Friday, December 26, 2014

More Detailed Analysis of NPRM on Seafarer Access

Below is a more detailed analysis of the Notice of Proposed Rulemaking that will be published in Monday Dec. 29 2014’s Federal Register, at www.gpo.gov/fdsys/pkg/FR-2014-12-29/pdf/2014-30013.pdf. For the record, my comments are based on 10 years’ work with MTSA facilities.  Some of that experience was obtained while employed in the job capacity of Facility Security Officer. My opinions are also informed by experience working for and with federal, state, and local public safety and security agencies beginning in 1976 and continuing until 2003. The comments are my own and do not reflect the opinions of the University of Findlay. 

The proposed rule will “require each owner or operator of a MTSA-regulated facility to implement a system for providing seafarers and other individuals with access between vessels moored at the facility and the facility gate. Each owner or operator would be required to implement a system, within 1 year after publication of the final rule, that incorporates specific methods of providing access in a timely manner, at no cost to the individual, and in accordance with existing access control provisions in 33 CFR part 105. We also propose to require each owner or operator to ensure that the FSP includes a section describing the system for seafarers’ access.

This rule would not affect the authority of the U.S. Customs and Border Protection (CBP) to inspect and process individuals seeking entry to the U.S. For those seafarers and other individuals subject to CBP’s authority, this rule would apply to facility owners and operators only after such seafarers and other individuals have been inspected, processed, and admitted to the U.S. by CBP.”

What does the NPRM contain?
Section 811 of the Coast Guard Authorization Act of 2010 (Pub. L. 111–281) (CGAA 2010), requires facility owners and operators to ensure shore access for seafarers and other individuals. Specifically, section 811 requires each MTSA-regulated facility to ‘‘provide a system for seamen assigned to a vessel at that facility, pilots, and representatives of seamen’s welfare and labor organizations to board and depart the vessel through the facility in a timely manner at no cost to the individual.’’ This new rule implements that section. The shore leave initiative is largely the work of the Seamen’s Church Institute. SCI has been conducting annual surveys of seafarers’ shore leave detentions and restrictions on seafarers’ and chaplains’ access through terminals in United States ports since 2002. For more information, see http://seamenschurch.org/primary-category/shore-leave.

This regulation requires owner/operators to provide timely access without unreasonable delay through the facility at no cost to the individual to seafarers and other individuals. Certain factors are specified to be used in determining whether the access is timely. Certain methods are to be used in granting access. A new FSP section on seafarer access is created, and the contents of the section are detailed.

Specifically, the proposed new rule:

Inserts a new federalism section into 33 CFR 101, 101.112, stating that 33 CFR 105 preempts State or local regulations if there is a conflict between 33 CFR 105 and State and local regulations.

Amends 105.200. Clarifies acronyms, clarifies wording.  Major changes:

CHANGES (b)(1) (1) Define the security organizational structure and provide each person exercising security duties and responsibilities within that structure the support needed to fulfill those obligations;

TO (b)(1)(1) Define the organizational structure of the security personnel and provide each person exercising security duties and responsibilities the support needed to fulfill those obligations;

CHANGES 105.200, (b)(9) ,  “Ensure coordination of shore leave for vessel personnel or crew change-out, as well as access through the facility for visitors to the vessel (including representatives of seafarers' welfare and labor organizations), with vessel operators in advance of a vessel's arrival. In coordinating such leave, facility owners or operators may refer to treaties of friendship, commerce, and navigation between the U.S. and other nations;”

TO “Ensure implementation of a system, in accordance with § 105.237 of this subpart, coordinating shore leave for vessel personnel or crew change-out, as well as access through the facility for visitors to the vessel, as described in § 105.237(b)(4) of this subpart, with vessel operators in advance of a vessel's arrival. In coordinating such leave, facility owners or operators may refer to treaties of friendship, commerce, and navigation between the U.S. and other nations;”

