The U.S. Coast Guard has made it clear: cybersecurity is now part of every Coast Guard–regulated security plan. Facilities and vessels operating under the Maritime Transportation Security Act (MTSA) must evaluate cyber vulnerabilities, include cyber measures in their Facility or Vessel Security Plans (FSP/VSP), train personnel, and conduct cyber-related drills.
With cyber incidents increasing across the maritime industry, these requirements are no longer theoretical—they’re operational realities.
Below is a breakdown of what the Coast Guard expects, what companies must implement, and how crews can quickly recognize cyber threats that could impact operations, equipment, and safety.
The Coast Guard has issued multiple MTSA advisories stating that cyber vulnerabilities fall under the same regulatory authority as physical security vulnerabilities. Any system that affects navigation, cargo handling, access control, communications, or vessel/terminal operations must be protected.
Companies must evaluate cyber risk across:
GPS, AIS, ECDIS, and navigation systems
PLCs, winches, cranes, hoists, and other control systems
Terminal dispatch and logistics platforms
Access control systems like badges, gates, and CCTV
Maintenance, tracking, and fleet management software
Communication networks, servers, and operational databases
If the system can move a vessel, lift a load, open a gate, or trigger an alarm, it is considered a security-critical asset.
MTSA security plans must now include:
Policies for network protection and system access
USB and removable media controls
Rules for personal devices
Procedures for reporting cyber incidents
Physical security for server and control rooms
Segregation of operational systems and crew Wi-Fi
Cyber incident response steps and documentation procedures
If it impacts your operation, it must be documented in your plan.
Personnel covered under MTSA must receive cybersecurity training that enables them to:
Recognize cyber threats
Identify suspicious system behavior
Follow reporting protocols
Avoid actions that destroy evidence (like shutting down machines)
Understand their role in cyber incident response
Training must be consistent, documented, and aligned with your security plan.
Under MTSA:
Quarterly drills must include cyber-related elements
Annual full-scale exercises must incorporate a cyber event
Examples include:
Ransomware affecting dispatch
Suspicious foreign login attempts
GPS/AIS spoofing
Unauthorized access to operational systems
Malware disrupting crane or PLC controls
If your drills don’t include cyber, they no longer meet Coast Guard expectations.
Crews can identify early cyber incidents by watching for:
GPS or AIS showing the wrong position
Control systems (cranes, winches, engines) lagging or behaving unpredictably
Files encrypted, renamed, or disappearing
Pop-ups requesting passwords or payment
Unknown USB devices plugged into computers
Antivirus suddenly disabled
New programs or icons no one installed
Logins during off-hours or from foreign IP addresses
Large uploads to unfamiliar cloud services
These are warning signs that require immediate reporting.
Shut down the computer
Delete files
Attempt to “fix” the issue
Plug in personal devices
Disconnect the device from the network (not from power)
Take photos or screenshots of what they see
Notify the Security Officer, Dispatch, or IT immediately
Document the event in your existing safety/security system
Correct reporting protects your operation and preserves vital evidence.
For terminals, shipyards, and vessel operators, cybersecurity requirements affect:
Security audits
Crew training schedules
Annual MTSA exercises
Gate, access, and control system management
Dispatch and operational continuity
Vessel compliance during Coast Guard inspections
Cyber incidents can directly interrupt operations, impact credentialing, delay vessel movements, and compromise safety-sensitive equipment.
Proactive planning—not reactive troubleshooting—is the key to staying compliant.
TBS Safety works with companies across the U.S. to integrate these cybersecurity elements directly into their existing systems, helping teams remain compliant without slowing operations.
Yes. The Coast Guard requires cyber vulnerabilities to be assessed and addressed in every FSP/VSP.
Yes. Cyber scenarios must be included in quarterly drills and annual exercises.
Personnel with access to operational systems or responsibilities under the security plan must be trained in cyber awareness and reporting.
Yes. Cyber incidents must be reported and documented using the same processes as physical security events.
Yes. Any system that can affect operations, equipment movement, or access control is considered cyber-relevant.
Cyber incidents aren’t just IT issues—they are operational safety issues capable of:
Shutting down terminals
Disrupting navigation
Damaging equipment
Delaying cargo
Impacting Subchapter M and MTSA compliance
Affecting audits and inspections
Stalling vessel movements
Companies must be able to demonstrate compliance during Coast Guard inspections and audits.