On 22 February, the U.S. Coast Guard released its anticipated Notice of Proposed Rulemaking (NPRM) addressing Cybersecurity in the Marine Transportation System. Release of this NPRM comes on the heels of the Presidential Executive Order issued the day before, granting expanded authorities to the Coast Guard in support of cyber risk mitigation in the maritime domain. Included in the Executive Order are enhancements to provisions found in the Code of Federal Regulations Title 33, Part 6 providing for the Protection and Security of Vessels, Harbors, and Waterfront Facilities.
The Coast Guard is using the updated “super six” regulations to create new rules, and these changes are part of the measures outlined in the 22 February NPRM. Of particular note for offshore activities are the forthcoming changes to Code of Federal Regulations Title 33, Part 106 regarding Marine Security: Outer Continental Shelf (OCS) Facilities. While changes to the Outer Continental Shelf regulations will primarily affect production facilities, drilling activities and the broader upstream supply chain will likely experience indirect administrative and procedural demands in support of mandated cyber risk mitigation requirements.
IADC and other upstream associations will participate in the consultation process to ensure the proposed actions significantly improve and maintain safety for offshore operations. On a similar note, IADC expects an additional NPRM to be published in the near term from BSEE that will further address additional cyber risk drilling and production concerns. The IADC Cybersecurity Committee is currently working on revising its existing Guidelines for Baseline Cybersecurity for Drilling Assets. This effort will expand the scope of the guidelines to include the broader upstream supply-chain. All interested stakeholders are encouraged to contact IADC’s Jim Rocco at jim.rocco@iadc.org to join the IADC Cybersecurity Committee participant group to progress this revision effort.