Inserts new section 105.237, System for seafarers access. This section has 6 subsections. (a) sets out the requirement that the facility must provide seafarers timely access at no cost to the individual, complying with the requirements of the TWIC program.  Access must be by a method specified in this section. (b) gives a list of the types of individuals who needs to be given this access. It is an expansion of the list given in the current version of 105.200 (b)(9), and includes a “catch-all” “other authorized individuals classification. (c) gives a list of factors that the owner/operator must consider when deciding the issue of “timeliness”. Owner/operators must provide the access in a timely manner without unreasonable delay, subject to review by the Coast Guard. The Coast Guard will review each FSP to ensure that the facility owner/operator has “appropriately considered” the factors listed in (c). (d) is a list of the 6 methods that may be used to perform the access. Methods allowed include types of escorting, use of third parties, monitoring, or some other arrangement with the permission of the Coast Guard. The method(s) included in the FSP will be subject to Coast Guard review and approval. The Coast Guard states that “We assume that most facilities would choose monitoring (Method 5) since the majority of them are small enough that existing security guards and/or monitoring equipment in place would be sufficient. However, if facilities choose this method, we anticipate 1 hour of training annually to review security protocol in the event that a seafarer leaves the designated passageway.” If a third party is used, a back-up method must be specified in case the third party is unable to or does not provide the required access. (e) sets out the requirement for “at no cost to the individual.” (f) describes the content of the new FSP section This is the new Section 9, System for seafarer access, which is the documentation of the facility’s system for providing the access as described in 105.237.

Complete text of this new section 105.237:
(a) Access Required. Each facility owner or operator must implement a system by (365 DAYS AFTER DATE OF PUBLICATION OF FINAL RULE) for providing access through the facility that enables individuals to transit to and from a vessel moored at the facility and the facility gate in accordance with the requirements in this section. The system must provide timely access as described in paragraph (c) of this section and incorporate the access methods described in paragraph (d) of this section at no cost to the individuals covered. The system must comply with the Transportation Worker Identification Credential provisions of this part.
(b) Individuals Covered. The individuals to whom the facility owner or operator must provide the access described in this section include—
(1) The seafarers assigned to a vessel moored at the facility;
(2) The pilots and other authorized personnel performing work for a vessel moored at the facility;
(3) Representatives of seafarers’ welfare and labor organizations; and
(4) Other authorized individuals in accordance with the Declaration of Security (DoS) or other arrangement between the vessel and facility.
(c) Timely Access. The facility owner or operator must provide the access described in this section without unreasonable delay, subject to review by the Captain of the Port (COTP). The facility owner or operator must consider the following when establishing timely access without unreasonable delay:
(1) Length of time the vessel is in port.
(2) Distance of egress/ingress between the vessel and facility gate.
(3) The vessel watch schedules.
(4) The facility’s safety and security procedures as required by law.
(5) Any other factors specific to the vessel or facility that could affect access to and from the vessel.
(d) Access Methods. The facility owner or operator must ensure that the access described in this section is provided through one or more of the following methods:
(1) Regularly scheduled escort between the vessel and the facility gate that conforms to the vessel’s watch schedule as agreed upon between the vessel and facility.
(2) An on-call escort between the vessel and the facility gate.
(3) Arrangements with taxi services, ensuring that any costs for providing the access described in this section, above the taxi’s standard fees charged to any customer, are not charged to the individual to whom such access is provided. If a facility provides arrangements with taxi services as the only method for providing the access described in this section, the facility is responsible to pay the taxi fees for
transit within the facility.
(4) Arrangements with seafarers’ welfare organizations to facilitate the access described in this section.
(5) Monitored pedestrian access routes between the vessel and facility gate.
(6) A method, other than those in paragraphs (d)(1) through (d)(5) of this section, approved by the COTP.
(7) If an access method relies on a third party, a back-up access method that will be used if the third-party is unable to or does not provide the required access in any instance. An owner or operator must ensure that the access required in paragraph (a) of this section is actually provided in all instances.
(e) No cost to individuals. The facility owner or operator must provide the access described in this section at no cost to the individual to whom such access is provided.
(f) Described in the Facility Security Plan (FSP). On or before [INSERT DATE 10 MONTHS AFTER PUBLICATION OF THE FINAL RULE], the facility owner or operator must document the facility’s system for providing the access described in this section in the approved FSP in accordance with 33
CFR 105.410 or 33 CFR 105.415. The description of the facility’s system must include.
(1) Location of transit area(s) used for providing the access described in this section;
(2) Duties and number of facility personnel assigned to each duty associated with providing the access described in this section;
(3) Methods of escorting and/or monitoring individuals transiting through the facility;
(4) Agreements or arrangements between the facility and private parties, nonprofit organizations, or other parties, to facilitate the access described in this section; and
(5) Maximum length of time an individual would wait for the access described in this section, based on the provided access method(s).

