Guidance on Maritime Cybersecurity Standards, 75574-75575 [2014-29658]
Download as PDF
<![CDATA[
75574
Federal Register / Vol. 79, No. 243 / Thursday, December 18, 2014 / Notices
Properly filed competing applications
for a license filed in response to this
notice will be treated as objections to
the contemplated license. Comments
and objections submitted in response to
this notice will not be made available
for public inspection, and, to the extent
permitted by law, will not be released
under the Freedom of Information Act,
5 U.S.C. 552.
Dated: December 11, 2014.
Richard U. Rodriguez,
Acting Director, Office of Technology
Transfer, National Institutes of Health.
[FR Doc. 2014–29572 Filed 12–17–14; 8:45 am]
BILLING CODE 4140–01–P
DEPARTMENT OF HOMELAND
SECURITY
Coast Guard
[Docket No. USCG–2014–1020]
Guidance on Maritime Cybersecurity
Standards
Coast Guard, DHS.
Notice with request for
comments.
AGENCY:
ACTION:
The Coast Guard is
developing policy to help vessel and
facility operators identify and address
cyber-related vulnerabilities that could
contribute to a Transportation Security
Incident. Coast Guard regulations
require certain vessel and facility
operators to conduct security
assessments, and to develop security
plans that address vulnerabilities
identified by the security assessment.
The Coast Guard is seeking public input
from the maritime industry and other
interested parties on how to identify
and mitigate potential vulnerabilities to
cyber-dependent systems. The Coast
Guard will consider these public
comments in developing relevant
guidance, which may include standards,
guidelines, and best practices to protect
maritime critical infrastructure.
DATES: Comments must be submitted to
the online docket via https://
www.regulations.gov, or reach the
Docket Management Facility, on or
before February 17, 2015.
ADDRESSES: Submit comments using one
of the listed methods, and see
SUPPLEMENTARY INFORMATION for more
information on public comments.
• Online—https://www.regulations.gov
following Web site instructions.
• Fax—202–493–2251.
• Mail or hand deliver—Docket
Management Facility (M–30), U.S.
Department of Transportation, West
Building Ground Floor, Room W12–140,
mstockstill on DSK4VPTVN1PROD with NOTICES
SUMMARY:
VerDate Sep<11>2014
19:23 Dec 17, 2014
Jkt 235001
1200 New Jersey Avenue SE.,
Washington, DC 20590–0001. Hours for
hand delivery are 9 a.m. to 5 p.m.,
Monday through Friday, except Federal
holidays (telephone 202–366–9329).
FOR FURTHER INFORMATION CONTACT: For
information about this document call or
email LT Josephine Long, Coast Guard;
telephone 202–372–1109, email
Josephine.A.Long@uscg.mil or LCDR
Joshua Rose, Coast Guard; 202–372–
1106, email Joshua.D.Rose@uscg.mil.
For information about viewing or
submitting material to the docket, call
Cheryl Collins, Program Manager,
Docket Operations, telephone 202–366–
9826, toll free 1–800–647–5527.
SUPPLEMENTARY INFORMATION:
Public Participation and Comments
We encourage you to submit
comments (or related material) on the
questions listed below. We will consider
all submissions and may adjust our final
policy actions based on your comments.
Comments should be marked with
docket number USCG–2014–1020, and
should provide a reason for each
suggestion or recommendation. You
should provide personal contact
information so that we can contact you
if we have questions regarding your
comments; but please note that all
comments will be posted to the online
docket without change and that any
personal information you include can be
searchable online (see the Federal
Register Privacy Act notice regarding
our public dockets, 73 FR 3316, Jan. 17,
2008).
Mailed or hand-delivered comments
should be in an unbound 81⁄2 x 11 inch
format suitable for reproduction. The
Docket Management Facility will
acknowledge receipt of mailed
comments if you enclose a stamped,
self-addressed postcard or envelope
with your submission.
Documents mentioned in this notice,
and all public comments, are in our
online docket at https://
www.regulations.gov and can be viewed
by following the Web site’s instructions.
You can also view the docket at the
Docket Management Facility (see the
mailing address under ADDRESSES)
between 9 a.m. and 5 p.m., Monday
through Friday, except Federal holidays.
Discussion
The Coast Guard is developing policy
to help vessel and facility operators
identify and address cyber-related
vulnerabilities that could contribute to a
Transportation Security Incident (TSI).1
1 A Transportation Security Incident is defined in
33 CFR 101.105 to mean ‘‘a security incident
resulting in a significant loss of life, environmental
PO 00000
Frm 00044
Fmt 4703
Sfmt 4703
Coast Guard regulations require certain
vessel and facility operators to conduct
security assessments, and to develop
security plans that address
vulnerabilities identified by the security
assessment.2 Vessel and facility security
plans must also address specific
security functions, including the
following:
• Communications
• Security Training Requirements
• Procedures for vessel/facility
interfacing
• Declaration of Security
• Security Systems and Equipment
Maintenance
• Security Measures for Access Control
• Security Measures for Handling Cargo
• Security Measures for Monitoring
• Security Incident Procedures
The Coast Guard is seeking public input
on the following questions:
(1) What cyber-dependent systems,
commonly used in the maritime
industry, could lead or contribute to a
TSI if they failed, or were exploited by
an adversary?
