Government Agencies to Monitor Offshore Marine, Energy Sector Cyber Threats
Cybersecurity is attaining the same level of importance that health, safety and environment issues have in oil and gas over the past 20 years. Over the past 18 months, the U.S. federal government also has undertaken a series of actions regarding cybersecurity issues in the oil and gas sector, Glenn Legge, a partner at Legge, Farrow, Kimmitt, McGrath & Brown LLP, told Rigzone. Through different agencies and the executive branch, the federal government has sought to encourage the private sector to create a more robust cybersecurity network.
Late last year, the U.S. Department of Homeland Security and the U.S. Coast Guard announced that they would develop cybersecurity regulations for the marine and offshore energy sectors. These regulations would address concerns over cyberrisks and vulnerabilities among vessels and facilities subject to the Maritime Transportation Security Act of 2002.
The regulations will create standards and minimum requirements for companies working in the marine and offshore energy industries. Legge said his firm anticipates that some of the proposed regulatory requirements will be drawn from industry cybersecurity standards, as well as recommendations created by the National Institute of Standards and Technology (NIST), a non-regulatory branch of the U.S. Department of Commerce.
Prior to this order, most of the existing regulations have been focused on data breach events, such as the theft of credit card and Social Security numbers, instead of a cyber-attack on offshore infrastructure.
“Unlike exercising oversight over other marine and offshore energy activities, regulating cybersecurity will be very challenging, as industry standards in this area are continually evolving at a rapid rate in response to ever-changing cyber threats,” according to the law firm’s February 2015 newsletter. “The new regulatory framework will have to have some degree of adaptability to oversee cybersecurity in an evolving threat environment.”
Both agencies have asked for comments from industry stakeholders, insurers, protection and indemnity insurance clubs and classification societies. The deadline for comments has been extended to April 15 of this year.
The decision of both agencies to take action may have been partly caused by a June 2014 General Accounting Office (GAO) report that was critical of DHS and USCG on cybersecurity. The report addressed port cybersecurity, but used the Maritime Transportation Security Act (MTSA) as a reference guide to determine the scope of vessels and facilities that will be subject to cybersecurity regulations.
View Full Article
WHAT DO YOU THINK?
Generated by readers, the comments included herein do not reflect the views and opinions of Rigzone. All comments are subject to editorial review. Off-topic, inappropriate or insulting comments will be removed.