In January 2025, the United States Coast Guard released a regulation to address cybersecurity risks across the marine transportation system. Published under 33 CFR Part 101, Subpart F, the update brings cybersecurity under the same framework as traditional maritime security.
During the public comment period, maritime professionals across the country weighed in—many asking for more time, more clarity, or a full repeal of the rule. While the Coast Guard acknowledged that parts of the regulation will be phased in and adjusted over the next two years, the first key deadline remains in place: July 16, 2025.
Beginning July 16, companies with Coast Guard-approved security plans under 33 CFR Parts 104, 105, or 106 must report any actual or threatened cybersecurity incidents. This includes any event involving sabotage, subversive activity, or cyber interference with vessel, facility, or port operations.
All reports must be made to the National Response Center (NRC) by calling (800) 424-8802.
For towing vessel operators already subject to 33 CFR 101.305, this reporting requirement is not new. These operators are already expected to report security threats, including those involving cyber systems.
This rule only applies to organizations that already fall under the Coast Guard’s maritime security regulations. Specifically those with approved security plans under Parts 104 (vessels), 105 (facilities), or 106 (outer continental shelf facilities).
If your company is not required to maintain one of these plans, this rule does not currently apply to you.
By January 12, 2026, affected companies must:
Develop and implement a Cybersecurity Plan
Provide Cybersecurity Training to applicable personnel
Repeat that training annually
While plans must be in place by this date, the Coast Guard does not require them to be submitted for approval until July 2027. That gives companies time to revise and refine their plans as guidance and best practices evolve.
TBS Safety is developing a ready-to-use Cybersecurity Plan and Training Package, set for release in Fall 2025. This will give operators plenty of time to meet the January requirements without scrambling at the last minute.
As this rule continues to evolve, TBS Safety will track all updates and keep you informed. Our team is also reaching out directly to companies with security plans to help them stay on track and in compliance.
We’re already helping marine operators prepare. If your company has a Coast Guard-approved security plan and you’re not sure how this rule affects you, get in touch. Visit www.tbssafety.com or call our team to learn more about how we can support your compliance.