USCG updates cyber compliance timeline for non-SMS US vessels
Further to the club’s previous news item, the United States Coast Guard (USCG) has updated the Vessel Cyber Risk Management Work Instruction (CVC-WI-027(2)) to include a compliance timeline and inspection process for non-Safety Management System vessels that are subject to the Marine Transportation Safety Act of 2002.
These vessels are required to address cybersecurity vulnerabilities within their Vessel Security Assessment no later than 31 December 2021.
The attached document highlights the basic questions to be asked by Marine Inspectors during Maritime Transportation Security Act (MTSA) verification procedures, the first of which is to check whether the Vessel Security Plan (VSP) addresses measures taken to address cybersecurity vulnerabilities and whether those measures are now in place. If those measures have not been highlighted in the plan and put into practice the issue may be escalated with the designated Com