1625-AC77 202410 The Regulatory Plan and the Unified Agenda of Federal Regulatory and Deregulatory Actions 1625 U.S. Coast Guard USCG 1600 Department of Homeland Security DHS Cybersecurity in the Marine Transportation System

The Coast Guard has published a proposed rule to update its maritime security regulations by adding regulations specifically focused on establishing minimum cybersecurity requirements for U.S.-flagged vessels, Outer Continental Shelf facilities, and U.S. facilities subject to the Maritime Transportation Security Act of 2002 regulations.  This proposed rulemaking is part of an ongoing effort to address emerging cybersecurity risks and threats to maritime security by including additional security requirements to safeguard the marine transportation system.

]]> Other Significant Previously Published in The Unified Agenda Final Rule Stage Yes No 33 CFR 101 46 U.S.C. 70101 46 U.S.C. 70102 46 U.S.C. 70103 46 U.S.C. 70104 46 U.S.C. 70124 Yes

The purpose of this rulemaking is to set minimum cybersecurity requirements for vessels and facilities to safeguard the Marine Transportation System (MTS) from cybersecurity vulnerabilities.

]]>

The Coast Guard exercises the Maritime Transportation Security Act of 2002 (MTSA) authorities of Chapter 701 of Title 46 of the U.S. Code. This includes the authority to promulgate Chapter 701 regulations under 46 U.S.C. 70124. This statute provides that the Secretary of Homeland Security may issue regulations necessary to implement Chapter 701 of Title 46. 

]]>

The Coast Guard anticipates the costs for this final rule to come primarily from several requirements.  These include developing a Cybersecurity Plan and performing cybersecurity drills and exercises.  Additional costs are imposed from ensuring and implementing cybersecurity measures, such as account security measures, device security measures, data security measures, cybersecurity training for personnel, reporting cyber incidents, risk management, penetration testing, supply chain management, resilience, network segmentation, and physical security.  The Coast Guard anticipates non-quantified benefits from reducing the risk of cyber incidents through enhanced detection and correction of vulnerabilities in Information technology (IT) and Operational technology (OT) systems; improved mitigation for impacted entities and downstream economic participants if an incident occurs; and improved protection of Marine Transportation System (MTS) firm and customer data to protect business operations, build consumer trust, and promote increased commerce in the U.S. economy.  Additional benefits will accrue due to improving the minimum standard for cybersecurity to protect the MTS and avoid supply chain disruptions, which is vital to the U.S. economy and U.S. national security.

]]> NPRM 02/22/2024 89 FR 13403 NPRM Comment Period Extended 04/09/2024 89 FR 24751 NPRM Comment Period End 04/22/2024 Extended Comment Period End 05/22/2024 Final Rule 12/00/2024 YES Businesses Undetermined No No https://www.regulations.gov https://www.regulations.gov Yes No Christopher Rabalais Commander Chief, Systems Engineering Division (CG-ENG-3) 1625 U.S. Coast Guard USCG 202 372-1375 christopher.p.rabalais@uscg.mil Office of Design and Engineering Standards, 2703 Martin Luther King Jr. Avenue SE, STOP 7509, Washington DC 20593-7509