Maritime cybersecurity rules make waves
A Coast Guard rule imposing standards on operational technology systems in ports and larger U.S.-flagged commercial vessels is poised to supercharge the maritime cybersecurity market – a boon granted by concern that shipping is a weak target for a world roiled by mounting geopolitical tensions.
The new rule imposes broad requirements on maritime operators, who have until July 2027 to appoint a cybersecurity officer, conduct a cybersecurity assessment and draw up a cybersecurity plan for every vessel or facility covered. They’ve been required since July last year to report any cyber incidents to the Coast Guard’s National Response Center. Vessel staff should have received mandatory cybersecurity training by last January.
“We’ve already had customers approach us and say, ‘Hey, we have this coming up, can you help us interpret what this is telling us to do? Can you tell us what we’re missing?'” said Elan Alvey, associate principal industrial consultant for Dragos, an OT cybersecurity vendor. “They’re asking the right questions,” he told ISMG.
Read more at Gov Info Security