Release of Maritime Bulk Liquids Transfer Cybersecurity Framework Profile

November 10, 2016

The U.S. Coast Guard, the National Institute of Standards and Technology (NIST), and maritime industry stakeholders have developed a voluntary cybersecurity “Profile” for Maritime Bulk Liquid Transfer (MBLT) facilities. This Profile will be released Thursday at the American Petroleum Institute’s 11th Annual Cybersecurity Conference in Houston.

The Profile implements the NIST Cybersecurity Framework, which was developed in 2014 to address and manage cybersecurity risk in a cost-effective way based on business needs and without placing additional regulatory requirements on businesses. The Profile is how organizations align the Framework’s cybersecurity activities, outcomes, and informative references to organizational business requirements, risk tolerances, and resources. Through this industry-focused Profile, MBLT facilities are provided a pathway for integrating the Framework into organizational operations.

The Profile is the first of its kind for the maritime transportation sector, and it is the result of the coordination between the Coast Guard Office of Port and Facility Compliance, the NIST’s National Cybersecurity Center of Excellence (NCCoE), and industry stakeholders.

“Working with the Coast Guard to engage the oil and natural gas industry in creating this profile is a prime example of the collaboration that takes place at the NCCoE,” said Don Tobin, senior security engineer at the NCCoE. “Organizations working in this critical mission area can leverage the profile to determine and reach their desired state of cybersecurity.”

The Profile identifies and prioritizes the minimum subset of Framework Subcategories relevant to MBLT facility operations, providing the flexibility to address Subcategories in a systematic way that is relevant to their unique operations. The Profile pulls into one document the recommended cybersecurity safeguards and provides a starting point to review and adapt risk management processes. It outlines a desired minimum state of cybersecurity and provides the opportunity to plan for future business decisions.

Read full story…