CORE-Observatory

Comentario de “Protección de la Infraestructura Crítica Marítima – El Departamento de Seguridad Nacional necesita dirigir mejor la seguridad cibernética Portuaria”, Informe al Presidente, Comisión de Comercio, Ciencia y Transporte, Senado de los Estados Unidos, Oficina de Rendición de Cuentas del Gobierno de los Estados Unidos, junio de 2014 (CORE1098)

Resumen: Las medidas adoptadas por el Departamento de Seguridad Nacional (DHS, por sus siglas en inglés) y dos de las agencias que lo componen, la Guardia Costera de los Estados Unidos y la Agencia Federal para el Manejo de Emergencias (FEMA, por sus siglas en inglés), así como otras agencias federales, para hacer frente a la seguridad cibernética en el entorno marítimo portuario, han sido limitadas. Reporte disponible (en inglés) en: http://www.gao.gov/assets/670/663828.pdf

[s2If is_user_logged_in()]

Full review: While the Coast Guard initiated a number of activities and coordinating strategies to improve physical security in specific ports, it has not conducted a risk assessment that fully addresses cyber-related threats, vulnerabilities, and consequences. Coast Guard officials stated that they intend to conduct such an assessment in the future, but did not provide details to show how it would address cybersecurity. Until the Coast Guard completes a thorough assessment of cyber risks in the maritime environment, the ability of stakeholders to appropriately plan and allocate resources to protect ports and other maritime facilities will be limited.

Maritime security plans required by law and regulation generally did not identify or address potential cyber-related threats or vulnerabilities. This was because the guidance issued by Coast Guard for developing these plans did not require cyber elements to be addressed. Officials stated that guidance for the next set of updated plans, due for update in 2014, will include cybersecurity requirements. However, in the absence of a comprehensive risk assessment, the revised guidance may not adequately address cyber-related risks to the maritime environment.

The degree to which information-sharing mechanisms (e.g., councils) were active and shared cybersecurity-related information varied. Specifically, the Coast Guard established a government coordinating council to share information among government entities, but it is unclear to what extent this body has shared information related to cybersecurity. In addition, a sector coordinating council for sharing information among nonfederal stakeholders is no longer active, and the Coast Guard has not convinced stakeholders to reestablish it. Until the Coast Guard improves these mechanisms, maritime stakeholders in different locations are at greater risk of not being aware of, and thus not mitigating, cyber-based threats.

Under a program to provide security-related grants to ports, FEMA identified enhancing cybersecurity capabilities as a funding priority for the first time in fiscal year 2013 and has provided guidance for cybersecurity-related proposals. However, the agency has not consulted cybersecurity-related subject matter experts to inform the multi-level review of cyber-related proposals—partly because FEMA has downsized the expert panel that reviews grants. Also, because the Coast Guard has not assessed cyber-related risks in the maritime risk assessment, grant applicants and FEMA have not been able to use this information to inform funding proposals and decisions. As a result, FEMA is limited in its ability to ensure that the program is effectively addressing cyber-related risks in the maritime environment.

Why GAO Did This Study? U.S. maritime ports handle more than $1.3 trillion in cargo annually. The operations of these ports are supported by information and communication systems, which are susceptible to cyber-related threats. Failures in these systems could degrade or interrupt operations at ports, including the flow of commerce. Federal agencies—in particular DHS—and industry stakeholders have specific roles in protecting maritime facilities and ports from physical and cyber threats. GAO’s objective was to identify the extent to which DHS and other stakeholders have taken steps to address cybersecurity in the maritime port environment. GAO examined relevant laws and regulations; analyzed federal cybersecurity-related policies and plans; observed operations at three U.S. ports selected based on being a high-risk port and a leader in calls by vessel type, e.g. container; and interviewed federal and nonfederal officials.

What GAO Recommends? GAO recommends that DHS direct the Coast Guard to (1) assess cyber-related risks, (2) use this assessment to inform maritime security guidance, and (3) determine whether the sector coordinating council should be reestablished. DHS should also direct FEMA to (1) develop procedures to consult DHS cybersecurity experts for assistance in reviewing grant proposals and (2) use the results of the cyber-risk assessment to inform its grant guidance. DHS concurred with GAO’s recommendations.

Full citation:  “MARITIME CRITICAL INFRASTRUCTURE PROTECTION – DHS Needs to Better Address Port Cybersecurity”, Report to the Chairman, Committee on Commerce, Science, and Transportation, U.S. Senate, United States Government Accountability Office, June 2014.

