Page 13: of Maritime Reporter Magazine (August 2025)

mentation of IT and OT networks to prevent lateral movement important to note that the USCG has requested public com- during a cyber event. ments on a potential two-to-? ve-year delay in implementation

Remote access, especially by third-party vendors, must be for U.S.-? agged vessels. The public comment period closed tightly managed and logged. These access controls must be on March 18, 2025, and any decision to delay would require a clearly de? ned in the VSP and supported by both technical separate rulemaking process. As of now, no of? cial delay has enforcement and crew awareness. been announced, but stakeholders should monitor for updates and proceed with preparations under the assumption that the

Beyond Compliance original compliance dates remain in effect.

Meeting these new requirements will require investment to While compliance may seem complex, it presents a valu- perform assessments, documentation and training. However, able opportunity to enhance security and demonstrate leader- this must be set against the cost of non-compliance which ship in a rapidly evolving threat landscape. Starting with a gap span denial of port entry, regulatory penalties or increased assessment and building cybersecurity into the VSP moves insurance premiums. Cybersecurity readiness is also becom- operators from compliance toward true readiness.

ing a factor in vendor evaluations. Starting early in planning Despite the provisions of the regulation and the speci? cs of for compliance may help operators gain a competitive edge the VSP, it remains the case that rules tend to re? ect minimum in an increasing risk-aware market. The new USCG cyber- achievable baselines rather than a complete solution. Partnering security regulations position cyber risk as a critical aspect of with a cybersecurity solutions provider experienced in protecting maritime safety. As part of its enforcement of the Maritime critical infrastructure can help prepare operators for compliance.

Transportation Security Act (MTSA), the USCG now requires They can also help the operator to adopt a more proactive cybersecurity to be addressed in vessel security planning, stance towards cyber security, moving from a reactive pos- treating cyber threats with the same priority as physical ones ture based on solid defense to a proactive stance that seeks to like piracy or terrorism. hile the U.S. Coast Guard’s ? nal rule understand emerging threats, how to reduce them and how to on Maritime Cybersecurity takes effect on July 16, 2025, it’s meet USCG requirements.

www.marinelink.com 13

MR #8 (1-17).indd 13 MR #8 (1-17).indd 13 8/4/2025 7:23:50 PM8/4/2025 7:23:50 PM