CHANGES 105.405   Format and content of the Facility Security Plan (FSP).
(a) A facility owner or operator must ensure that the FSP consists of the individual sections listed in this paragraph (a). If the FSP does not follow the order as it appears in the list, the facility owner or operator must ensure that the FSP contains an index identifying the location of each of the following sections:
(1) Security administration and organization of the facility;
(2) Personnel training;
(3) Drills and exercises;
(4) Records and documentation;
(5) Response to change in MARSEC Level;
(6) Procedures for interfacing with vessels;
(7) Declaration of Security (DoS);
(8) Communications;
(9) Security systems and equipment maintenance;
(10) Security measures for access control, including designated public access areas;
(11) Security measures for restricted areas;
(12) Security measures for handling cargo;
(13) Security measures for delivery of vessel stores and bunkers;
(14) Security measures for monitoring;
(15) Security incident procedures;
(16) Audits and security plan amendments;
(17) Facility Security Assessment (FSA) report; and
(18) Facility Vulnerability and Security Measures Summary (Form CG-6025) in appendix A to part 105-Facility Vulnerability and Security Measures Summary (CG-6025).

TO: 105.405   Format and content of the Facility Security Plan (FSP).
(a) A facility owner or operator must ensure that the FSP consists of the individual sections listed in this paragraph. If the FSP does not follow the order as it appears in the list, the facility owner or operator must ensure that the FSP contains an index identifying the location of each of the following sections:
1) Security administration and organization of the facility;
(2) Personnel training;
(3) Drills and exercises;
(4) Records and documentation;
(5) Response to change in MARSEC Level;
(6) Procedures for interfacing with vessels;
(7) Declaration of Security (DoS);
(8) Communications;
(9) System for seafarers access;
(10) Security systems and equipment maintenance;
(11) Security measures for access control, including designated public access areas;
(12) Security measures for restricted areas;
(13) Security measures for handling cargo;
(14) Security measures for delivery of vessel stores and bunkers;
(15) Security measures for monitoring;
(16) Security incident procedures;
(17) Audits and security plan amendments;
(18) The Facility Security Assessment (FSA) report; and
(19) The Facility Vulnerability and Security Measures Summary (Form CG-6025) in appendix A to part 105-Facility Vulnerability and Security Measures Summary (CG-6025).

Who will be affected by the NPRM?
The individuals granted access and the 2,498 facilities subject to MTSA.

Why does the USCG consider that a regulation is necessary?
Section 811 of the Coast Guard Authorization Act of 2010 (Pub. L. 111–281) (CGAA 2010) “requires facility owners and operators to ensure shore access for seafarers and other individuals. Specifically, section 11 requires each MTSA-regulated facility to ‘‘provide a system for seamen assigned to a vessel at that facility, pilots, and representatives of seamen’s welfare and labor organizations to board and depart the vessel through the facility in a timely manner at no cost to the individual.’’ The Coast Guard has decided that the provisions of this NPRM satisfy the requirements of the CGAA 2010 through a regulatory flexibility that offers the least costly of any alternative.

