March Commerce Club Featuring a Cybersecurity Panel Discussion
Panelists Review New USCG Cybersecurity Rule and Operational Vulnerabilities
Julio Gonzalez, Marco Ayala, Chris Wolski, and Steve Roberts.
A panel of seasoned industry professionals examined cybersecurity, one of the most critical challenges facing the global maritime industry at the Port Bureau’s Commerce Club in March.
Julio Gonzalez, founder & CEO of Sentinel Resilience Group, served as moderator. Marco Ayala, president of InfraGard Houston; Chris Wolski, president and CEO of Applied Security Convergence; and Steve Roberts, Roberts Law Group/Chemical Security Group served on the panel. Together, they provided an insightful discussion on how the maritime and energy sectors are adapting to new threats.
Gonzalez set the stage by emphasizing the growing intersection of geopolitics and cyber risk, and its direct impact to private sector operations. Describing an incident that had just occurred that had affected access to systems and operations across a workforce of 50,000-plus employees worldwide, Gonzalez said, “Consider what a similar disruptive cyberattack could mean for the maritime transportation system. Ports like ours in the Houston region are globally connected logistics hubs. A successful cyber event affecting terminal operations, vessel traffic management, or industrial control systems could ripple far beyond this region, impacting supply chains, energy markets, and national economies.”
Steve Roberts offered a quick legal overview of the new Maritime Transportation Security Act (“MTSA”) cyber rule. The rule took effect in July, with staggered compliance deadlines starting with training that began in January, and additional requirements extending through July 2027. Facilities (and Outer Continental Shelf operations, and possibly vessels—though vessel implementation is currently uncertain) that already maintain an MTSA Facility Security Plan will be required to submit a dedicated cybersecurity plan by July 2027.
Marco Ayala and Chris Wolski explored the realities of integrating cybersecurity existing safety and operational frameworks. They emphasized that cybersecurity must be embedded into organizational culture while also aligning with performance and reliability goals.
“I see a lot of organizations taking a similar approach to what we have to do with safety,” said Wolski. “Make it a culture. Make it part of everything that we do on a daily basis. We have our safety stand-downs … See something, say something. If something doesn't look right, doesn't feel right, say something, and apply that to the cyber cone.”
Ayala underscored the importance of addressing long-standing vulnerabilities, such as poor password practices and unpatched systems, while also managing newer risks introduced by remote connectivity and third-party vendors. “I’ve been doing this since 2000, and I can tell you we’re still failing on some of the very simple things, such as passwords,” noted Ayala.
The growth of remote workers (that began in COVID) and industry digitization initiatives can present “blind spots” for cybersecurity and safety. Ayala stressed that many organizations utilize packaged units with trusted vendors. These packaged units often connect both to facility and home communications, making it hard for an organization to control a vendor’s security practice. “It's really important that as you bring in new systems, you vet these things … You must bake in cybersecurity. Not just a checklist, but a verification,” he emphasized.
These imperatives encompass not just terminals, but vessels and the operational technology that is being built into them. Panelists agreed that blind spots could be at any level, and systems must evaluated from top to bottom by all team members to minimize vulnerabilities.
InfraGuard and the Maritime AMSC Security Subcommittee hold monthly joint meetings. They discuss best practices, share in problem solving, and offer a “heads up” on topics such as cyber regulations and rules. They also facilitate getting people together “to put names with faces” to make working together easier when difficulties arise. FSOs and cybersecurity officers are encouraged to attend.
Thank You to Our Sponsors!
Annual Sponsors:
Buffalo Marine Service, Inc. • Callan Marine • Chevron/Kirby • Energy Transfer • Enterprise Products Partners • Kinder Morgan • Houston Pilots • Intercontinental Terminals Company • Moran Shipping Agencies, Inc. • PEMEX Deer Park • Port Houston • Targa Resources • TGS Cedar Port Industrial Park • Vopak • WGMA
March Table Sponsor: