skip to main content

S. 4023: Enhancing Maritime Cybersecurity Act of 2020


The text of the bill below is as of Jun 22, 2020 (Introduced).


II

116th CONGRESS

2d Session

S. 4023

IN THE SENATE OF THE UNITED STATES

June 22, 2020

introduced the following bill; which was read twice and referred to the Committee on Commerce, Science, and Transportation

A BILL

To enhance maritime cybersecurity.

1.

Short title

This Act may be cited as the Enhancing Maritime Cybersecurity Act of 2020.

2.

Maritime Cybersecurity

(a)

Definitions

In this section:

(1)

Administrator

The term Administrator means the Administrator of the Maritime Administration.

(2)

Commandant

The term Commandant means the Commandant of the United States Coast Guard.

(3)

Cyber incident

The term cyber incident has the meaning given the term significant cyber incident in Presidential Policy Directive 41 (July 26, 2016, relating to United States Cyber Incident Coordination).

(4)

Director

The term Director means the Director of the Cybersecurity and Infrastructure Security Agency of the Department of Homeland Security.

(5)

Maritime operators

The term maritime operators means the owners or operators of commercial maritime vessels, the owners or operators of port terminals, and port authorities.

(b)

Cybersecurity resources

(1)

In general

Not later than 2 years after the date of enactment of this Act, the Director, in consultation with the Administrator and the Commandant, shall ensure the availability of a resource, or a consolidated series of resources, to assist maritime operators in identifying, detecting, protecting against, responding to, and recovering from cyber incidents.

(2)

Development

In developing the resource under paragraph (1), the Director and the Administrator shall—

(A)

use the cybersecurity framework established by the National Institute of Standards and Technology and required by Executive Order 13636 of February 12, 2013 (78 Fed. Reg. 11739; relating to improving critical infrastructure cybersecurity);

(B)

use the guidelines on maritime cyber risk management issued by the International Maritime Organization on July 5, 2017, or any successor document;

(C)

establish a structured cybersecurity assessment and development program;

(D)

consult with appropriate maritime operators, agencies, industry stakeholders, and cybersecurity experts; and

(E)

provide for a period of public comment and review on the resource.

(c)

Cyber coordinator

Not later than 2 years after the date of enactment of this Act, the Administrator shall designate an office as a cyber coordinator, which shall be responsible for the following:

(1)

Coordinating with the Director and the Commandant on cybersecurity activities for the commercial maritime sector and cyber incidents that affect maritime operators.

(2)

Ensuring that maritime operators are aware of available secure methods of notifying the United States Government of cyber incidents.

(3)

Notifying the Director and the Commandant of unaddressed cyber incidents that affect maritime operators.

(4)

Ensuring that maritime operators have access to educational resources, conducting outreach, and ensuring awareness on fundamental principles and best practices in cybersecurity for maritime systems, including the cyber resource developed under this section.