News and Events

August 09, 2017

On August 7, 2017, the U.S. Coast Guard ("USCG") Office of Port and Facility Compliance released a "Content Preview of the Passenger Operation Cybersecurity Framework Profile" ("the Preview"). The Preview sets out and describes 13 mission objectives with respect to passenger vessels and [applies] the National Institute of Standards and Technology's (NIST) Cybersecurity Framework ("the Framework") to those mission objectives. The Preview was developed through the collaboration of the USCG, NIST's National Cybersecurity Center of Excellence and various industry stakeholders.

February 16, 2017

NCCoE Project Engineer Julie Snyder will lead the conversation "Understanding the Cyber Challenge" at 9:30am CT at the Four Seasons Hotel in Houston, TX. Featuring oil and gas leaders, this conversation will cover innovative technology trends being adopted by the oil industry and the potential risks they pose to the security of oil networks and infrastructure, and provide insights into how risk is driving industry decision-making and how companies are responding to the need to defend their systems. 

November 18, 2016

 This is interesting as the Coast Guard develops the NVIC and may be a sign of future regulation with regard to cyber security of an asset in the Marine Transportation Sector.  Future profiles may include mobile offshore drilling operations, passenger vessel and terminal operations.  

November 16, 2016

The National Institute of Standards and Technology (NIST) has collaborated with the U.S. Coast Guard and the oil and natural gas industry to develop a cybersecurity document that aims to ensure the safe transfer of hazardous liquids from marine vessels to ground pipelines and vehicles. NIST’s National Cybersecurity Center of Excellence (NCCoE) developed the cybersecurity framework profile in an effort to help risk managers, vessel operators, cyber professionals and operations executives evaluate cyber risks related to the “maritime bulk liquid transfer” process.

November 15, 2016

The U.S. Coast Guard, the National Institute of Standards and Technology and stakeholders in the maritime and oil and natural gas industries have created a “profile” of voluntary guidelines to help secure the computers used to control valves, pumps and sensors used at facilities that transfer liquids on and off of shipping vessels.

November 15, 2016

The U.S. Coast Guard (USCG) oversees approximately 800 waterfront facilities that, among other activities, transfer hazardous liquids between marine vessels and land-based pipelines, tanks or vehicles. These “maritime bulk liquid transfers” increasingly rely on computers to operate valves and pumps, monitor sensors, and perform many other vital safety and security functions. This makes the whole system more vulnerable to cybersecurity issues ranging from malware to human error, and is the reason behind a new voluntary cybersecurity guide for the industry. Maritime bulk liquid transfer processes are part of a complex and sophisticated supply chain of the oil and natural gas industry that brings together various types of organizations and systems. The USCG and industry representatives...

November 14, 2016

The National Institute of Standards and Technology and the U.S. Coast Guard have issued a final version of a cybersecurity “profile” mapping the federal framework of cybersecurity standards to ports that manage hazardous liquids. The document, released Nov. 10, is the first in a series that will provide guidance to the maritime industry in implementing the NIST cybersecurity framework to specific maritime settings.

November 14, 2016

The National Institute of Standards and Technology (NIST) is launching a collaborative project to improve the security of wireless infusion pumps. The goal of the work, which is being conducted by NIST’s National Cybersecurity Center of Excellence (NCCoE), is to create a security structure that can protect the pumps—and the information systems to which they connect—from hacking.

November 14, 2016

The U.S. Coast Guard, the National Institute of Standards and Technology (NIST), and maritime industry stakeholders have developed a voluntary cybersecurity “profile” for maritime bulk liquid transfer (MBLT) facilities. This profile will be released at the American Petroleum Institute’s 11th Annual Cybersecurity Conference in Houston. The profile implements the NIST Cybersecurity Framework, which was developed in 2014 to address and manage cybersecurity risk in a cost-effective way based on business needs and without placing additional regulatory requirements on businesses. The profile is how organizations align the framework’s cybersecurity activities, outcomes, and informative references to organizational business requirements, risk tolerances, and resources.

November 11, 2016

The document is the first in a series of planned profiles that will help maritime industry organizations make the most of the voluntary Framework for Improving Critical Infrastructure Cybersecurity, published by NIST in February 2014. The profile pulls into one document recommended  safeguards to provide a starting point for organizations to review and adapt their risk management processes, and it describes a desired minimum state of cybersecurity.

November 11, 2016

The dangers involved in shifting volatile liquids from ship to shore may not appear to have a cybersecurity angle, but according to the U.S. Coast Guard (USCG) many transfter facilities are computer controlled and thus vulnerable to cyberattack. With this in mind the USCG, National Institute of Standards and Technology (NIST) and the maritime industry came together to create a voluntary framework to help protect these computer systems. 

November 10, 2016

The U.S. Coast Guard (USCG) oversees approximately 800 waterfront facilities that, among other activities, transfer hazardous liquids between marine vessels and land-based pipelines, tanks or vehicles. These “maritime bulk liquid transfers” increasingly rely on computers to operate valves and pumps, monitor sensors and perform many other vital safety and security functions. This makes the whole system more vulnerable to cybersecurity issues ranging from malware to human error, and is the reason behind a new voluntary cybersecurity guide for the industry.

November 09, 2016

The NCCoE will lead  a talk on "Industry/Government Partnership: Cybersecurity through Development of a NIST CSF Profile with US Coast Guard" as part of the NIST Cybersecurity Framework: Use & Deployment session at the 11th Annual Cybersecurity Conference for the Oil & Natural Gas Industry in Houston, Texas on Thursday, November 10, 1:00-2:10 pm CT. 

June 26, 2016

NCCoE Senior Cybersecurity Engineer Jim McCarthy will host the workshop "Remaining Ahead of the Curve: Applying the NIST/NCCoE Energy Sector Practice Guides to the Cyber Security Challenges of the Oil & Gas Industry" at the 4th Annual Cyber Security for Oil & Gas Summit on June 27 at 2:30pm. The summit, held from June 27 - 29 in Houston, TX, will bring together industry experts who will address critical concerns and trends regarding cyber security for the oil & gas industry, and cover how to address these concerns in a down market. Download the full agenda.

April 11, 2016

On April 5, 2016, in coordination with the National Institute of Standards and Technology (NIST) Cybersecurity Framework Workshop 2016, the National Cybersecurity Center of Excellence (NCCoE) hosted a pre-workshop with members of the maritime and oil & natural gas industries to begin identifying and prioritizing cybersecurity challenges facing the industry. This NCCoE-facilitated open session was the first in a series of discussions with this industry sector to help define cybersecurity challenges to address jointly with industry and technology providers in NCCoE labs.

April 07, 2016

A new “profile” mapping the federal framework of cybersecurity standards to the maritime sector is intended to establish a baseline for what the Coast Guard expects from industry on cyber protections, a Coast Guard official said today...The Coast Guard hopes to expand its framework profile work to other maritime subsectors, including offshore drilling, navigation, and commercial vessels, according to Dan Tobin, a senior security engineer at NIST’s National Cybersecurity Center of Excellence, which has assisted the Coast Guard in developing the profile.

The profile creation has resulted from collaboration between the Coast Guard, NIST, and industry, Tobin said.

April 04, 2016

In coordination with the upcoming National Institute of Standards and Technology (NIST) Cybersecurity Framework Workshop 2016, the NCCoE invites interested members of the maritime and oil & natural gas industries to identify and prioritize hard cybersecurity challenges that can be addressed jointly by the NCCoE and industry.

May 14, 2015

Don Tobin, senior security engineer at the NCCoE, will be speaking at the Area Maritime Security Committee Delaware Bay Meeting on May 15, 2015.