The U.S. Coast Guard has introduced a new cybersecurity regulation under 33 CFR Part 101, Subpart F, aimed at strengthening the security of vessels, facilities, and Outer Continental Shelf (OCS) operations. With the growing threats to the maritime industry from cyber incidents, these new requirements aim to protect companies and reduce operational risks. We’ve reviewed the updates and expectations outlined in the final rule and compiled the key information for your awareness and advantage.
Key Highlights:
- A Cybersecurity Plan is now required for all U.S.-flagged vessels and facilities who are currently required to have a security plan.
- Companies must designate a Cybersecurity Officer (CySO) responsible for implementing and maintaining cybersecurity protocols.
- Regular cybersecurity assessments, audits, and incident reporting are mandatory.
- Training, drills, and exercises are required to ensure personnel are prepared for cyber incidents.
- Strict security measures for IT and Operational Technology (OT) systems must be implemented, including multifactor authentication, encrypted data storage, and regular software updates.
Key Deadlines:
- Cybersecurity Plans must be submitted for Coast Guard approval by July 16, 2027.
- Personnel cybersecurity training must be completed by January 12, 2026.
- Annual cybersecurity assessments and penetration testing will be required starting July 16, 2027.
We know these new requirements may be challenging, and we’re here to help. TBS Safety has created a free guide to break down the rule and help you prepare before it takes effect. Access it
here.
Have questions? Reach out!
Contact us at www.tbssafety.com/contact.