b'encouraged to report activities that may resultNavigational Safety33 CFR Part 164GuardCyberCommand(CGCYBER),the inatransportationsecurityincidenttotheNavigation Safety Regulations DHSCISACybersecurityDivision,orthe NationalResponseCenter.Additionally,33 CFR Part 164 identifies essential equipmentappropriate Coast Guard Headquarters Office CG-5P Policy Letter No. 08-16: Reportingthat is required to be fully operational during(CG-ENG, CG-FAC, CG-CVC). Suspicious Activity and Breaches of Securityinbound and outbound transits of a U.S. port. providesdetailsrelatedtothecriteriaandSome of this equipment may be vulnerable toVOLUNTARY REPORTING processforreporting.Together,33CFRcyber-related threats. Reports of equipmentOF CYBER INCIDENTS101.305 and Policy Letter 08-16 should be usedNotwithstandingthemandatoryreporting to determine when a cyber incident is requiredrequirementsdescribedabove,vesselsand to be reported. Again, as part of ongoing effortsVessels andcompaniesmayvoluntarilyreportcyber to improve resiliency in the MTS, the USCG isresponsible personsincidents to the Coast Guard NRC or DHS reviewing this policy letter. Any updates madeCISACentral.Whenavailable,theCoast will be shared with the maritime community. are encouraged toGuardwillprovidetechnicalassistance leveragingbothinternalandexternal Hazardous Condition33 CFR Part 160utilize availableresources. For vessels with an SMS approved Ports and Waterways Safety Act (PWSA) cyber resources tounder ISM Code, cyber incidents should also 33CFR160.216requiresnotificationtobe internally reported and non-conformities the nearest Coast Guard captain of the portmake themselvescorrected in accordance with the vessels SMS (COTP)immediatelyupondetectionofaknowledgeable ofprocesses. This typically include reports to the hazardouscondition,whichmayincludeorvessels management company. be a result of a cyber incident. A hazardouscyber best.conditionisdefinedin33CFR160.202asGLOBAL POSITIONING SYSTEM (GPS) any condition that may adversely affect theDISRUPTION REPORTINGsafety of any vessel, bridge, structure, or shorefailureshouldfollowexistingrequirementsTheCoastGuardNavigationCenter area or the environmental quality of any port,identifiedin33CFR164.53,andshould(NAVCEN) is the point of receipt for all civil harbor, or navigable waterway of the Unitednotify the appropriate COTP. If the failureGPS disruption reports that are not associated States. It may, but need not, involve collision,of a piece of equipment under 33 CFR 164with critical infrastructure (CISA) or aviation allision,fire,explosion,grounding,leaking,has a cyber nexus, technical assistance may be(FAA). Mariners should report observations damage, injury or illness of a person aboard, orrequestedthroughtheCOTPtotheCoastofGPSdegradation,disruption,incidents, manning-shortage. The following provides additional guidance to aid owners and operators in identifying vessel cyber incidents as hazardous conditions and help shape reporting best practices:The Coast Guard recognizes the difficulty inUSCG-Certied Light-Weight notifying without delay where the impactAluminum Honeycomb Panels from malware may gradually increase until it reaches a level that may result in a hazardousfor Passenger Ferriescondition. Whether an incident is the result of targeted malware or routine threats may or may not be relevant, since, for example, malwaredecorative | durable | functionalcan lie dormant for weeks until it is identified.rigidized.com/markets/marineAs such, the Coast Guard encourages malware-related incidents (including, but not limited to: ransomware, spyware, botnets, worms, viruses, etc.) to be reported as soon as practicable here. Because a cyber incident on board a vessel may affectthesafetyofthevessel,aswellasthe MTS, the above guidance should be utilized in determining if the condition is hazardous. Generallyspeaking,acyberincidenton board a vessel that poses a threat to, or has threatened,thesafeoperationofthevessel shouldbeconsideredahazardouscondition and therefore be reported.658 Ohio Street | Buffalo, NY 14203 | marine@rigidized.comSEPTEMBER 2021 17 FOGHORN FOCUS: TECHNOLOGY'