In 2013, President Obama issued Executive Order 13636 and directed the Director of the National Institute of Standards and Technology (NIST) to "lead the development of a framework to reduce cybersecurity risks to critical infrastructure" (Cybersecurity Framework). The Cybersecurity Framework was published in February 2014. A number of industries are integrating the Cybersecurity Framework, including by creating industry-focused Framework Profiles (Profiles) as described in the Cybersecurity Framework.

This month, NIST and the United States Coast Guard (USCG) released a "Maritime Bulk Liquids Transfer Cybersecurity Framework Profile" (Bulk Liquids Transfer Profile) to address the vulnerabilities in the transfer process of bulk hazardous liquids in the maritime industry. These transfers are often a part of a sophisticated supply chain that uses multiple networked systems, and is therefore vulnerable to attack. The new profile serves to assist in cybersecurity risk assessments for those entities involved in maritime bulk liquids transfer operations as overseen by the USCG, and is intended to act as "non-mandatory guidance to organizations conducting" maritime bulk liquids transfer operations within facilities and vessels under the regulatory control of the USCG under the Code of Federal Regulations 33 CFR 154-156.

The stated benefits of creating the new Bulk Liquids Transfer Profile include:

  • Compliance reporting becoming a byproduct of running an organization's security operation;
  • Adding new security requirements will become more straightforward;
  • Adding or changing operational methodology will be less intrusive to ongoing operations;
  • Minimizing future work by future organizations;
  • Decreasing the chance that organizations will accidentally omit a requirement;
  • Facilitating understanding of the bulk liquid transfers environment to allow for consistent analysis of cybersecurity-risk; and
  • Aligning industry and USCG cybersecurity priorities.

Other benefits include strengthening strategic communications between:

  • Risk executives and operational technology integration of cybersecurity capabilities;
  • Personnel involved in cybersecurity governance processes and operational technology oversight; and
  • Enterprises who are just becoming aware of cybersecurity recommended practices with subject matter expertise and the collective wisdom of industry experts.

The new profile can be found here.

Dentons is the world's first polycentric global law firm. A top 20 firm on the Acritas 2015 Global Elite Brand Index, the Firm is committed to challenging the status quo in delivering consistent and uncompromising quality and value in new and inventive ways. Driven to provide clients a competitive edge, and connected to the communities where its clients want to do business, Dentons knows that understanding local cultures is crucial to successfully completing a deal, resolving a dispute or solving a business challenge. Now the world's largest law firm, Dentons' global team builds agile, tailored solutions to meet the local, national and global needs of private and public clients of any size in more than 125 locations serving 50-plus countries. www.dentons.com.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.