TVIB News News and Updates

SNAME MT – Flexibility and Complexity – Subchapter M Strategy for Compliance

Flexibility and Complexity: Operators Need to Select their Subchapter M Strategy for Compliance
written by Chris Parsonage, published in the July 2017 edition of SNAME MT (The Society of Naval Architects and Marine Engineers – Marine Technology) Magazine

Excerpt 

“…path that the USCG has suggested will be best for many operators and the key to successful implementation of Subchapter M—the towing safety management system (TSMS) option. Under the TSMS, operators develop a comprehensive set of policies and procedures that cover all relevant aspects of managing their towing vessels. Instead of working solely with the USCG, operators select a third-party organization (TPO) to conduct periodic audits and surveys to verify the company is in compliance with the policies and procedures outlined in their TSMS and Subchapter M. Instead of annual USCG inspections, operators choosing the TSMS option and successfully operating under their TSMS will potentially have much less USCG involvement in their operations and on their vessels.

Companies that have been operating under a recognized existing TSMS, such as the AWO Responsible Carrier Program or the ISM code, are generally well prepared to comply with Subchapter M, particularly if they choose the TSMS option. They should expect to find their TSMSs might only need a few, if any, additional elements to be implemented before their TPO can verify their systems meet the Subchapter M requirements. Therefore, the gap for these operators will be significantly less than those starting from scratch. Those operators that do not currently have a TSMS in place, or have not begun the process to write a Subchapter M-compliant TSMS, have a steep hill to climb if they want to take advantage of the TSMS option by July 2018.”

“…there is a great deal of f lexibility written into Subchapter M for those who do choose the TSMS route. Generally speaking, operators are able to write their TSMS so that it fits their unique operation. One example of this flexibility is in the survey program option. Subchapter M provides operators selecting the TSMS option flexibility in choosing how to conduct the survey elements of their TSMS. Operators can choose to have their annual surveys and less frequent drydock and internal structural examinations “ISE,” either conducted by an independent third-party surveyor from a TPO, or they can develop their own internal survey program. Operators choosing the internal survey program can use a qualified company employee or hire an outside contractor with proper experience and training to conduct their annual vessel surveys and/or their drydock and ISE. The TPO will work with the operator to supervise the internal survey program.”

Click here to download the full article.

CG-CVC Policy Letter 17-04 Subchapter M Third Party Organization (TPO) Guidance

08/11/2017

CG-CVC 17-04 and the TPO Guidebook (August 2017) are designed to outline the roles and responsibilities of the TPO.

Click here to download the CG-CVC Policy Letter 17-04 and the TPO Guidebook.

DHS: Cybersecurity – Protecting Network Infrastructure

08/10/2017 – excerpt from August 9th post titled “Protecting Network Infrastructure”

The advancing capabilities of organized hacker groups and cyber adversaries create an increasing global threat to information systems. The rising threat levels place more demands on security personnel and network administrators to protect information systems. Protecting the network infrastructure is critical to preserve the confidentiality, integrity, and availability of communication and services across an enterprise.

Network infrastructure consists of interconnected devices designed to transport communications needed for data, applications, services, and multi-media. Routers and firewalls are the focus of this alert; however, many other devices exist in the network, such as switches, load-balancers, intrusion detection systems, etc. Perimeter devices, such as firewalls and intrusion detection systems, have been the traditional technologies used to secure the network, but as threats change, so must security strategies. Organizations can no longer rely on perimeter devices to protect the network from cyber intrusions; organizations must also be able to contain the impact/losses within the internal network and infrastructure.

For several years now, vulnerable network devices have been the attack-vector of choice and one of the most effective techniques for sophisticated hackers and advanced threat actors. In this environment, there has never been a greater need to improve network infrastructure security. Unlike hosts that receive significant administrative security attention and for which security tools such as anti-malware exist, network devices are often working in the background with little oversight—until network connectivity is broken or diminished.

If the network infrastructure is compromised, malicious hackers or adversaries can gain full control of the network infrastructure enabling further compromise of other types of devices and data and allowing traffic to be redirected, changed, or denied. Possibilities of manipulation include denial-of-service, data theft, or unauthorized changes to the data.

Intruders with infrastructure privilege and access can impede productivity and severely hinder re-establishing network connectivity. Even if other compromised devices are detected, tracking back to a compromised infrastructure device is often difficult.

Malicious actors with persistent access to network devices can re-attack and move laterally after they have been ejected from previously exploited hosts.

The link below contains the full text of the post and addressees their summary of six prevention measures to help system users and administrators provide a more secure and efficient network infrastructure.

Click here to read the original post by DHS in full.