Guest Editorials

Cybersecurity Plan Requirement Coming Soon

November 14, 2025 By Guest Editorial Listen to this Article 0:00

By Frank Boyland, National Accounts Director, Civient

The U.S. Coast Guard’s new cybersecurity rule, 33 CFR Part 101 Subpart F, represents a significant shift in how maritime operators must identify, manage and mitigate cyber risk. These regulations establish enforceable cybersecurity standards for vessels and facilities operating in U.S. waters, with compliance deadlines now approaching.

Under Subpart F, covered entities must maintain an approved cybersecurity plan, designate a 24/7 cybersecurity officer, perform regular assessments and annual audits and integrate a cyber incident response plan into daily operations. Operators are also required to conduct ongoing training, document compliance activities and promptly address any known exploitable vulnerabilities identified by the Coast Guard.

The first compliance milestones are fast approaching. Cybersecurity training for designated personnel must be completed by January 2026. Cybersecurity plan submissions are due by July 2027.

Organizations that delay implementation may face not only enforcement penalties but also potential operational impacts if vessels or facilities are deemed non-compliant.

The rule applies broadly across the marine transportation system, including U.S.-flagged vessels, port and terminal facilities under 33 CFR Part 105, offshore energy platforms and management entities responsible for information technology (IT) and operational technology systems. Achieving full compliance will require coordination between maritime operations, IT and cybersecurity personnel.

Key compliance functions include the roles of cybersecurity officer, deputy cybersecurity officer, security analyst, incident engineer and training coordinator—each essential to maintaining operational readiness, performing risk assessments and ensuring audit compliance. For many operators, developing this structure internally may require temporary or specialized support.

As the maritime industry adapts to these requirements, early preparation remains the most effective means to ensure both regulatory compliance and operational continuity. Establishing clear cybersecurity roles, documented procedures and tested response capabilities now will allow operators to meet Coast Guard expectations well in advance of the 2027 deadline.

Tags:

  • Trending Now

    1. Operators’ Issues Occupy Center Stage At GNOBFA
    2. Maritime Cyber Threats Need To Be Addressed Now
    3. Coast Guard Bill, With DQ Exemption, Passes Easily In Senate
    4. Vessel, Facility Security Focus Of IMX Session
    5. Experts Offer Cybersecurity Guidance In AWO Webinar
    6. Happy Birthday, Coast Guard