(2) What procedures or standards do
vessel and facility operators now
employ to identify potential
cybersecurity vulnerabilities to their
operations?
(3) Are there existing cybersecurity
assurance programs in use by industry
that the Coast Guard could recognize? If
so, to what extent do these programs
address vessel or facility systems that
could lead to a TSI?
(4) To what extent do current security
training programs for vessel and facility
personnel address cybersecurity risks
and best practices?
(5) What factors should determine
when manual backups or other nontechnical approaches are sufficient to
address cybersecurity vulnerabilities?
(6) How can the Coast Guard leverage
Alternative Security Programs 3 to help
vessel and facility operators address
cybersecurity risks?
(7) How can vessel and facility
operators reliably demonstrate to the
Coast Guard that critical cyber-systems
meet appropriate technical or
procedural standards?
(8) Do classification societies,
protection and indemnity clubs, or
insurers recognize cybersecurity best
practices that could help the maritime
industry and the Coast Guard address
damage, transportation system disruption, or
economic disruption in a particular area.’’
2 33 CFR parts 104 and 105, subparts C and D.
3 An Alternative Security Program is defined in
33 CFR 101.105 to mean ‘‘a third-party or industry
organization developed standard that the
Commandant [of the Coast Guard] has determined
provides an equivalent level of security to that
established by [33 CFR Chapter I, Subchapter H].’’
E:\FR\FM\18DEN1.SGM
18DEN1
Federal Register / Vol. 79, No. 243 / Thursday, December 18, 2014 / Notices
cybersecurity risks? (See also https://
www.dhs.gov/publication/cybersecurityinsurance.)
Authority
This notice is issued under the
authority of 5 U.S.C. 552(a).
Dated: December 12, 2014.
Captain Andrew Tucci,
Chief, Office of Port & Facility Compliance,
U.S. Coast Guard.
[FR Doc. 2014–29658 Filed 12–17–14; 8:45 am]
BILLING CODE 9110–04–P
DEPARTMENT OF HOMELAND
SECURITY
Federal Emergency Management
Agency
[Docket No. FEMA–2014–0002; Internal
Agency Docket No. FEMA–B–1436]
Proposed Flood Hazard
Determinations
report for each community are
accessible online through the FEMA
Map Service Center at
www.msc.fema.gov for comparison.
You may submit comments, identified
by Docket No. FEMA–B–1436, to Luis
Rodriguez, Chief, Engineering
Management Branch, Federal Insurance
and Mitigation Administration, FEMA,
500 C Street SW., Washington, DC
20472, (202) 646–4064, or (email)
Luis.Rodriguez3@fema.dhs.gov.
FOR FURTHER INFORMATION CONTACT: Luis
Rodriguez, Chief, Engineering
Management Branch, Federal Insurance
and Mitigation Administration, FEMA,
500 C Street SW., Washington, DC
20472, (202) 646–4064 or (email)
Luis.Rodriguez3@fema.dhs.gov; or visit
the FEMA Map Information eXchange
(FMIX) online at
www.floodmaps.fema.gov/fhm/fmx_
main.html.
FEMA
proposes to make flood hazard
determinations for each community
listed in the table below, in accordance
with Section 110 of the Flood Disaster
Protection Act of 1973, 42 U.S.C. 4104,
and 44 CFR 67.4(a).
These proposed flood hazard
determinations, together with the
floodplain management criteria required
by 44 CFR 60.3, are the minimum that
are required. They should not be
construed to mean that the community
must change any existing ordinances
that are more stringent in their
floodplain management requirements.
The community may at any time enact
stricter requirements of its own, or
pursuant to policies established by other
Federal, State, or regional entities.
These flood hazard determinations are
used to meet the floodplain
management requirements of the NFIP
and are also used to calculate the
appropriate flood insurance premium
rates for new buildings built after the
FIRM and FIS report become effective.
Use of a Scientific Resolution Panel
(SRP) is available to communities in
SUPPLEMENTARY INFORMATION:
Federal Emergency
Management Agency; DHS.
ACTION: Notice; correction.
AGENCY:
On November 3, 2014, FEMA
published in the Federal Register a
proposed flood hazard determination
notice that contained an erroneous
table. This notice provides corrections
to that table, to be used in lieu of the
information published at 79 FR 65231.
