Page 15: of Maritime Reporter Magazine (February 2026)

hance the resilience of the marine sector, ensuring the security of critical infrastructure and mitigating risks to safety, opera- tions, and global supply chains in an increasingly digital world.

The next mandated compliance deadline is January 2026, when all personnel with IT/OT access must undergo cyberse- curity training. Subsequent phases will extend to July 2027 for complete plans, assessments, and a dedicated of? cer, covering all U.S.-? agged vessels, OCS facilities, and MTSA-regulated shoreside entities.

Deploying cybersecurity plans and processes is a big, com- plex, and ongoing responsibility that requires signi? cant re- sources and expertise. Not all things being equal, implement- ing security measures for large organizations will typically require more time for risk assessments and policy develop- ment, given their complexity. In contrast, smaller ports can implement more quickly but often lack the resources for com- prehensive security measures. Whether large or small, mari- time operators can experience organizational fatigue from the prolonged security implementations and process changes.

Adding insult to injury, at many terminals and ports, there is a lack of clear responsibility and ownership of new cyber re- quirements within the organization. The USCG now requires a Facility Security Of? cer (FSO) who manages physical secu- rity and a Cyber Security Of? cer (CySO) who is responsible for the technical infrastructure. Because most maritime envi- ronments do not have a CySO, there is an assumption among operators that an FSO can do what’s required as an add-on responsibility. On the other hand, the FSO assumes the cor-

Autoship MR Sept2024.indd 1 7/18/2024 2:42:53 PM porate IT department is managing matters. At the 11th hour for compliance, often no one is managing cybersecurity initia- tive. Operators may assume that regulations do not apply to them or that they are not a potential target, which can appear negligent. It also precipitates a situation where someone must inform an inspector that protocols are not being followed.

As nation state adversaries escalate threats and continue to actively target critical infrastructures, the maritime industry is wise to consider a comprehensive cyber-physical approach.

Operators should seek help in leveraging proven security methodologies, policy templates, and vetted measures. This increases ef? ciency and effectiveness. The new regulations un- derscore that OT is not the same as IT and ensuring secure and stable operations requires expertise in maritime operations.

By consistently applying advanced frameworks and train- ing, the maritime industry can help ensure global trade routes remain secure, ef? cient, and dependable in an increasingly connected world.

The Author

McIntyre

Annie McIntyre is Chief Security Of? cer at EverLine.

Prior to EverLine, McIntyre was the President and

Chief Executive Of? cer of Ardua Strategies, Inc., a

Texas Corporation, providing solutions for the cyber and operational security issues of energy and infra- structure. Ardua was acquired by EverLine in 2021.

MR #2 (1-17).indd 15 MR #2 (1-17).indd 15 2/6/2026 12:18:42 PM2/6/2026 12:18:42 PM