DECEMBER 2017 • FOGHORN 27 HOW PVA BENEFITS YOU WE LIVE AND BREATHE pAssENgER VEssELs, THAT’s THE KEY TO OUR sUCCEss Anders Rundberg, CEO of Carus We care about your customers Carus offers innovative solutions for the global passenger vessel industry, giving your customers a better experience before, during and after their journey. The Carus solution incorporates ticketing, reservations, check-in, port automation, on-board and relationship management. www.carus.com PVA Tools and Resources PVA has several tools to assist members is developing cyber security risk management best practices for their operation. The Cyber Risk Management Best Practices Guidelines follows estab- lished risk management principles and is based on existing maritime industry best practices and standards. It is also focused on systems and areas most applicable to small passenger vessel operations. Additionally, PVA has developed assessment worksheets to analyze vulnerability; these voluntary guides were created for the PVA Alternate Security Program but could also have broader applicability. Cybersecurity At the PVA Convention You can continue the conversa- tion about applying cybersecurity to your operation at the PVA Annual Convention at MariTrends 2018 January 28 – 31, 2018 in Savannah, GA. This year’s convention program will feature a session on “Cybersecurity Considerations for Passenger Vessel Operators” with experts from Coast Guard and the Transportation Security Administration (TSA). Coast Guard NVIC for Facilities The Coast Guard released draft guidance to assist with analyzing cyber security vulnerabilities for facili- ties that were required to have a Coast Guard-approved Facility Security Plan. This direction is found in Navigation and Vessel Inspection Circular (NVIC) Guidelines for Addressing Cyber Risks at Maritime Transportation Security Act (MTSA) Regulated Facilities (NVIC 05-17). This draft NVIC was open for public comment and PVAsubmitted feedback. PVA’s comments supported Coast Guard’s guidance for assessments and countermeasures on an as-needed basis and only where appropriate. PVA also supported best practices and non-reg- ulatory solutions to promoting cyber security where appropriate. The Coast Guard will next evaluate all of the comments received and release a final NVIC in the Federal Register. PVAwill be sure to watch for the release of the final NVIC and notify members accordingly. While this NVIC is focused on fa- cilities, this guidance could also be helpful in broadly evaluating cyber risk and creating mitigation processes. In this NVIC, the Coast Guard has incor- porated the cybersecurity framework from the National Institute of Standards and Technology (NIST, part of the U.S. Department of Commerce) and applied it to computer systems and networks that interface with marine transporta- tion activities. PVA is working for you to keep you up-to-date on cybersecurity. n