What are the costs of this proposed regulation?
There is a detailed cost break-down in the introductory material in the Federal Register notice. Some factors that I noticed when looking at the Coast Guard’s estimates of who will be affected by regulation, which will affect cost.  The Coast Guard states that in January 2010, 62% of all FSPs had been reviewed and only 4% lacked adequate seafarers access provisions, while stating elsewhere that 33 CFR does not require seafarer access measures that are “adequate” for the purposes of the CGAA 2010.  There is a huge difference between placing a sentence in an FSP to the effect, “The facility has procedures in place to ensure timely access of seafarers at no cost to the individual” and actually having a program in effect that meets the standards of the CGAA2010 and can be described out to that standard. I have looked at many FSPs and I don’t see what the Coast Guard is apparently seeing. It is not in the current plans because aside from the brief mention in the list of owner/operator responsibilities, shore leave or seafarers access is not covered in 33 CFR 105. I think the figure of facilities whose plans and programs will be affected is much higher than 10% and the corresponding cost of this regulation will be much higher.

What are the benefits of this proposed regulation?
The regulation will grant access to around 907 seafarers annually.  It will put into action a section of law passed in 2010. It will align us more closely with the Intent of the International Ship and Port Facility Security Code.

What timelines are involved?
The Coast Guard intends to hold a public meeting on this regulation in Washington, DC January 23, 2015 from 9:00 a.m. to 12:00 p.m. The deadline to reserve a seat is January 16, 2015. Comments need to be submitted by February 27, 2015.  FSPs would need to be updated within 10 months after publication of the final rule.

What will the average MTSA facility need to do to comply with this new regulation, if the final rule closely resembles this NPRM?
1. Codify the existing shore leave procedures if they have not been captured in policy or post orders. The vessel agents who service your dock are always a good source of information and advice. For example, if your policy states that the vessel needs to contact the security detail via cell phone to arrange for the on-call escort, the vessel agent will know or be able to find out the availability of cell phones on the vessels.
2.  Decide which of the 6 methods of providing access is right for your operation. If a third-party escort service will be utilized, be sure to provide a back-up method. If you have a method that is not mentioned in the new rule that you wish the Coast Guard to consider, you should get the Coast Guard approval for this method in advance of FSP submission. Contact your petty officer to see how he/she wants you to handle this issue.
3.  Absent any further policy on the subject, use the format in 105.237 (f) for the FSP Section. You can add anything you like to this section but these 5 elements (or however many survive in the final rule) must be included in the section.
3. Don’t wait til the very end of the 10-month period to submit your amended FSP! Depending on your location, the inspection corps may have a heavy lift at this time.

What does the Notice say about submitting comments?
The Notice gives the procedure for submitting comments.  The docket number is USCG–2013–1087. In the Notice, on pp.77987-77988, the Coast Guard has a list of topics on which they specifically request comments. From past presentations on the comment process, the Coast Guard has advised:
1. Don’t include comments about unrelated topics
2. Form letters aren’t particularly effective

3.  Suggest solutions to identified problems or criticisms

NPRM and Public Meeting on Seafarer Access in Monday Dec. 29 Federal Register

In Monday Dec. 29 2014’s  Federal Register, the Coast Guard issues a notice of proposed rulemaking, and a notice of public meeting, on seafarer access, at www.gpo.gov/fdsys/pkg/FR-2014-12-29/pdf/2014-30013.pdf.

The proposed rule will “require each owner or operator of a MTSA-regulated facility to implement a system for providing seafarers and other individuals with access between vessels moored at thefacility and the facility gate. Each owner or operator would be required to implement a system, within 1 year after publication of the final rule, that incorporates specific methods of providing access in a timely manner, at no cost to the individual, and in accordance with existing access control provisions in 33 CFR part 105. We also propose to require each owner or operator to ensure that the FSP includes a section describing the system for seafarers’ access.


This rule would not affect the authority of the U.S. Customs and Border Protection (CBP) to inspect and process individuals seeking entry to the U.S. For those seafarers and other individuals subject to CBP’s authority, this rule would apply to facility owners and operators only after such seafarers and other individuals have been inspected, processed, and admitted to the U.S. by CBP.”

