Understanding the U.S. Coast Guard’s Maritime Cybersecurity Framework

 

Cyber incidents in the marine sector are no longer theoretical - they’re a real and accelerating risk.

To address and mitigate this growing threat, the U.S. Coast Guard recently updated its maritime security regulations by passing the Cybersecurity in the Marine Transportation System regulation, which went into effect in July 2025. This rule establishes minimum cybersecurity and reporting requirements for U.S.-flagged vessels, Outer Continental Shelf facilities, and facilities subject to the Maritime Transportation Security Act of 2002 regulations.

This regulation is one of the first to specifically reference vessel security and includes notification requirements that allow for the formal tracking of incidents with potential impact to vessels. The rule makes it abundantly clear that cyber threats must be treated with the same urgency as any others.

Owners and operators of U.S.-flagged vessels, facilities, or Outer Continental Shelf facilities are now required to develop and maintain both a cybersecurity plan and cyber incident response plan. All cybersecurity plans now must include specific account security measures, device security measures, and data security measures. These include enabling automatic account lockout after repeated failed login attempts on all password-protected systems; developing and maintaining a list of all owner or operator-approved hardware, firmware, and software that may be installed on IT or OT systems; and ensuring that logs are securely captured, stored, protected, and accessible to privileged users only.

A staff member must also be assigned the role of Cybersecurity Officer (CySO). The CySO will ensure and facilitate the cybersecurity plan and cyber incident response plan, arrange for inspections and annual audits, make sure adequate training is conducted, and report and record any cybersecurity incidents that impact the vessel.

It’s time for maritime companies to take a closer look at how they handle cybersecurity

With these new requirements now in force, maritime and shipping organizations must examine how they impact vessel safety procedures and protocols. The regulation identifies reportable incidents as anything that disrupts or threatens the safety of a vessel or an organization's operations and requires that such incidents be reported to the National Response Center without delay. Reporting may be complex, time pressured, and complicated, but quantifying and taking proactive steps to address the impact of cyber risk outweighs the challenges of reporting.

Much as seafarers are accustomed to routine fire and man-overboard drills, they now must incorporate cyber drills into maritime safety and preparedness structures. In keeping with the newly mandated cybersecurity posture guidelines, the staff on board a vessel must integrate staff cybersecurity training into their training processes and protocols. New staff members must receive training within five days of gaining access to systems, but no later than within 30 days of hiring. After this initial training, staff members will be required to do annual training.

Thinking about your cybersecurity posture? Start with these key questions.

- Is a third party being contacted if a cyberattack or threat occurs at sea?

- Who is the CySO that will be reporting the incident to the National Response Center?

- How will the ship owner and seafarers on the vessels be supported?

- If the vessel is impacted, has there been sufficient training on how to do a forensic investigation of the logs and restart the system?

- Who are the experts being contacted, and how can the incident be managed?

- If a piece of operating or information technology is no longer dependable, how will an incident then be resolved?

Having third-party vendors lined up before a cyber incident strikes ensures organizations are ready to respond swiftly if vessels are impacted. Real-time support from experienced partners who understand the maritime and cyber sectors can be crucial, not just for restoring systems, but also for conducting forensic investigations to uncover what went wrong.

And before operations resume, the priority should be ensuring a secure environment. Here is also where external partners can play a vital role.

Marine and cyber insurance providers can offer valuable support in managing cyber risk

The new regulatory requirements provide a clear framework for what ship owners must do to prepare for and mitigate a cyber incident onshore and at sea. However, these are uncharted waters for many ship owners and operators. As trusted partners for the maritime industry, insurers are uniquely positioned to help clients navigate and transfer risk.

The insurance industry supports safety improvements by sharing insights from past claims and offering expert guidance. With both internal and third-party cyber claims specialists, insurers can help organizations recover swiftly and effectively after an incident.

Ultimately, insurers can both strengthen internal risk frameworks and actively contribute to the maritime sector’s resilience.

Marine cyber insurance varies widely, so it’s crucial for maritime organizations to ensure their policy terms reflect the level of risk. Some providers offer affirmative cover with clearly defined parameters, while others rely on broad, untested buyback options. Certain products also address cyber exclusions in traditional cargo policies, offering physical damage protection for individual vessels and fleets - filling a key gap in the market.

Stay ahead of regulatory shifts with preparation and the right partners

The U.S. Coast Guard’s cybersecurity regulation marks a shift in how maritime cyber safety is defined and protected, integrating cyber preparedness into the core of maritime operations.

Stay on Top of the Daily Maritime News The maritime news
that matters most

Get the latest maritime news delivered to your inbox daily.

Subscribe Now

As the sector evolves, the priority is to develop resilient systems, maintain consistent training and reporting practices, and ensure insurance coverage keeps pace with changing risks. Achieving this will require thoughtful planning, adaptable safety procedures, timely reporting and mitigation, and support from the right partners. Taken together, these steps can strengthen safety and operational integrity and help the industry manage increasing digitalization with greater confidence.

Kelly Malynn is senior risk manager at specialist insurer Beazley.