{"id":237658,"date":"2026-06-26T08:16:00","date_gmt":"2026-06-26T12:16:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/06\/26\/imx-panel-discusses-cybersecurity-regs\/"},"modified":"2026-06-26T08:20:33","modified_gmt":"2026-06-26T12:20:33","slug":"imx-panel-discusses-cybersecurity-regs","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/06\/26\/imx-panel-discusses-cybersecurity-regs\/","title":{"rendered":"IMX Panel Discusses Cybersecurity Regs"},"content":{"rendered":"<p><a href=\"https:\/\/www.waterwaysjournal.net\/2026\/06\/26\/imx-panel-discusses-cybersecurity-regs\/\">IMX Panel Discusses Cybersecurity Regs<\/a><\/p>\n<p><a href=\"https:\/\/www.waterwaysjournal.net\/2026\/06\/26\/imx-panel-discusses-cybersecurity-regs\/\">https:\/\/www.waterwaysjournal.net\/2026\/06\/26\/imx-panel-discusses-cybersecurity-regs\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-06-26 08:16:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.waterwaysjournal.net\">www.waterwaysjournal.net<\/a><\/p>\n<p>Author: <a href=\"\"><\/a><\/p>\n<p> Using an unordered list, summarize the following article with between 4 and 8 key points. <\/p>\n<p>                            In the cybersecurity session held at this year\u2019s Inland Marine Expo in Nashville, Tenn., panelists discussed navigating Coast Guard regulations and addressed industry questions when it comes to vessel compliance. The session, titled \u201cClarity Over Complexity: A Practical Guide to U.S. Coast Guard Cybersecurity Compliance,\u201d was moderated by Robert Blackman, senior manager of service business development for KVH Industries Inc.<br \/>\nLt. William Quigley, vessel and offshore branch lead for the Office of Maritime Cybersecurity Policy, noted that the cybersecurity rules that have been published apply to any vessels with a security plan, though small companies can apply for a waiver after conducting a cybersecurity assessment (CSA). The waiver, which is approved at the headquarters level, according to Quigley, will allow such companies to be exempt from meeting requirements that aren\u2019t applicable to their operations.<br \/>\nQuigley also recommended the website www.uscg.mil\/MaritimeCyber\/ as a resource for mariners to stay up to date with the most recent Coast Guard guidance regarding cybersecurity requirements and obtaining waivers.<br \/>\n\u201cOur focus is definitely on the operational side,\u201d Quigley said. \u201cWe\u2019re trying to prevent transportation security incidents, so our focus is any sort of disruption to your operations, to your business, to the waterways that would be caused by a cyber incident. Our focus is really your operational technology, but that expands out to your IT (information technology), because a lot of times your IT and OT will be connected. You can have an IT issue that can spread over to an OT issue, and then affect your operations.\u201d<\/p>\n<p>Quigley said the Coast Guard will check that a vessel is compliant during the issuance or renewal of a certificate of inspection (COI), though visits could also be sporadic. Inspectors, who will have undergone thorough training, including 14 hours on maritime cybersecurity OT systems, will also ensure that annual exercises have been completed and that drills have been conducted twice a year.<br \/>\n\u201cA drill is testing one part of your plan,\u201d Quigley said. \u201cSo, maybe that\u2019s just a phishing email test, or it\u2019s just testing one part of the cybersecurity plan, whereas the exercise should be a total test of your plan in its entirety. You can coordinate that with your annual drills for physical security, but you can choose not to, too.\u201d<br \/>\nAmanda Wallace, IT systems manager at Hines Furlong Line, Inc., posed the questions that many in the industry have been asking after cybersecurity regulations were published in January 2025. As an operator of river vessels with less risk for a cyberattack compared to blue-water vessels, Wallace asked Quigley how to best meet Coast Guard standards and achieve compliance.<br \/>\n\u201cWe want to be compliant,\u201d Wallace said. \u201cWe want to be safe. We also have to be mindful of the bottom dollar. What we don\u2019t want to do is sink a bunch of money into something when the risk is not really there to begin with.\u201d<br \/>\nQuigley assured Wallace that while the regulations encapsulate the entire maritime industry, the Coast Guard understands that not every vessel will have the same risk for a cyber incident. He stressed that towboat operators should complete their cybersecurity assessments as thoroughly as possible so that they can obtain a waiver.<br \/>\n\u201cAs an agency, we understand that your inland towing vessel is very different from a cruise ship, and the connectivity level is going to be different,\u201d Quigley said. \u201cThat is why we have the waivers process.\u201d<br \/>\nWhen it comes to protecting systems from a cyberattack, many operators have chosen to air gap, or separate, technology from outside networks. Panelist Cliff Neve, vice president of maritime cybersecurity at MAD Security, suggested that operators continue to be diligent and not strictly rely on air gapping their systems. He suggested separating IT and OT networks to help reduce the risk of cyberattack.