The Coast Guard will hold a public meeting in Washington, DC to solicit comments on the proposals in this notice on January 23, 2015 from 9:00 a.m. to 12:00 p.m. The deadline to reserve a seat is January 16, 2015.

Thursday, December 18, 2014

Coast Guard Publishes Request for Comments on How to Identify Vulnerabilities to Cyber-Dependent Systems

In today's Federal Register, the Coast Guard published a notice, requesting public input from the maritime industry and other interested parties on how to identify and mitigate potential vulnerabilities to cyber-dependent systems. Information on how to comment is included in the notice.  The text of the notice can be found at http://www.gpo.gov/fdsys/pkg/FR-2014-12-18/pdf/2014-29658.pdf. The text of the notice is reprinted below.Two things should be abundantly clear to all maritime security stakeholders. #1, the Coast Guard is very serious about listening to our voice on this issue. #2, the Coast Guard takes the issue of cyber security vulnerability very seriously and has moved it up the queue of security worries. If we don't participate in this process (help drive the train) we may find ourselves being the subject of a regulatory process that could have been managed another way (grit beneath the wheels).
________________________________________________________

Coast Guard

[Docket No. USCG–2014–1020]

Guidance on Maritime Cybersecurity Standards

AGENCY: Coast Guard, DHS.

ACTION: Notice with request for comments.

