Skip to content
SPECIAL

THREATS TO CRITICAL INFRASTRUCTURE IN IRAN CONFLICT

READ MORE

The U.S. Coast Guard and the future of maritime cybersecurity

(U.S. Coast Guard Academy)

By Joe Coito

Regulatory, legislative, and policy developments have provided the U.S. Coast Guard (USCG) with new cybersecurity tools and expanded authorities to secure the marine transportation system (MTS) from cyber threats. At the same time, budgetary headwinds that historically plagued the service have shifted. With nearly $25 billion of funding in the One Big Beautiful Bill Act, the USCG finds itself in the favorable—if unfamiliar—position of having resource winds at its back. The result? A chance for generational change in safeguarding the maritime cyber domain and bolstering the USCG cyber workforce. This commentary prescribes a path to capitalize on these legislative, policy, and funding wins: confirmation of key USCG senior leaders, enhanced cyber talent management, passage of pending USCG cyber legislation, broader interagency integration of USCG cyber capabilities, and rapid integration of private sector tools.

President Biden signed Executive Order 14116, “Amending Regulations Relating to the Safeguarding of Vessels, Harbors, Ports, and Waterfront Facilities of the United States.” Invoking the Magnuson Act, the executive order (EO) found that “malicious cyber campaigns” are endangering the United States and amended regulations at Title 33, Code of Federal Regulations, Part 6, to better protect vessels, harbors, and waterfront facilities from cyber threats. The updated regulations mandate cyber incident reporting and empower the captain of the port (COTP)—a USCG official with broad law enforcement authorities in a designated COTP zone—to directly address a host of cyber threats. While COTPs have long exercised broad authorities to address maritime threats, EO 14116 makes clear that those authorities explicitly include cyber threats.

The USCG also issued a notice of proposed rulemaking to implement minimum cybersecurity requirements for U.S.-flagged vessels, Outer Continental Shelf facilities, and U.S. facilities subject to the Maritime Transportation Security Act of 2002. The final rule requires cyber incident response plans, cybersecurity drills, and designation of a cybersecurity officer, among other measures. It expands the definition of a maritime “hazardous condition,” which must be reported to the USCG, to include cyber incidents. The proposed rule drew robust public comment, which informed phased implementation and potential additional delays. But time is of the essence. Major cyberattacks, including Colonial Pipeline and NotPetya, have illustrated the damage that state and non-state cyber actors can cause to maritime infrastructure and utilities. While the industry has agitated for more time to implement new requirements, maritime stakeholders should be preparing for these heightened cybersecurity standards.

Read more at Center for Strategic and International Studies

Click to listen highlighted text!