Coast Guard sharpens cybersecurity focus for passenger vessels
Coast Guard sharpens cybersecurity focus for passenger vessels
https://www.workboat.com/coast-guard-sharpens-cybersecurity-focus-for-passenger-vessels
Publish Date: 2026-06-09 13:13:00
Source Domain: www.workboat.com
Using an unordered list, summarize the following article with between 4 and 8 key points. With new federal cybersecurity regulations put into effect July 2025, the Coast Guard is incorporating cyber readiness into routine vessel oversight, particularly during inspections and exams.With new federal cybersecurity regulations put into effect July 2025, the Coast Guard is incorporating cyber readiness into routine vessel oversight, particularly during inspections and exams.”Operators should expect an increased focus on cybersecurity during safety and security inspections and exams on board vessels as the new cybersecurity regulations are implemented,” the agency said.The Coast Guard’s Commercial Vessel Compliance (CVC) office is responsible for setting the policy framework that underpins the agency’s marine safety, security, and stewardship mission, and the job is getting bigger every year.The 2025 U.S. passenger vessel fleet stood at 6,758 active vessels and has been growing at an average of 661 vessels per year over the past five years. Excursion vessels dominate the fleet at 41%, followed by charter fishing vessels (14%), ferries (9%), and cruise vessels, crewboats, and water taxis at 7% each.Geographically, Southeast District 7, covering Florida, Georgia, and South Carolina, leads all regions with 1,380 vessels. New England’s District 1 follows closely with 1,310, while the Gulf Coast’s District 8 rounds out the top three at 1,031.Inspections remain central to the CVC’s work. The Coast Guard conducts roughly 12,000 inspections annually, turning up approximately 19,000 deficiencies each year.Top deficiency categories include structural issues (19.5%), propulsion and auxiliary machinery (15%), and lifesaving appliances (14%).WorkBoat asked the Coast Guard directly how operators should prepare.On training expectations, the Coast Guard emphasized that cybersecurity awareness, not technical specialization, is the baseline requirement for crews operating digital systems onboard.”The cybersecurity training requirements are intended to ensure that personnel with access to information technology [IT] and operational technology [OT] systems on board a regulated vessel attain baseline knowledge to raise awareness and reduce cyber vulnerabilities,” a Coast Guard spokesperson said.In practice, this means crews must be familiar with vessel-specific cyber procedures and understand how threats could impact operations.”Cyber training must, at minimum, cover relevant provisions of an approved cybersecurity plan to include recognizing, detecting, and circumventing cybersecurity threats, and reporting cyber incidents to the cybersecurity officer.”The Coast Guard clarified that while technical depth will vary by role, broad awareness across crews is expected.”The U.S. Coast Guard does not expect that every person be a cyber expert, but all identified personnel should understand cybersecurity concerns relevant to their work, how it could affect operations, cyber hygiene, how to identify when ‘something is wrong’ with their digitalized critical onboard systems, and be familiar with their incident response procedures in the event of a cyber incident.”To support compliance, the agency has issued CG-5PC Policy Letter 01-25 covering training requirements and Navigation and Vessel Inspection Circular 02-24, Change 1, outlining incident reporting procedures.The applicability of the new rules is limited. The Coast Guard noted that only certain vessels fall under the Maritime Transportation Security Act (MTSA) framework.”The small passenger vessel population which is not MTSA-applicable will remain unaffected by the Cyber Final Rule,” the agency said. Specifically, the regulations apply to small passenger vessels carrying 150 or more passengers under 33 CFR 104.105.For operators that are subject to the rule, implementation will vary depending on vessel size, operational profile, and onboard system complexity.”The learning curve will vary across different fleets, whether due to the size of the vessel or workforce, nature of the vessel’s operations, or the complexity of IT and OT systems and equipment,” the Coast Guard said.Operators are expected to take a risk-based approach when developing cybersecurity plans, identifying critical systems, and outlining mitigation strategies.The Coast Guard made clear that cybersecurity is now part of the inspection landscape.”Operators should expect an increased focus on cybersecurity during safety and security inspections and exams on board vessels as the new cybersecurity regulations are implemented,” the agency said.”The mission here is to develop [and] maintain policy standards for prevention activities of the Coast Guard to achieve marine safety, security, and stewardship mission success,” said Capt. Mark Neeland, the former CVC chief.For passenger vessel operators, that shift signals a broader expectation: digital systems are now treated as critical infrastructure, and their protection is subject to the same scrutiny as physical systems on board.