SUMMARY: The Coast Guard is developing policy to help vessel and facility operators identify and address cyber-related vulnerabilities that could contribute to a Transportation Security Incident. Coast Guard regulations require certain vessel and facility operators to conduct security assessments, and to develop security plans that address vulnerabilities identified by the security assessment. The Coast Guard is seeking public input from the maritime industry and other interested parties on how to identify and mitigate potential vulnerabilities to cyber-dependent systems. The Coast Guard will consider these public comments in developing relevant guidance, which may include standards, guidelines, and best practices to protect maritime critical infrastructure.
DATES: Comments must be submitted to the online docket via http://www.regulations.gov, or reach the Docket Management Facility, on or before February 17, 2015.
ADDRESSES: Submit comments using one of the listed methods, and see SUPPLEMENTARY  INFORMATION for more information on public comments.
• Online—http://www.regulations.gov following Web site instructions.
• Fax—202–493–2251.
• Mail or hand deliver—Docket Management Facility (M–30), U.S. Department of Transportation, West Building Ground Floor, Room W12–140, 1200 New Jersey Avenue SE., Washington, DC 20590–0001. Hours for hand delivery are 9 a.m. to 5 p.m., Monday through Friday, except Federal holidays (telephone 202–366–9329).
FOR FURTHER INFORMATION CONTACT: For information about this document call or email LT Josephine Long, Coast Guard; telephone 202–372–1109, email Josephine.A.Long@uscg.mil or LCDR Joshua Rose, Coast Guard; 202–372–1106, email Joshua.D.Rose@uscg.mil.
For information about viewing or submitting material to the docket, call Cheryl Collins, Program Manager, Docket Operations, telephone 202–366–9826, toll free 1–800–647–5527.
SUPPLEMENTARY INFORMATION:
Public Participation and Comments
We encourage you to submit comments (or related material) on the questions listed below. We will consider all submissions and may adjust our final policy actions based on your comments.
Comments should be marked with docket number USCG–2014–1020, and should provide a reason for each suggestion or recommendation. You should provide personal contact information so that we can contact you if we have questions regarding your comments; but please note that all comments will be posted to the online docket without change and that any personal information you include can be searchable online (see the Federal Register Privacy Act notice regarding our public dockets, 73 FR 3316, Jan. 17, 2008).
Mailed or hand-delivered comments should be in an unbound 81⁄2 x 11 inch format suitable for reproduction. The Docket Management Facility will acknowledge receipt of mailed comments if you enclose a stamped, self-addressed postcard or envelope with your submission.
Documents mentioned in this notice, and all public comments, are in our online docket at http://
www.regulations.gov and can be viewed by following the Web site’s instructions.
You can also view the docket at the Docket Management Facility (see the mailing address under ADDRESSES) between 9 a.m. and 5 p.m., Monday through Friday, except Federal holidays.
Discussion
The Coast Guard is developing policy to help vessel and facility operators identify and address cyber-related vulnerabilities that could contribute to a Transportation Security Incident (TSI).1 Coast Guard regulations require certain vessel and facility operators to conduct security assessments, and to develop security plans that address vulnerabilities identified by the security assessment.2 Vessel and facility security plans must also address specific security functions, including the following:
• Communications
• Security Training Requirements
• Procedures for vessel/facility interfacing
• Declaration of Security
• Security Systems and Equipment Maintenance
• Security Measures for Access Control
• Security Measures for Handling Cargo
• Security Measures for Monitoring
• Security Incident Procedures
The Coast Guard is seeking public input on the following questions:
(1) What cyber-dependent systems, commonly used in the maritime industry, could lead or contribute to a TSI if they failed, or were exploited by an adversary?
(2) What procedures or standards do vessel and facility operators now employ to identify potential cybersecurity vulnerabilities to their operations?
(3) Are there existing cybersecurity assurance programs in use by industry that the Coast Guard could recognize? If so, to what extent do these programs address vessel or facility systems that could lead to a TSI?
(4) To what extent do current security training programs for vessel and facility personnel address cybersecurity risks and best practices?
(5) What factors should determine when manual backups or other nontechnical approaches are sufficient toaddress cybersecurity vulnerabilities?
(6) How can the Coast Guard leverage Alternative Security Programs 3 to help vessel and facility operators address cybersecurity risks?
(7) How can vessel and facility operators reliably demonstrate to the Coast Guard that critical cyber-systems meet appropriate technical or procedural standards?
(8) Do classification societies, protection and indemnity clubs, or insurers recognize cybersecurity best practices that could help the maritime industry and the Coast Guard address cybersecurity risks? (See also http://www.dhs.gov/publication/cybersecurityinsurance.)
Authority
This notice is issued under the authority of 5 U.S.C. 552(a).
Dated: December 12, 2014.
Captain Andrew Tucci,
Chief, Office of Port & Facility Compliance, U.S. Coast Guard.
[FR Doc. 2014–29658 Filed 12–17–14; 8:45 am]
1 A Transportation Security Incident is defined in 33 CFR 101.105 to mean ‘‘a security incident resulting in a significant loss of life, environmental damage, transportation system disruption, or economic disruption in a particular area.’’
2 33 CFR parts 104 and 105, subparts C and D.
3 An Alternative Security Program is defined in 33 CFR 101.105 to mean ‘‘a third-party or industry organization developed standard that the Commandant [of the Coast Guard] has determined provides an equivalent level of security to that established by [33 CFR Chapter I, Subchapter H].’’


Monday, December 15, 2014

Jan. 15 2015 USCG Public Meeting In Washington DC to Receive Comments on the Development of Cybersecurity Assessment Methods for Vessels and Facilities Regulated by the Coast Guard

On Friday, December 12, 2014, the United Stated Coast Guard posted a notice of a January 15 2015 public meeting in Washington DC to receive comments on the development of cybersecurity assessment methods for vessels and facilities regulated by the Coast Guard. The docket number for submitting comments prior to this meeting is USCG-2014-1020.  Comments may be submitted both before and after the meeting.  There are several deadlines for persons interested in participating.  For attendance in person, the Coast Guard advises that seating is limited and should be reserved by the method specified in the notice NLT January 05, 2014. There will be a live video feed of the meeting.  To access the video feed, the request must be made by the means specified in the notice NLT January 13, 2015. Persons who wish to attend the meeting in person are advised of transportation and identification requirements.

