The United States Coast Guard (USCG) published its final rule to introduce cybersecurity requirements for US-flagged vessels, along with port/terminal facilities and outer continental shelf facilities.
The rule takes effect from 16 July 2025 and will commence a 24-month period to achieve full compliance with the standards required in the rule.
Key points:
- It applies only to US-flagged vessels that must comply with 33 CFR Part 104, for example cargo ships greater than 100 gross tons.
- From 16 July 2025, it will become mandatory to submit a report to the National Response Center should a reportable cyber incident be identified.
- By 12 January 2026, personnel must have been trained in accordance with the requirements of the rule and additional training procedures identified as necessary.
- By 16 July 2026, a Cyber Security Officer (CySO) must be designated.
- By 16 July 2026, a cyber security assessment must be completed, with a cyber security plan submitted to the USCG for approval.
- It will be necessary to conduct at least two cyber security drills annually and conduct at least one cyber security exercise per year.