The US Coast Guard has published a final rule aimed at strengthening cybersecurity within the Marine Transportation System (MTS). This regulation updates the existing requirements for US-flagged vessels, Outer Continental Shelf (OCS) facilities, and other facilities governed by the Maritime Transportation Security Act of 2002 (MTSA). The new rule focuses on addressing both current and emerging cybersecurity threats that could impact the functioning of the MTS. The rule includes measures to detect potential risks, respond to incidents, and recover from cybersecurity breaches.
Among the key requirements of the final rule is the development and maintenance of a comprehensive Cybersecurity Plan for vessels and facilities.
Organizations are also required to designate a Cybersecurity Officer (CySO), a crucial role for overseeing and ensuring that cybersecurity protocols are followed. These new measures aim to create a structured approach to managing cybersecurity risks, ensuring that affected facilities and vessels are better prepared for the growing number of cyber threats targeting critical infrastructure.
The rule, effective July 16, 2025, outlines these minimum cybersecurity requirements but also includes a provision for soliciting comments on a potential delay in the implementation timeline for US-flagged vessels. The Coast Guard is considering a delay of two to five years for these vessels, and the public is invited to submit their comments on this proposal by March 18, 2025. This potential delay could provide affected parties with additional time to prepare for the new regulations, especially given the complexity and costs associated with implementing cybersecurity measures in the maritime industry.
To assist stakeholders in complying with the new cybersecurity requirements, the Coast Guard will provide additional guidance through various resources. These include a cyber regulations fact sheet, small entity compliance guides for vessels and facilities, and information regarding the waiver and Alternative Security Program process. These materials will be available on the Coast Guard’s Maritime Industry Cybersecurity Resource Website, helping organizations understand how to meet the new regulations and ensure the security of their operations against cyber threats.