IN THE SENATE OF THE UNITED STATES
June 22, 2020
Mr. Markey introduced the following bill; which was read twice and referred to the Committee on Commerce, Science, and Transportation
To enhance maritime cybersecurity.
This Act may be cited as the
Enhancing Maritime Cybersecurity Act of 2020.
In this section:
The term Administrator means the Administrator of the Maritime Administration.
The term Commandant means the Commandant of the United States Coast Guard.
The term cyber incident has the meaning given the term significant cyber incident in Presidential Policy Directive 41 (July 26, 2016, relating to United States Cyber Incident Coordination).
The term Director means the Director of the Cybersecurity and Infrastructure Security Agency of the Department of Homeland Security.
The term maritime operators means the owners or operators of commercial maritime vessels, the owners or operators of port terminals, and port authorities.
Not later than 2 years after the date of enactment of this Act, the Director, in consultation with the Administrator and the Commandant, shall ensure the availability of a resource, or a consolidated series of resources, to assist maritime operators in identifying, detecting, protecting against, responding to, and recovering from cyber incidents.
In developing the resource under paragraph (1), the Director and the Administrator shall—
use the cybersecurity framework established by the National Institute of Standards and Technology and required by Executive Order 13636 of February 12, 2013 (78 Fed. Reg. 11739; relating to improving critical infrastructure cybersecurity);
use the guidelines on maritime cyber risk management issued by the International Maritime Organization on July 5, 2017, or any successor document;
establish a structured cybersecurity assessment and development program;
consult with appropriate maritime operators, agencies, industry stakeholders, and cybersecurity experts; and
provide for a period of public comment and review on the resource.
Not later than 2 years after the date of enactment of this Act, the Administrator shall designate an office as a
cyber coordinator, which shall be responsible for the following:
Coordinating with the Director and the Commandant on cybersecurity activities for the commercial maritime sector and cyber incidents that affect maritime operators.
Ensuring that maritime operators are aware of available secure methods of notifying the United States Government of cyber incidents.
Notifying the Director and the Commandant of unaddressed cyber incidents that affect maritime operators.
Ensuring that maritime operators have access to educational resources, conducting outreach, and ensuring awareness on fundamental principles and best practices in cybersecurity for maritime systems, including the cyber resource developed under this section.