The U.S. Department of Transportation’s inspector general said in December that the U.S. Merchant Marine Academy in Kings Point lacks the necessary cyber security measures and privacy controls for its management system for its Sexual Assault Prevention and Response Office.
A report release by the inspector general states that the academy’s Sexual Assault Prevention and Response Office manages its information through a spreadsheet. Most, but not all, of the office’s information is managed on the spreadsheet.
The spreadsheet includes sexual assault and harassment complaints made at the academy.
The report says the spreadsheet lacks the cybersecurity controls required by the National Institute of Standards and Technology and the Department of Transportation’s Cybersecurity Compendium.
“The program’s spreadsheet system lacks the cybersecurity controls required by the National Institute of Standards and Technology and the Department of Transportation’s Cybersecurity Compendium to properly secure and protect the confidentiality, integrity,” the report states.
The report states that the office also lacks a method of updating records on individuals acquitted of allegations in its spreadsheet.
The inspector general report also said individuals not within the Sexual Assault Prevention and Response Office nor within the academy were also able to access the spreadsheet.
Merchant Marine officials have acknowledged that this system does not meet the academy’s needs, according to the report.
Efforts to solicit comment from the academy were unavailing.
The U.S. Merchant Marine Academy has faced multiple sexual assault allegations in recent years, one of which resulted in a ship captain surrendering his credentials after being accused of raping a cadet. The sexual assault allegations have even resulted in its Sea Year program being suspended for a period of time.
The U.S. Merchant Marine Academy is required to implement an information system for sexual assault and sexual harassment claims under the 2023 National Defense Authorization Act. This act also permits the inspector general to conduct a cybersecurity audit.
The Maritime Administration is required to establish this system for the Merchant Marine Academy.
The inspector general recommended that the Merchant Marine Academy ensure its data is secure and in accordance with federal requirements, update its spreadsheet to include all information, implement various security controls and conduct a privacy impact analysis to ensure its security.