The table provided here represents the
proposed flood hazard determinations
and communities affected for the East
Nishnabotna Watershed.
DATES: Comments are to be submitted
on or before March 18, 2015.
ADDRESSES: The Preliminary Flood
Insurance Rate Map (FIRM), and where
applicable, the Flood Insurance Study
(FIS) report for each community are
available for inspection at both the
online location and the respective
Community Map Repository address
listed in the table below. Additionally,
the current effective FIRM and FIS
SUMMARY:
75575
support of the appeal resolution
process. SRPs are independent panels of
experts in hydrology, hydraulics, and
other pertinent sciences established to
review conflicting scientific and
technical data and provide
recommendations for resolution. Use of
the SRP may only be exercised after
FEMA and local communities have been
engaged in a collaborative consultation
process for at least 60 days without a
mutually acceptable resolution of an
appeal. Additional information
regarding the SRP process can be found
online at https://floodsrp.org/pdfs/srp_
fact_sheet.pdf.
The communities affected by the
flood hazard determinations are
provided in the table below. Any
request for reconsideration of the
revised flood hazard determinations
shown on the Preliminary FIRM and FIS
report that satisfies the data
requirements outlined in 44 CFR 67.6(b)
is considered an appeal. Comments
unrelated to the flood hazard
determinations will also be considered
before the FIRM and FIS report are
made final.
Correction
In the proposed flood hazard
determination notice published at 79 FR
65230 in the November 3, 2014, issue of
the Federal Register, FEMA published a
table titled East Nishnobta Watershed.
This table contained inaccurate
information as to the spelling for the
watershed name.
In this document, FEMA is publishing
a table containing the accurate
information. The information provided
below should be used in lieu of that
previously published.
(Catalog of Federal Domestic Assistance No.
97.022, ‘‘Flood Insurance.’’)
Dated: November 24, 2014.
Roy E. Wright,
Deputy Associate Administrator for
Mitigation, Department of Homeland
Security, Federal Emergency Management
Agency.
EAST NISHNABOTNA WATERSHED
Community
Community map repository address
Audubon County, Iowa, and Incorporated Areas
mstockstill on DSK4VPTVN1PROD with NOTICES
Maps Available for Inspection Online at: https://www.fema.gov/preliminaryfloodhazarddata
City
City
City
City
of
of
of
of
Audubon ........................................................................................
Brayton ..........................................................................................
Exira ..............................................................................................
Gray ..............................................................................................
City of Kimballton .....................................................................................
Unincorporated Areas of Audubon County ..............................................
VerDate Sep<11>2014
19:23 Dec 17, 2014
Jkt 235001
PO 00000
Frm 00045
Fmt 4703
City Hall,
City Hall,
City Hall,
Audubon
50025.
City Hall,
Audubon
50025.
Sfmt 4703
410 North Park Place, Audubon, IA 50025.
202 County Trunk Road, Brayton, IA 50042.
108 East Washington Street, Exira, IA 50076.
County Courthouse, 318 Leroy Street, Suite 4, Audubon, IA
116 North Main Street, Kimballton, IA 51543.
County Courthouse, 318 Leroy Street, Suite 4, Audubon, IA
E:\FR\FM\18DEN1.SGM
18DEN1
]]>Agencies
[Federal Register Volume 79, Number 243 (Thursday, December 18, 2014)]
[Notices]
[Pages 75574-75575]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: 2014-29658]
=======================================================================
-----------------------------------------------------------------------
DEPARTMENT OF HOMELAND SECURITY
Coast Guard
[Docket No. USCG-2014-1020]
Guidance on Maritime Cybersecurity Standards
AGENCY: Coast Guard, DHS.
ACTION: Notice with request for comments.
-----------------------------------------------------------------------
SUMMARY: The Coast Guard is developing policy to help vessel and
facility operators identify and address cyber-related vulnerabilities
that could contribute to a Transportation Security Incident. Coast
Guard regulations require certain vessel and facility operators to
conduct security assessments, and to develop security plans that
address vulnerabilities identified by the security assessment. The
Coast Guard is seeking public input from the maritime industry and
other interested parties on how to identify and mitigate potential
vulnerabilities to cyber-dependent systems. The Coast Guard will
consider these public comments in developing relevant guidance, which
may include standards, guidelines, and best practices to protect
maritime critical infrastructure.
DATES: Comments must be submitted to the online docket via https://www.regulations.gov, or reach the Docket Management Facility, on or
before February 17, 2015.
ADDRESSES: Submit comments using one of the listed methods, and see
SUPPLEMENTARY INFORMATION for more information on public comments.
Online--https://www.regulations.gov following Web site
instructions.
Fax--202-493-2251.
