b'provides guidelines for regulated facilities subjectFrom the work instruction, here are the questions to the MTSA to do a cyber focused vulnerability assessment and develop countermeasures for itsmarine inspectors may be asking at your next FacilitySecurityPlan(FSP).WhiletheCoastvessel security inspection:Guard has confi rmed it will not begin enforcement of this until October 2022, they will be looking to see if companies have started the cyber assessment process in October of 2021 (that is next month). Does your Vessel Security Plan (VSP) address measures taken to address cybersecurity vulnerabilities?InadditiontothePVAtoolswevealready mentioned,theCoastGuardhasissueda frequently asked questions document and madeIf YES:If NO: public the Job Aid for Facility Inspectors. The JobAre these measuresHave you communicated Aid will provide you with the questions inspectorsin place? that issue to your company will be asking your crew and facility personnel.security ocer (CSO)?The bottom line is that cyber security needs to be assessed and mitigation measures put in place.VESSEL SECURITYHas the vessel experienced any cybersecurity In February 2021, the U.S. Coast Guards Office ofevents within the past 12 months?Commercial Vessel Compliance updated guidance to vessel operators on cybersecurity entitled Vessel CyberRiskManagementWorkInstructionIf YES:If NO: (CVC-WI-027(2)).ThisguidancedocumentHave you reported theseNo further action/applies to vessels that are required to have a Vesselcybersecurity incidents toquestion required.Security Plan (VSP), under MTSA. Vessels subjectyour CSO? to MTSA requirements include passenger vessels over100GRTinspectedunderTitle46Code ofFederalRegulations(CFR)SubchapterH and small passengers vessels carrying more than 150passengersandinspectedunder46CFR Subchapter K. Additionally, this work instructionINNOVATIVE. applies to any vessel using a Safety Management System (SMS), including those companies using PVAsFlagshipSMSprogram.AnticipatetheUNIQUE.ALL AMERICAN MARINECoastGuardaskingquestionsabouthowyou aremanagingcybersecurityriskatyournext security inspection PROVEN.It is important to remember that these questions will only be asked regarding areas of operational technology of a vessel, not of business technology suchaspaymentprocessingoraccounting systems.Itisalsoimportanttonotethatthe marine inspector may issue a defi ciency if cyber security measures are not in place based on the questions above.HOW TO PREPARECompanysecurityofficersshouldusethe assessment tools PVA has provided to determine areas of cyber risk within their company. Once those areas are determined, mitigation strategies should be put in place and company personnel shouldbetrainedonpropercyberhygiene practices. PVA staffare always available to answer questions and will work with PVA committees to further refi ne the tools members need to operateALLAMERICANMARINE.comsafely and securely.Bellingham, WA | 360.647.7602Pictured: Spirit of Matushka - A 150 Passenger, hydrofoil-assisted catamaran, custom built for Major Marine ToursSEPTEMBER 2021 33 SAFETY MATTERS'