The US Coast Guard has officially implemented the Cybersecurity in Marine Transportation System (MTS) rule, mandating cybersecurity measures for all US-flagged vessels, Outer Continental Shelf (OCS) facilities, and those subject to the Maritime Transportation Security Act of 2002 (MTSA). This decision comes in response to recognized cybersecurity vulnerabilities that pose risks to the safety and security of US ports.
With increased interconnectivity and digitalization of the Marine Transportation System, the new rule aims to mitigate current and emerging threats, enabling entities to better detect, respond to, and recover from potential cybersecurity attacks. Specifically, the Coast Guard will require a comprehensive cybersecurity plan, the designation of cybersecurity officers, and adherence to specific cybersecurity practices.
The cybersecurity plan mandated by the rule includes several critical measures. This includes enabling automatic account lockout after failed login attempts on all IT systems, changing default passwords, ensuring strong password standards, implementing multifactor authentication, and maintaining separate user credentials for critical systems. These steps are designed to bolster defenses against unauthorized access and data breaches.
Implementation of the rule began on July 16, 2023, requiring all reportable cyber incidents to be reported to the National Response Center. By January 12, 2026, all personnel will be required to complete specified cybersecurity training annually. Furthermore, by July 16, 2027, owners and operators must have appointed a cybersecurity officer and submitted their cybersecurity plan for approval.
According to the US Coast Guard, the initiative is crucial in recognizing the escalating cyber threats posed by adversarial actors targeting the Marine Transportation System. The Coast Guard plans to intensify scrutiny on indications of inadequate cybersecurity practices that may affect compliance with the International Safety Management (ISM) Code, especially concerning foreign-flagged vessels.