An official website of the United States government
The .gov means it's official.
The site is secure.
View Rule
| View EO 12866 Meetings | Printer-Friendly Version Download RIN Data in XML |
| DHS/USCG | RIN: 1625-AC77 | Publication ID: Fall 2024 |
| Title: Cybersecurity in the Marine Transportation System | |
|
Abstract:
The Coast Guard has published a proposed rule to update its maritime security regulations by adding regulations specifically focused on establishing minimum cybersecurity requirements for U.S.-flagged vessels, Outer Continental Shelf facilities, and U.S. facilities subject to the Maritime Transportation Security Act of 2002 regulations. This proposed rulemaking is part of an ongoing effort to address emerging cybersecurity risks and threats to maritime security by including additional security requirements to safeguard the marine transportation system. |
|
| Agency: Department of Homeland Security(DHS) | Priority: Other Significant |
| RIN Status: Previously published in the Unified Agenda | Agenda Stage of Rulemaking: Final Rule Stage |
| Major: Yes | Unfunded Mandates: No |
| CFR Citation: 33 CFR 101 | |
| Legal Authority: 46 U.S.C. 70101 46 U.S.C. 70102 46 U.S.C. 70103 46 U.S.C. 70104 46 U.S.C. 70124 | |
|
Legal Deadline:
None |
||||||||||||||||||
|
Statement of Need: The purpose of this rulemaking is to set minimum cybersecurity requirements for vessels and facilities to safeguard the Marine Transportation System (MTS) from cybersecurity vulnerabilities. |
||||||||||||||||||
|
Summary of the Legal Basis: The Coast Guard exercises the Maritime Transportation Security Act of 2002 (MTSA) authorities of Chapter 701 of Title 46 of the U.S. Code. This includes the authority to promulgate Chapter 701 regulations under 46 U.S.C. 70124. This statute provides that the Secretary of Homeland Security may issue regulations necessary to implement Chapter 701 of Title 46. |
||||||||||||||||||
|
Anticipated Costs and Benefits: The Coast Guard anticipates the costs for this final rule to come primarily from several requirements. These include developing a Cybersecurity Plan and performing cybersecurity drills and exercises. Additional costs are imposed from ensuring and implementing cybersecurity measures, such as account security measures, device security measures, data security measures, cybersecurity training for personnel, reporting cyber incidents, risk management, penetration testing, supply chain management, resilience, network segmentation, and physical security. The Coast Guard anticipates non-quantified benefits from reducing the risk of cyber incidents through enhanced detection and correction of vulnerabilities in Information technology (IT) and Operational technology (OT) systems; improved mitigation for impacted entities and downstream economic participants if an incident occurs; and improved protection of Marine Transportation System (MTS) firm and customer data to protect business operations, build consumer trust, and promote increased commerce in the U.S. economy. Additional benefits will accrue due to improving the minimum standard for cybersecurity to protect the MTS and avoid supply chain disruptions, which is vital to the U.S. economy and U.S. national security. |
||||||||||||||||||
Timetable:
|
| Regulatory Flexibility Analysis Required: YES | Government Levels Affected: Undetermined |
| Small Entities Affected: Businesses | Federalism: No |
| Included in the Regulatory Plan: Yes | |
| RIN Information URL: https://www.regulations.gov | Public Comment URL: https://www.regulations.gov |
| RIN Data Printed in the FR: Yes | |
|
Agency Contact: Commander Christopher Rabalais Chief, Systems Engineering Division (CG-ENG-3) Department of Homeland Security U.S. Coast Guard Office of Design and Engineering Standards, 2703 Martin Luther King Jr. Avenue SE, STOP 7509, Washington, DC 20593-7509 Phone:202 372-1375 Email: christopher.p.rabalais@uscg.mil |
|
|
Reginfo.gov
An official website of the U.S. General Services Administration and the Office of Management and Budget