The U.S. Coast Guard, National Institute of Standards and Technology (NIST), and maritime industry stakeholders have developed a voluntary cybersecurity “profile” for maritime bulk liquid transfer facilities.

The document collects recommended cybersecurity safeguards as they pertain to the transfer of hazardous liquids between marine vessels and land-based pipelines, tanks, or vehicles.

According to NIST, maritime bulk liquid transfers increasingly rely on computers to operate valves and pumps, monitor sensors, and perform many other vital safety and security functions. This set-up makes the system more vulnerable to cybersecurity issues ranging from malware to human error.

The profile addresses the need for security controls on operational technologies.The profile is aimed at operations executives, risk managers, cybersecurity professionals, and vessel operators. It addresses the need for security controls on operational technologies such as storage, transfer, pressure and vapor monitoring, emergency response, and spill mitigation systems.

"These facilities face inherent cybersecurity vulnerabilities, and the Coast Guard hopes this profile will assist organizations with mitigating them and provide a long-term process for developing an internal cyber risk management program,” says Lieutenant Commander Josephine Long, a marine safety expert in the Critical Infrastructure Branch within the Coast Guard’s Office of Port and Facility Compliance.

According to Long, the Coast Guard expects to work with NIST to build four additional profiles. The next two will address passenger vessel and terminal operations, as well as mobile offshore drilling operations.