Mail or hand deliver--Docket Management Facility (M-30),
U.S. Department of Transportation, West Building Ground Floor, Room
W12-140, 1200 New Jersey Avenue SE., Washington, DC 20590-0001. Hours
for hand delivery are 9 a.m. to 5 p.m., Monday through Friday, except
Federal holidays (telephone 202-366-9329).
FOR FURTHER INFORMATION CONTACT: For information about this document
call or email LT Josephine Long, Coast Guard; telephone 202-372-1109,
email Josephine.A.Long@uscg.mil or LCDR Joshua Rose, Coast Guard; 202-
372-1106, email Joshua.D.Rose@uscg.mil. For information about viewing
or submitting material to the docket, call Cheryl Collins, Program
Manager, Docket Operations, telephone 202-366-9826, toll free 1-800-
647-5527.
SUPPLEMENTARY INFORMATION:
Public Participation and Comments
We encourage you to submit comments (or related material) on the
questions listed below. We will consider all submissions and may adjust
our final policy actions based on your comments. Comments should be
marked with docket number USCG-2014-1020, and should provide a reason
for each suggestion or recommendation. You should provide personal
contact information so that we can contact you if we have questions
regarding your comments; but please note that all comments will be
posted to the online docket without change and that any personal
information you include can be searchable online (see the Federal
Register Privacy Act notice regarding our public dockets, 73 FR 3316,
Jan. 17, 2008).
Mailed or hand-delivered comments should be in an unbound 8\1/2\ x
11 inch format suitable for reproduction. The Docket Management
Facility will acknowledge receipt of mailed comments if you enclose a
stamped, self-addressed postcard or envelope with your submission.
Documents mentioned in this notice, and all public comments, are in
our online docket at https://www.regulations.gov and can be viewed by
following the Web site's instructions. You can also view the docket at
the Docket Management Facility (see the mailing address under
ADDRESSES) between 9 a.m. and 5 p.m., Monday through Friday, except
Federal holidays.
Discussion
The Coast Guard is developing policy to help vessel and facility
operators identify and address cyber-related vulnerabilities that could
contribute to a Transportation Security Incident (TSI).\1\ Coast Guard
regulations require certain vessel and facility operators to conduct
security assessments, and to develop security plans that address
vulnerabilities identified by the security assessment.\2\ Vessel and
facility security plans must also address specific security functions,
including the following:
---------------------------------------------------------------------------
\1\ A Transportation Security Incident is defined in 33 CFR
101.105 to mean ``a security incident resulting in a significant
loss of life, environmental damage, transportation system
disruption, or economic disruption in a particular area.''
\2\ 33 CFR parts 104 and 105, subparts C and D.
Communications
Security Training Requirements
Procedures for vessel/facility interfacing
Declaration of Security
Security Systems and Equipment Maintenance
Security Measures for Access Control
Security Measures for Handling Cargo
Security Measures for Monitoring
Security Incident Procedures
The Coast Guard is seeking public input on the following questions:
(1) What cyber-dependent systems, commonly used in the maritime
industry, could lead or contribute to a TSI if they failed, or were
exploited by an adversary?
(2) What procedures or standards do vessel and facility operators
now employ to identify potential cybersecurity vulnerabilities to their
operations?
(3) Are there existing cybersecurity assurance programs in use by
industry that the Coast Guard could recognize? If so, to what extent do
these programs address vessel or facility systems that could lead to a
TSI?
(4) To what extent do current security training programs for vessel
and facility personnel address cybersecurity risks and best practices?
(5) What factors should determine when manual backups or other non-
technical approaches are sufficient to address cybersecurity
vulnerabilities?
(6) How can the Coast Guard leverage Alternative Security Programs
\3\ to help vessel and facility operators address cybersecurity risks?
---------------------------------------------------------------------------
\3\ An Alternative Security Program is defined in 33 CFR 101.105
to mean ``a third-party or industry organization developed standard
that the Commandant [of the Coast Guard] has determined provides an
equivalent level of security to that established by [33 CFR Chapter
I, Subchapter H].''
---------------------------------------------------------------------------
(7) How can vessel and facility operators reliably demonstrate to
the Coast Guard that critical cyber-systems meet appropriate technical
or procedural standards?
(8) Do classification societies, protection and indemnity clubs, or
insurers recognize cybersecurity best practices that could help the
maritime industry and the Coast Guard address
[[Page 75575]]
cybersecurity risks? (See also https://www.dhs.gov/publication/cybersecurity-insurance.)
Authority
This notice is issued under the authority of 5 U.S.C. 552(a).
Dated: December 12, 2014.
Captain Andrew Tucci,
Chief, Office of Port & Facility Compliance, U.S. Coast Guard.
[FR Doc. 2014-29658 Filed 12-17-14; 8:45 am]
BILLING CODE 9110-04-P
