the Coast Guard is 
posting several supplemental documents to the online docket for this 
notice. The supplemental documents provide additional background 
information that may be useful for the public to consider in 
formulating comments. We encourage individuals interested in 
participating in the public meeting and/or submitting comments to the 
docket to review the supplemental documents. To view the supplemental 
documents and other documents mentioned in this notice as available in 
the docket, please follow the instructions described above in the 
ADDRESSES section. If you do not have access to the Internet, you may 
view the docket online by visiting the Docket Management Facility in 
Room W12-140 on the ground floor of the Department of Transportation 
West Building, 1200 New Jersey Avenue SE., Washington, DC 20590, 
between 9 a.m. and 5 p.m., Monday through Friday, except Federal 
holidays. The Coast Guard has an agreement with the Department of 
Transportation to use the Docket Management Facility.
    The Coast Guard encourages the public to participate by submitting 
comments either in person at the meeting or in writing. The public may 
submit written comments to Coast Guard personnel at the meeting. The 
Coast Guard will post these comments to the online public docket. All 
comments received will be posted without change to http://www.regulations.gov and will include any personal information you have 
provided.

Privacy Act

    Anyone can search the electronic form of comments received into any 
of the dockets by the name of the individual submitting the comment (or 
signing the comment, if submitted on behalf of an association, 
business, labor union, etc.). There is a Privacy Act notice regarding 
the public dockets for review in the January 17, 2008, issue of the 
Federal Register (73 FR 3316).

Information on Services for Individuals With Disabilities

    For information on facilities or services for individuals with 
disabilities or to request special assistance at the public meeting, 
contact LT Josephine Long at the telephone number or email address 
indicated under the FOR FURTHER INFORMATION CONTACT section of this 
notice.

Authority

    This notice is issued under the authority of 5 U.S.C. 552(a).

    Dated: December 3, 2014.
 Andrew Tucci,
Chief, Office of Port & Facility Compliance, U.S. Coast Guard.
[FR Doc. 2014-29205 Filed 12-11-14; 8:45 am]
BILLING CODE 9110-04-P