b'SAFETY MATTERS:PVA Cyber Risk SAFETYAssessment Tools ERIC CHRISTENSEN PVA DIRECTOR OF REGULATORY AFFAIRS & RISK MANAGEMENTC ybersecuritycontinuestobeanTheU.S.CoastGuard,asyouwillreadeff orts by developing cyber guidelines and a cyber emergingtopicwithinthemaritimeelsewhereinthisissueofFOGHORN,hasassessmentformaspartoftheCoastGuard-industry.TherearenumeroussteppedupnotonlytherequirementsforapprovedAlternateSecurityProgram(ASP). workshopsandseminarsavailablethatWhile optional documents in the 2017 approved provideinsightintothelatestthreatsandPVAASP,theCyberRiskManagementBest countermeasures. As we have seen in the lastPVA has beenPracticesGuidelinesandaCyberAssessment year,domesticpassengervesseloperationsWorksheet can be used to meet the Coast Guard arenotimmunetoaransomwareorotherdeveloping cyberrequirementsdiscussedbelow.Thecyber cyber attack. Remote work has opened otherguidelines and aassessment tools can be found under security tools avenues of attack by hackers or other threatin the member download area of the PVA website. actors. While most of the cyber attacks havecyber assessmentSinceeveryvesseloperationisdiff erent,the focused on ransomware and gaining access toform as part ofevaluationofvulnerabilitiessubjecttocyber customer fi nancial information, there are alsothreats and the development of countermeasures risks to navigational and security equipment. the Coast Guard- willbebasedonhowacompanyusesand appliestechnology.Operatorsshouldinventory PVAsworkingdefi nitionofacybersecurityapproved Alternateallthecyber-dependentsystems,including breachistheunauthorizedaccesstodata,Security Program. bothhardwareandsoftware,whichsupport applications,services,networksand/orcriticalsafetyandsecuritysystems.Financial devices,bypassingtheirunderlyingsecuritysystems are not required to be assessed for Coast mechanisms. A cybersecurity breach may rise toGuard requirements.the level of a reportable transportation securitycyber assessments of facilities and vessels, but incident,whichoccurswhenanindividual,also outreach to support the maritime industryTheprocessofevaluatingcyberriskissimilar entity,orapplicationillegitimatelyentersaas part of their overall cyber strategy. toreviewingthepotentialimpactofanyother private or confi dential information technologysecurityvulnerabilityatyouroperation.PVAs perimeter of a Marine Transportation SecurityPVA TOOLS industrybestpracticessuggestfollowing Act (MTSA)-regulated facility or vesselPVA has been responsive to the Coast Guardsthese steps:Assessment Inventory systems, reviewtheir interdependence. Identifi cation Evaluate risk levels, RELAX. THIS JOURNEYS detect vulnerabilities.POWERED BY CATERPILLAR.MitigationDevelop countermeasures and implement in company security policies.When your cargo can talk, the stakes are high. WhenThe PVA ASP is up for re-approval in the summer you choose Caterpillar, you dont have to worry aboutof2022.Weanticipateupdatingthecyber meeting your passengers high expectations forassessmentguidancetomeetallCoastGuard reliable, safe, clean operation. Our engines set themandates.standard, so everyone can sit back and enjoy the ride.FACILITY SECURITYLearn more about our Ferry and Cruise solutions In2020,theCoastGuardreleasedguidance oncybersecurityatfacilitiesintheformofa Navigation and Vessel Inspection Circular (NVIC) titled Guidelines For Addressing Cyber Risks at MaritimeTransportationSecurityAct(MTSA) RegulatedFacilities(NVIC01-20).TheNVIC For more information, visit www.cat.com/marine 2020 Caterpillar. All Rights Reserved. CAT, CATERPILLAR, LETS DO THE WORK, their respective logos, Caterpillar Yellow, the Power Edge and Cat Modern Hex trade dress as well as corporate and product identity used herein, are trademarks of Caterpillar and may not be used without permission.SAFETY MATTERS 32 FOGHORN'