In October, the Cybersecurity and Infrastructure Security Agency released its Cybersecurity Performance Goals (CPGs) and metrics designed to help entities in industrial sectors improve their cybersecurity posture. The CPGs were required by President Biden via a national security memo on improving cybersecurity for critical infrastructure control systems. These performance goals, created in coordination between government and private industry, are based on the National Institute of Standards and Technology’s (NIST) Cybersecurity Framework (CSF) and represent a “quick start guide” for organizations of all sizes to address Information Technology (IT)/Operational Technology (OT) cybersecurity.
Cyber-related risks are a growing portion of the vulnerabilities facing the Marine Transportation System (MTS). Cyber technologies enable the MTS to operate with an impressive record of reliability and at a capacity that drives the U.S. economy and supports national defense, homeland security, and related needs. While cyber systems create benefits, they also introduce risk. Exploitation, misuse, or failure of cyber systems could cause harm to the marine environment or disrupt vital trade activity. Even a temporary or partial disruption of MTS operations could have serious consequences. As a result, cyber risk management has become increasingly important. The CPGs represent another resource for critical infrastructure stakeholders to utilize to improve their cyber resilience, and reflects the continued cooperation and collaboration across government agencies and industry.
CISA’s official announcement can be found at https://www.dhs.gov/news/2022/10/27/dhs-announces-new-cybersecurity-performance-goals-critical-infrastructure.
The actual CPGs can be found at https://www.cisa.gov/cpg
This blog is not a replacement or substitute for the formal posting of regulations and updates or existing processes for receiving formal feedback of the same. Links provided on this blog will direct the reader to official publications, such as the Federal Register, Homeport and the Code of Federal Regulations. These publications remain the official source for regulatory information published by the Coast Guard.