On August 7, 2017, the U.S. Coast Guard ("USCG") Office of Port and Facility Compliance released a "Content Preview of the Passenger Operation Cybersecurity Framework Profile" ("the Preview"). The Preview sets out and describes 13 mission objectives with respect to passenger vessels focusing on issues such as human, marine and environmental safety; guest/hotel services and experiences; regulatory compliance; passenger information and accounting systems; supply chains; port turnarounds and operations; communications; life cycle asset management; and back office (non-guest-facing) systems.
The Preview sets out to apply the National Institute of Standards and Technology's (NIST) Cybersecurity Framework ("the Framework") to those mission objectives. This application breaks the Framework down further into a variety of subcategories assigning each relevant subcategory a priority within the context of the 13 passenger vessel objectives.
The Preview focuses heavily on the first three categories of the Framework – Identify, Protect and Detect. For example, the Preview prioritizes securing communications through evaluating and monitoring threats, protecting data and access to systems, and developing appropriate risk responses. Similarly, the Preview proposes to coordinate pertinent port operations through evaluation of organizational roles and critical services, protecting access to information, assets and networks, as well as developing and practicing response plans. In its entirety, the Preview covers a broad range of categories and subcategories pertinent to cybersecurity issues affecting passenger vessels which can be found in the full document here.
The Preview was developed through the collaboration of the USCG, NIST's National Cybersecurity Center of Excellence and various industry stakeholders. The USCG is requesting public feedback on the Preview. Any such feedback must be submitted to the USCG via the supplied comment matrix at HQS-SMB-CG-FAC-CYBER@uscg.mil by September 7, 2017.