b'HOW TO PREPAREFortunately,PVAhasalreadydevelopedthe tools to help you accomplish this.Included inPVAS INDUSTRY BEST PRACTICESthe most recently approved Alternate Security Program(2017),PVAdevelopedCyberRiskThe process of evaluating cyber risk is similar to reviewing the ManagementBestPracticesGuidelinesandpotential impact of any other security vulnerability at your operation. aCyberAssessmentWorksheettowalkyou PVAS INDUSTRY BEST PRACTICES SUGGEST through evaluating cyber risk that is applicableFOLLOWING THESE STEPS: to passenger vessels.These documents can be accessed on the Members Only Resources page of the PVA Website under Security Tools. ASSESSMENTIDENTIFICATIONMITIGATIONYouknowyouroperationbest,therefore theevaluationofvulnerabilitiessubject Inventory systems, review Evaluate risk levels, detect Develop countermeasures, their interdependence. vulnerabilities. implement in company to cyber threatsandthedevelopmentofsecurity policy.countermeasures will be based on how your company uniquely applies technology.Youll wanttoinventoryallthecyber-dependent systems,includingbothhardwareand software, which support critical systems.The process of evaluating cyber risk is similar to reviewing the potential impact of any other security vulnerability at your operation.PVAs industry best practices suggest following these steps:AssessmentInventory systems, review their interdependence. IdentificationEvaluate risk levels, detect vulnerabilities. Mitigation- Develop countermeasures, implement in company security policy.FACILITY SECURITY Earlier this year, the Coast Guard also released policy guidance on cyber security at facilities, entitledGuidelinesForAddressingCyber Risks at Maritime Transportation Security Act (MTSA)RegulatedFacilities(NVIC01-20). This policy requires secure facilities to do a similar cyber-focused vulnerability assessment anddevelopcountermeasuresforitsFacility Security Plan (FSP). While the Coast Guard has confirmed it will not begin enforcement of this until October 2022, there are resources available now to prepare in advance. In addition tothePVAtoolswevealreadymentioned, CoastGuardhasissuedaFrequentlyAsked Questions document and made public the Job Aid for Facility Inspectors.The Job Aid will provide you with the questions inspectors will be asking your crew and facility personnel.PVA is a part of your team, and keeping you well equipped to tackle challenges in the new year ahead.If you have any questions, need assistance,oraccesstoPVAscybersecurity toolkit, feel free to contact the PVA staff.We are working for you.DEC 2020 35 PVA WORKING FOR YOU'