On July 11, 2017, the US Coast Guard (USCG) and the Department of Homeland Security (DHS) proposed new cybersecurity draft guidelines for Maritime Transportation Security Act (MTSA) regulated facilities. The guidelines follow the White House’s May 2017 Executive Order to strengthen the cybersecurity of critical infrastructure. The draft guidelines are open for public comment until September 11, 2017.  The guidelines outline a position on addressing cybersecurity that is consistent with the National Institute for Standards and Technology (NIST) Cybersecurity Framework and other cybersecurity guidance. Similar to the Executive Order, the draft reflects a growing emphasis on mitigating cyber threats to critical infrastructure.

The guidelines are divided into two sections. One provides draft guidance on existing regulatory requirements and how they relate to cybersecurity. The second advises regulated facilities on how to implement a cyber risk management governance program.

On June 15, 2016, the U.S. Department of Homeland Security (“DHS”) and Department of Justice issued Final Procedures Related to the Receipt of Cyber Threat Indicators and Defensive Measures by the Federal Government (“Final Procedures”) that provide information on how DHS will implement the Cybersecurity Information Sharing Act of 2015 (“CISA”). The Final Procedures were accompanied by Guidance to Assist Non-Federal Entities to Share Cyber Threat Indicators and Defensive Measures with Federal Entities Under the Cybersecurity Information Sharing Act of 2015 (“Guidance”).  These documents represent finalized versions of interim guidance and procedures which, as we have previously reported, were issued in February.

Earlier this month, the U.S. Department of Homeland Security (DHS) and Department of Justice (DOJ) issued joint interim guidance on private entities’ sharing of cyber threat indicators and defensive measures with the government and other private entities. As we have written, Congress required the agencies to develop and publish this guidance through the Cybersecurity Information Sharing Act (CISA). The guidance provides helpful examples of information that may or may not be shared, along with details about the information sharing mechanism. Concurrently, DHS and DOJ published interim procedures for the receipt of cyber threat indicators and defensive measures, and privacy and civil liberties guidelines.

Below are the key takeaways from the guidance.