Insight
Ten Steps to Adhering to the Latest Regulatory and Compliance Requirements
The regulatory landscape for maritime cybersecurity continues to evolve to combat the ever-changing cyber threat landscape. In this latest article in our Maritime Transportation Security Act (MTSA) cyber compliance series, Cybersecurity Technical Director Marco Ayala discusses why adhering to the latest regulatory and compliance requirements is crucial for port maritime organizations to protect their critical infrastructure and operations.
Governance to keep cyber threats at bay is crucial and involves an entire organization working to uphold cyber risk management as safety culture. While each organization will have a different risk appetite, there are number of key steps each one can take to keep in check with the latest regulatory and compliance requirements.
Marco Ayala
Technical Director,
Cybersecurity
The Path to Cybersecurity Compliance
Cybersecurity is an ongoing process and port maritime organizations should continuously monitor emerging threats, update security measures and adapt to changing compliance requirements to stay ahead of cyber risks.
Actionable Guidance for MTSA Compliance
1. Identify a Cybersecurity Leader:
Organizations should identify a person or group with authority and knowledge about cyber-enabled maritime systems and cybersecurity protections in the facility to create a cybersecurity plan.
2. Define Cybersecurity Vulnerabilities and Protections:
Based on the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) or other recognized standards, the cybersecurity plan should address vulnerabilities and protections primarily at programmatic, policy and technical levels.
3. Map Physical Security Vulnerabilities to Cybersecurity Vulnerabilities:
The cybersecurity plan should address cybersecurity vulnerabilities related to physical vulnerabilities identified in the Facility Security Assessment.
4. Collaboration between Facility Security Officer (FSO) and Cybersecurity Leadership
Effective collaboration between the FSO and cybersecurity leadership is essential to facilitate planning and protection against cyberattacks.
5. Understanding IT and OT Systems:
Understanding and documenting the interconnected systems at a facility, including information technology (IT) and operational technology (OT) systems, is crucial for planning and protecting against cyberattacks.
6. Regular Compliance Audits:
Port maritime organizations conduct regular internal compliance audits to assess their cybersecurity practices against relevant regulations and guidelines. Audits help identify gaps and ensure alignment with the latest requirements.
7. Internal Policies and Procedures:
Organizations should develop and implement internal policies and procedures that align with regulatory standards. These documents guide employees on cybersecurity practices, incident reporting and response protocols.
8. Training and Awareness Programs:
Educating employees about cybersecurity risks and best practices is vital. Regular training sessions and awareness programs help ensure staff understand their roles in safeguarding sensitive information and following compliance guidelines.
9. Incident Response Planning:
Establishing a robust incident response plan helps organizations effectively respond to cybersecurity incidents. Tailored incident response drills and tabletop exercises test the organization’s readiness to handle potential threats.
10. Third-Party Assessments:
Engaging external cybersecurity firms for independent assessments helps organizations identify vulnerabilities and areas for improvement. These assessments provide an unbiased view of the organization’s security posture.
ABS Consulting – How We Help
At ABS Consulting, our team of maritime cyber industry experts help customers understand the relationship between operations and system cybersecurity and what is required across an organization to meet the new standards and keep in step with the latest regulatory and compliance requirements.
We do this in several ways including:
Conducting Risk Assessments
For organizations with lower maturity levels, we assist with foundational risk assessments that outline the architecture of the vessel or port facility to identify potential risks. Through assessing and identifying critical assets, we provide operational and technical infrastructure recommendations.
Developing Cybersecurity Plans
ABS Consulting supports the maritime industry through the complete cybersecurity journey, from initial assessments through asset management, configuration management, vulnerability management, and detection and response management planning and implementation.
Training Key Personnel
Compliance with new regulations requires enhanced expertise, including a deep understanding of both cybersecurity and maritime operations. This includes significant training and upskill in role-based areas such as engineering and operations, whether at port or at sea.
Working with Regulators
Collaborating among asset owners, operators, vendors and regulators such as the U.S. Coast Guard is necessary to implement regulations more effectively.
As a Forbes World’s Best Management Consulting Firm, ABS Consulting is a trusted advisor backed by more than 50 years of safety and risk management expertise in the maritime sector. We’ll help your organization:
- Manage vendor relationships – our teams facilitate vendor dialogues, enabling asset owners to better manage expectations and processes with vendors to comply with new regulations.
- Work with regulators – our team helps customers navigate regulatory requirements by collaborating with asset owners, operators, vendors and regulators (such as the USCG) to help implement regulations more effectively.
Cybersecurity Training to Meet MTSA Compliance
ABS Consulting offers tailored training programs designed specifically for MTSA-regulated facilities, ensuring employees understand the unique risks and compliance requirements of the maritime industry.
Our training program benefits key personnel, including:
- Facility Security Officers (FSOs)
- Vessel Security Officers (VSOs)
- IT / OT Engineers and Technicians
- Operational Managers / Staff mandated by USCG
Contact Our Team Today
Connect with ABS Consulting today to begin your MTSA training.