My memory may be failing me but it seems to me like the last time I tried to access this building (Department of Transportation Headquarters building) two government-issued photo IDs were required, not one, as the notice specifies.  Below is the text of the notice from regulations.gov.  The supplemental documents referenced in the notice have not been posted as of noon 12/15/14.

Action

Notice of public meeting and request for comments.

Summary

The U.S. Coast Guard announces a public meeting to be held in Washington, DC, to receive comments on the development of cybersecurity assessment methods for vessels and facilities regulated by the Coast Guard. This meeting will provide an opportunity for the public to comment on development of security assessment methods that assist vessel and facility owners and operators identify and address cybersecurity vulnerabilities that could cause or contribute to a Transportation Security Incident. The Coast Guard will consider these public comments in developing relevant guidance, which may include standards, guidelines, and best practices to protect maritime critical infrastructure.

Dates

The meeting will be held on Thursday, January 15, 2015 from 9:00 a.m. to 12:00 p.m. The deadline to reserve a seat is Monday, January 5, 2015. All written comments and related material must either be submitted to the online docket via http://www.regulations.gov on or before January 29, 2015 or reach the Docket Management Facility by that date.

Addresses

The public meeting will be held at the Department of Transportation Headquarters, Oklahoma Room, 1200 New Jersey Avenue SE., Washington, DC 20590; the building telephone number is 202-366-1035. The building is accessible by taxi, public transit, and privately-owned conveyance. However, public parking in the vicinity of the building is extremely limited. Meeting participants are encouraged to use mass transit.
Seating is limited, so please reserve a seat as soon as possible, but no later than January 5, 2015. To reserve a seat, please email Josephine.A.Long@uscg.mil with the participant's first and last name for all U.S. Citizens, and additionally, official title, date of birth, country of citizenship, and passport number with expiration date for non-U.S. Citizens. To gain entrance to the Department of Transportation Headquarters building, all meeting participants must present government-issued photo identification (e.g., state-issued driver's license). If a visitor does not have a photo ID, that person will not be permitted to enter the facility. All visitors and any items brought into the facility will be required to go through security screening each time they enter the building.

The Coast Guard will provide a live video feed of the meeting. To access the video feed, email a request to LT Josephine Long at Josephine.A.Long@uscg.mil no later than January 13, 2015.

The docket for this notice is available for inspection or copying at the Docket Management Facility (M-30, U.S. Department of Transportation, West Building Ground Floor, Room W12-140, 1200 New Jersey Avenue SE., Washington, DC 20590, between 9 a.m. and 5 p.m., Monday through Friday, except Federal holidays. You may also find this docket on the Internet by going to http://www.regulations.gov, entering USCG-2014-1020 in the search box and following the instructions.

Written comments may also be submitted in response to this notice. All written comments and related material submitted before or after the meeting must either be submitted to the online docket via http://www.regulations.gov on or before January 29, 2015 or reach the Docket Management Facility by that date. You may submit written comments identified by docket number USCG-2014-1020 before or after the meeting using any one of the following methods:
(1) Federal eRulemaking Portal: http://www.regulations.gov.
(2) Fax: 202-372-1990.
(3) Mail: Docket Management Facility (M-30), U.S. Department of Transportation, West Building Ground Floor, Room W12-140, 1200 New Jersey Avenue SE., Washington, DC 20590-0001.
(4) Hand delivery: Same as mail address above, between 9 a.m. and 5 p.m., Monday through Friday, except Federal holidays. The telephone number is 202-366-9329.
To avoid duplication, please use only one of these four methods.

The Coast Guard will post a video recording and written summary of the meeting to the docket.

For Further Information Contact

If there are questions concerning this meeting, please call or email LT Josephine Long, Coast Guard at 202-372-1109 or via email at Josephine.A.Long@uscg.mil or LCDR Joshua Rose, Coast Guard; at 202-372-1106 or via email at Joshua.D.Rose@uscg.mil. If there are questions on viewing or submitting material to the docket, call Ms. Cheryl Collins, Program Manager, Docket Operations, telephone 202-366-9826.

