The Coast Guard has finalized new maritime security regulations to address evolving cybersecurity risks within the marine transportation system (MTS). The updated rules introduce mandatory cybersecurity measures for U.S.-flagged vessels, Outer Continental Shelf facilities, and facilities governed by the Maritime Transportation Security Act of 2002.
Effective July 16, 2025, the regulations establish a baseline for cybersecurity readiness. Key requirements include the development and maintenance of a cybersecurity plan, the appointment of a cybersecurity officer, and the implementation of measures to detect, respond to, and recover from cybersecurity incidents.
The Coast Guard noted these updates aim to protect critical infrastructure and prevent transportation security incidents arising from cyber threats. In the executive summary, the Coast Guard emphasized the growing reliance of the maritime industry on cyber-connected systems, noting the importance of safeguarding the MTS from both current and emerging cybersecurity risks.
The ruling coincides with heightened awareness of cybersecurity across industries. A recent DNV study found that 65% of energy professionals identify cybersecurity as the most significant risk to their business.
As part of the rulemaking process, the Coast Guard is seeking industry feedback on a potential delay in implementation timelines for U.S.-flagged vessels. Stakeholders are encouraged to provide comments to ensure a practical and effective rollout of the new requirements.