<br \/>\n\u201cReduce your attack surface as much as possible,\u201d Neve said. \u201cSegmentation is always your friend. The most likely attack vector is attacking an IT network and then pivoting to a connected OT network. So, segment those off, so that only very, very specific protocols, IP addresses, have access to and from those systems.\u201d<br \/>\nKristy Huang, global cybersecurity director at ABS Consulting, pointed out that conducting cybersecurity assessments can lead to a better understanding of a vessel\u2019s IT and OT systems. The more thorough operators are in understanding their equipment, the more prepared they will be if an attack happens, and the easier it will be to acquire a waiver from the Coast Guard.<br \/>\n\u201cYou usually underestimate the number of things that are connected to a network,\u201d Huang said. \u201cThat doesn\u2019t necessarily make it a risk, but it makes it an unknown from an asset perspective. So, doing that risk assessment is very important in terms of putting together that cybersecurity plan, putting together your waivers. Look at that as your foundation for how to be compliant with this, make sure that risk assessment is thorough and defensible.\u201d<br \/>\nHuang cautioned operators that third-party vendors who are hired to conduct assessments should not only be knowledgeable about IT, but OT operations as well. They should also be familiar with the maritime industry and the nuances that come with it in regard to cybersecurity. The alternative could result in an assessment that isn\u2019t thorough or specific enough to the vessel, costing the company additional expense.<br \/>\n\u201cThere are a lot of people who see a new regulation come out and say, \u2018Well, I do this in cyber, I can just do this, I can just go into this industry. Why don\u2019t we just go ahead and update this, because there are only small tweaks?\u2019\u201d Huang said. \u201cIt is surprising to see the number of people who will try to do that, and then (ABS) gets called afterward.\u201d<br \/>\nWhen asked what audience members should prioritize from the discussion, Quigley emphasized the value of applying for waivers and encouraged listeners to appeal an inspector\u2019s decision if believed to be unfair.<br \/>\n\u201cIf you disagree with an inspector ever, appeal, appeal, appeal, appeal,\u201d Quigley said. \u201cThese processes exist, and we have program offices to oversee this, and we want our inspectors to be fair across the board. So, don\u2019t worry about retribution. We will make sure that does not happen.\u201d<br \/>\nWallace advised audience members that keeping a clear head and a simple approach is necessary to achieving compliance without unnecessary costs and headaches. She also encouraged listeners to network with other industry professionals when questions arise.<br \/>\n\u201cStart with networking,\u201d Wallace said. \u201cStart with the tools that are free or no cost, that just take 10 bucks and a lunch with somebody, and see if you can network it and solve the problem as a group. I think if we are all being consistent in our approach to it, and everyone\u2019s doing the same thing, it\u2019s going to be kind of hard for an inspector or the Coast Guard to be like, well, you\u2019re all wrong. So, I think there\u2019s safety in numbers, there\u2019s power in numbers, there\u2019s more of us than there are of them. So, if we all get on the same page and approach it at the same time, then I think it\u2019s easy to manage.\u201d<br \/>\nFeatured photo caption: Panelists at the \u201cClarity Over Complexity: A Practical Guide to U.S. Coast Guard Cybersecurity Compliance\u201d session at the 2026 Inland Marine Expo discussed mitigating cybersecurity risks and achieving Coast Guard compliance. Pictured from left to right are Robert Blackman, senior manager of service business development at KVH Industries Inc.; Lt. William Quigley, vessel and offshore branch lead for the Office of Maritime Cybersecurity Policy; Amanda Wallace, IT systems manager at Hines Furlong Line, Inc.; Cliff Neve, vice president of maritime cybersecurity at MAD Security; and Kristy Huang, global cybersecurity director at ABS Consulting. (Photo courtesy of ECN Photography)<\/p>\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>IMX Panel Discusses Cybersecurity Regs https:\/\/www.waterwaysjournal.net\/2026\/06\/26\/imx-panel-discusses-cybersecurity-regs\/ Publish Date: 2026-06-26 08:16:00 Source Domain: www.waterwaysjournal.net Author: Using&#8230;<\/p>\n","protected":false},"author":1,"featured_media":237659,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.waterwaysjournal.net\/wp-content\/uploads\/2026\/06\/260629_IMXCoastGuard1-scaled.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24,25],"class_list":["post-237658","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity","tag-phishing"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/237658"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=237658"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/237658\/revisions"}],"predecessor-version":[{"id":237660,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/237658\/revisions\/237660"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/237659"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=237658"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=237658"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=237658"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}