Edward Kiledjian's Threat Intel

New U.S. Rule Mandates Cybersecurity Controls Across the Marine Transportation System

On January 17, 2025, the U.S. Coast Guard issued a final rule requiring vessels, Outer Continental Shelf (OCS) facilities, and Maritime Transportation Security Act (MTSA)-regulated ports to implement baseline cybersecurity measures. Effective July 16, 2025, the rule mandates the development of a Cybersecurity Plan, designation of a Cybersecurity Officer, and implementation of seven required account security measures. These include automatic account lockouts, strong password enforcement, multifactor authentication, the principle of least privilege, and secure credential management across IT and OT systems.

The rule introduces a phased timeline for full compliance. Cyber incidents must now be reported to the National Response Center. By January 12, 2026, all personnel must complete annual cybersecurity training. By July 16, 2027, operators must designate their Cybersecurity Officer, complete a Cybersecurity Assessment, and submit their plan for approval. The regulation formalizes cybersecurity as a core element of maritime safety, treating digital vulnerabilities as threats to port security under existing Coast Guard authorities.

www.federalregister.gov/documents…