US ships and ports must now protect against cyberattacks, or face new rules

The US Coast Guard has updated its maritime security rules. Ships and port facilities must now meet minimum cybersecurity standards. This means they must create cybersecurity plans, appoint a cybersecurity officer, and take steps to detect and recover from cyber incidents.

For years, cybersecurity for ships and ports was largely voluntary or based on general guidelines. This rule makes specific protections mandatory for a wide range of maritime operations. It shifts the burden of cybersecurity from a best practice to a regulatory requirement, meaning operators now face penalties for non-compliance. This could force significant investment in IT security across the marine transportation system.