Supplementary Information

Background and Purpose

On February 12, 2013, the President signed Executive Order (E.O.) 13636 “Improving Critical Infrastructure Cybersecurity.” The E.O. provided the national approach to protecting critical infrastructure cybersecurity and directed federal agencies to assess cyber risk to critical infrastructure. Pursuant to E.O. 13636, the National Institute of Standards and Technology (NIST) developed a voluntary Preliminary Cybersecurity Framework, (1) followed by the February 12, 2014 publication of a Framework for Improving Critical Infrastructure Cybersecurity (2) (Cybersecurity Framework). The Cybersecurity Framework serves to help industry stakeholders reduce their cyber risk and vulnerabilities. The Coast Guard encourages vessel and facility owners and operators to adopt the Cybersecurity Framework voluntarily to achieve a minimum standard of cybersecurity protection.
Section 7(d) of E.O. 13636 states that in developing the Cybersecurity Framework, the Director of NIST “shall engage in an open public review and comment process” and consult with stakeholders including owners and operators of critical infrastructure. Similarly, the Coast Guard will host this public meeting to engage the public and obtain comments to assist in the drafting of procedures to enable operators of vessels and facilities regulated pursuant to the Maritime Transportation Security Act of 2002 (MTSA) to identify and address cybersecurity risks that could result in a Transportation Security Incident (TSI). (3) This may include standards, guidelines, and best practices to protect maritime critical infrastructure. 

The meeting will include the following topics:

(1) Identify: What cyber dependent systems perform vital functions that are addressed in MTSA requirements, such as access control, cargo control, and communications?
(2) Protect: What standards are suitable to ensure the integrity of these systems?
(3) Detect: What procedures are available to owners and operators to detect cyber intrusions that could compromise the integrity of vital systems or contribute to a TSI?
(4) Respond: What response and notification procedures can minimize the consequences of cyber events?
(5) Recover: What procedures can owners and operators take to promote rapid maritime transportation system recovery after a cyber incident?

In addition to the topics outlined above, the Coast Guard is posting several supplemental documents to the online docket for this notice. The supplemental documents provide additional background information that may be useful for the public to consider in formulating comments. We encourage individuals interested in participating in the public meeting and/or submitting comments to the docket to review the supplemental documents. To view the supplemental documents and other documents mentioned in this notice as available in the docket, please follow the instructions described above in the ADDRESSES section. If you do not have access to the Internet, you may view the docket online by visiting the Docket Management Facility in Room W12-140 on the ground floor of the Department of Transportation West Building, 1200 New Jersey Avenue SE., Washington, DC 20590, between 9 a.m. and 5 p.m., Monday through Friday, except Federal holidays. The Coast Guard has an agreement with the Department of Transportation to use the Docket Management Facility.

The Coast Guard encourages the public to participate by submitting comments either in person at the meeting or in writing. The public may submit written comments to Coast Guard personnel at the meeting. The Coast Guard will post these comments to the online public docket. All comments received will be posted without change to http://www.regulations.gov and will include any personal information you have provided.

Privacy Act

Anyone can search the electronic form of comments received into any of the dockets by the name of the individual submitting the comment (or signing the comment, if submitted on behalf of an association, business, labor union, etc.). There is a Privacy Act notice regarding the public dockets for review in the January 17, 2008, issue of the Federal Register(73 FR 3316).

Information on Services for Individuals With Disabilities

For information on facilities or services for individuals with disabilities or to request special assistance at the public meeting, contact LT Josephine Long at the telephone number or email address indicated under the FOR FURTHER INFORMATION CONTACT section of this notice.

Authority
This notice is issued under the authority of 5 U.S.C. 552(a).
Dated: December 3, 2014.
Andrew Tucci,
Chief, Office of Port & Facility Compliance, U.S. Coast Guard.
[FR Doc. 2014-29205 Filed 12-11-14; 8:45 am]

BILLING CODE 9110-04-P