b'Photo by Philipp Katzenberger on UnsplashFOGHORN FOCUSCYBER SECURITY ALERTIncident Reporting & Cyber Resources LIEUTENANT CATHERINE PARISSTAFF ENGINEER, U.S. COAST GUARD SYSTEMS ENGINEERING DIVISION,OFFICE OF DESIGN AND ENGINEERING STANDARDSA dvances in technology enable maritime industry to operateCyber Incident Reporting serves as an emergency call atunprecedentedcapacityandefficiency.Cyber-relatedThe National Response Center (NRC) technologies are at the core of this progress. Many passengerscenter that fi elds initial reports for incidents and is the primary source vesselstodayuseelectronicticketing,off erelectronicpaymentsfor reporting maritime cyber incidents. Additionally, the Department onboard, and even provide Wi-Fi to their guests. While these featuresofHomelandSecuritysCybersecurityandInfrastructureSecurity are welcomed, they can be sources of increased risk. Emerging cyberAgency (CISA) Central can receive breach of security and suspicious threatsrequireengagementfromthemaritimecommunitytoactivity reports for cyber incidents on behalf eff ectively manage changing risk vectors inof the Coast Guard. Reporting contacts are order to create a safer cyber environment.The U.S. Coastlisted at the end of this article. Responsible This article was written to clarify whenpersons should be aware that this information andhowcyberincidentsshouldbeGuard is committedrepresents current arrangements, but as part reportedunderexistingregulation,asto working with ourof ongoing eff orts to improve cyber resiliency, wellastoprovidecyberresourcestoupdates may be forthcoming. If so, the updated aidinstrengtheningholisticmaritimemaritime partners toarrangements will be shared with the maritime cyber hygiene. improve our cybercommunity.TherecentlyupdatedUSCGCyberrisk management toMANDATORY REPORTING StrategicOutlook,releasedonAug.protect the MTS.There are several regulatory authorities that a 3,2021,highlightstheimportanceofcyber-related incident may fall under requiring promotingcyberriskmanagementREAR ADMIRAL JOHN MAUGER amandatoryreporttobemade.These (CRM)inthemaritimesectorasaincludesecurity-relatedincidents,hazardous necessarymeanstoensuringthesafety,conditions, and threats to navigational safety. security, and resilience of the Marine Transportation System (MTS).The following section details these authorities as they specifi cally relate The U.S. Coast Guard recognizes the growth and potential adverseto mandatory cyber reporting.impacts of maritime cyber incidents and is committed to working with our maritime partners to improve our cyber risk management to protectSecurity33 CFR 101.305 Maritime Transportation the MTS, notes Rear Admiral John Mauger, assistant commandantSecurity Act (MTSA)for prevention policy. Aside from guiding maritime industry on how33 CFR 101.305 requires reporting transportation security incidents, to incorporate CRM into plans for safety and security, it is criticallybreaches of security, and suspicious activity to the NRC. For passenger important that the Coast Guard maintains awareness of the cybervessels specifi cally, this includes those subject to 46 CFR Subchapters threatsfacingmaritimeentities.TheCoastGuardusesreportstoH and K. In addition to the owner and operator requirements listed, promulgate alerts for the maritime industry when a specifi c threat is33 CFR 101.305(a) states that any other person or entity is also determined to exist. FOGHORN FOCUS: TECHNOLOGY 16 FOGHORN'