U.S. Coast Guard Issues New Cybersecurity Regulations

On January 17, 2025, the U.S. Coast Guard published a new final rule establishing baseline cybersecurity requirements to protect the Marine Transportation System (MTS) from cyber threats. The regulation applies to U.S.-flagged vessels, facilities, and Outer Continental Shelf (OCS) facilities that are required to have a security plan under 33 CFR parts 104, 105, and 106. However, foreign-flagged vessels subject to 33 CFR part 104 are not covered under this rule.

Implementation Timeline and Key Requirements

The final rule takes effect on July 16, 2025, with several key implementation deadlines:

Starting July 16, 2025:
Entities not previously required to report cyber incidents under 33 CFR 6.16-1 must begin reporting all cyber incidents to the National Response Center (NRC).

By January 12, 2026:

All personnel must complete cybersecurity training covering threat detection, reporting procedures, and operational technology (OT) security.
Key personnel must receive additional training on cyber incident response and evolving cyber threats.
New employees must complete cybersecurity training within 5 days of system access (but no later than 30 days after hiring) and renew it annually.

By July 16, 2027:

Owners and operators must designate a Cybersecurity Officer (CySO) in writing.
A Cybersecurity Assessment must be conducted within 24 months and then annually.
A Cybersecurity Plan must be submitted to the U.S. Coast Guard for approval.

After Cybersecurity Plan Approval:

Owners and operators must conduct at least two cybersecurity drills per year.
A cybersecurity exercise must be conducted at least once per year, with no more than 18 months between exercises.
All personnel must complete additional training within 60 days of plan approval.

Possible Delays in Implementation for U.S.-Flagged Vessels

The U.S. Coast Guard is seeking public comments on whether the implementation period for U.S.-flagged vessels should be extended by an additional 2 to 5 years. Some stakeholders have requested extensions ranging from 36 to 48 months, arguing that ships may need more time than facilities to comply. The deadline for public comments is March 18, 2025.

Where to Find the Regulatory Text

The full regulatory text can be accessed at www.regulations.gov by searching for USCG-2022-0802. Questions regarding the rule can be sent to MTSCyberRule@uscg.mil.

This new cybersecurity regulation marks a significant step toward strengthening cyber resilience in the maritime industry, ensuring that the U.S. marine transportation system remains secure against evolving cyber threats.

Taking too long?

Reload document

Open in new tab

10 February 2025

0 Comments

Inline Feedbacks

View all comments

october

14oct(oct 14)08:0016(oct 16)20:42MarCaS (Maritime Communication and Security) Event Organized By: IEEE

Event Details

The MarCaS (Maritime Communication and Security) special track is set to make waves once again at the 50th IEEE Conference on LCN (Local Computer Networks) on 14-16 October 2025, in Sydney, Australia. Despite a scarcity of research in maritime communication systems and cybersecurity, the MarCaS track aims to address this gap by providing a platform for experts to exchange ideas, present new findings, and foster collaborations.

Key areas of interest for MarCaS include maritime information technology (IT) and operational technology (OT) both on board vessels and on shore at ports and terminals. Additionally, topics such as maritime communication, satellite navigation, radio-based situational awareness systems, and maritime cloud services will be explored, alongside novel cybersecurity approaches tailored to the maritime domain.

The MarCaS special track, chaired by Jan Bauer from Fraunhofer FKIE (Germany), Ulku Clark from the University of North Carolina Wilmington (USA), Gary C. Kessler from Gary Kessler Associates (USA), and Stephen McCombie from NHL Stenden University of Applied Sciences (Netherlands), will convene researchers, scientists, and practitioners working at the intersection of maritime applications, communication technologies, and IT security. The track welcomes submissions of high-quality, unpublished work focusing on innovative approaches to enhance the safety and resilience of maritime systems. The Technical Program Committee boasts an international lineup of experts, including representatives from institutions. Aybars Oruc from Cyber Onboard will also serve the Chair of Technical Program Committee.

Accepted papers for the IEEE LCN 2025 Special Track will be featured in the conference proceedings published in the prestigious IEEE Xplore Digital Library, showcasing their affiliation with IEEE LCN.

Key Dates for Submission:

Paper Registration: May 11, 2025
Paper Submission: May 18, 2025
Paper Acceptance Notification: July 01, 2025
Camera-ready Papers Due: August 01, 2025

For more detailed information and submission guidelines, please visit here.

Don’t miss this opportunity to contribute to the advancement of maritime communication and cybersecurity research at LCN 2025!

Time

14 (Tuesday) 08:00 - 16 (Thursday) 20:42

Location

Sydney, Australia

U.S. Coast Guard Issues New Cybersecurity Regulations

Implementation Timeline and Key Requirements

Possible Delays in Implementation for U.S.-Flagged Vessels

Where to Find the Regulatory Text

Event Details

Event Details

Time

Location

Recent Comments

Related Posts

Search Area