CORE1098

Keywords: Maritime Security, Port Security, Cyber – Security, CBP U.S. – Customs and Border Protection, Coast Guard U.S., DHS-Department of Homeland Security, FEMA-Federal Emergency Management Agency, ISAC-information sharing and analysis center, IT-information technology, MTSA-Maritime Transportation Security Act of 2002, NIPP-National Infrastructure Protection Plan, AFE Port Act-Security and Accountability for Every Port Act of 2006, TSA-Transportation Security Administration

[/s2If]

Comentario de Consideración y Adopción de Enmiendas al Convenio Internacional para la Seguridad de la Vida Humana en el Mar, 1974, Organización Marítima Internacional (CORE1097)

Resumen: El Código Internacional de para la Protección de Buques e Instalaciones Portuarias (PBIP o ISPS, por sus siglas en inglés) establece nuevos estándares de seguridad para buques en el mar, así como las instalaciones portuarias de todo el mundo. Su objetivo es realizar actividades de transporte marítimo más seguras contra las amenazas del terrorismo, la piratería y el contrabando. La seguridad en el mar ha sido una preocupación para gobiernos, compañías navieras, autoridades portuarias, y exportadores e importadores a lo largo de los años. Los ataques terroristas del 11 de septiembre de 2001, fueron catalizadores para la formalización de nuevas y rigurosas medidas. En diciembre de 2002, la Organización Marítima Internacional (OMI), organización especializada de la Naciones Unidas (UN), realizó una conferencia para discutir temas relacionados con la seguridad en el mar. En este conferencia, los representantes de 150 naciones (los estados miembros), participaron en la redacción de las enmiendas a la Convención Internacional para la Seguridad de la Vida Humana en el Mar (SOLAS, en inglés) y se adoptó el Código PBIP. Los cambios a la Convención SOLAS incluyen enmiendas a los capítulos V y Xi, y el Capítulo XI fue dividido en los Capítulos XI-1 y XI-2. El Código, por su parte, está dividido en dos partes. La Parte A presenta los requisitos obligatorios y la Parte B contiene orientación con respecto a las disposiciones del capítulo XI-2 del Convenio y la Parte A del Código. Reporte disponible (en inglés) en: http://www.un.org/en/sc/ctc/docs/bestpractices/32.pdf

[s2If is_user_logged_in()]

Full review: The Code aims, among other things, to establish an international framework for co-operation between Contracting Governments, government agencies, local administrations and the shipping and port industries to detect security threats and take preventive measures against security incidents affecting ships or port facilities used in international trade and to establish relevant roles and responsibilities at the national and international level. ISPS provisions relating to port facilities relate solely to the ship/port interface. Also, ISPS provisions do not extend to the actual response to attacks or to any necessary clear-up activities after such an attack. In addition, for each ship and port authority affected, the ISPS Code requires:

  • The implementation of a Ship Security Plan (SSP),
  • The implementation of a Port Facility Security Plan (PFSP),
  • The appointment of a Ship Security Officer (SSO),
  • The appointment of a Company Security Officer (CSO),
  • The appointment of a Port Facility Security Officer (PFSO),
  • The installation of ship alarms, and
  • The installation of shipboard Automatic Identification Systems (AIS).

Enforcement Date: The ISPS Code went into effect on July 1, 2004.

Full citation:   Consideration and Adoption of Amendments to the International Convention for the Safety of Life at Sea, 1974, International Maritime Organization. SOLAS/CONF.5/32. 12 December 2002

CORE1097

Keywords: Maritime Security, Port Security, Ship Security Plan (SSP), Port Facility Security Plan (PFSP), Ship Security Officer (SSO), Port Facility Security Officer (PFSO), International Maritime Organization (IMO), Safety of Life at Sea (SOLAS).

[/s2If]

Comentario “Plan para una única área de transporte europeo- Hacia un sistema de transporte competitivo y eficiente en los recursos” [COM (2011) 144 final], (CORE1029).

Resumen: En este White Paper, la Comisión se dispone a eliminar los principales obstáculos y cuellos de botella en muchas áreas clave a través de los campos de la infraestructura de transporte y la inversión, la innovación y el mercado interior. El objetivo es crear un área única de transporte europeo con una mayor competencia y una red de transporte totalmente integrada que une los diferentes modos y permite un profundo cambio en los patrones de transporte de pasajeros y carga. Para este propósito, la hoja de ruta presenta 40 iniciativas concretas para la próxima década, se explican en detalle en el documento de trabajo de la Comisión que acompaña el White Paper. Tiene algunos  antecedentes relevantes para el CORE, ya que propone iniciativas para construir un sistema de transporte competitivo que preserve la movilidad, elimine los principales obstáculos en áreas clave y alimente el crecimiento y el empleo. Los archivos originales se codifican en la biblioteca electrónica como CORE1029.