Stay ahead of cyber threats with expert guidance and solutions that support compliance, enhance safety and minimize risk.
As cyber threats targeting maritime critical systems grow increasingly frequent and sophisticated, vessel owners, shipyard operators, and MTSA-regulated facilities must understand and comply with evolving regulations to help ensure the resilience of their operations, protect critical assets, and support the safety and security of the maritime industry.
Updates to the Maritime Transportation Security Act (MTSA) Cyber Regulations issued by the United States Coast Guard (USCG) in February 2024 and the International Association of Classification Societies (IACS) E26 and E27 Cyber Regulations are reshaping how maritime stakeholders must address cyber risks.
Guiding Maritime Cybersecurity Compliance:
In February 2024, USCG updated maritime security regulations to establish minimum cybersecurity requirements for U.S.-flagged vessels, Outer Continental Shelf facilities, and MTSA-regulated facilities. The new rule addresses cybersecurity threats by requiring entities to develop a Cybersecurity Plan, designate a Cybersecurity Officer, and implement measures to detect, respond to, and recover from cybersecurity incidents. These updates are designed to strengthen the maritime sector’s resilience against cyber risks and help ensure the safety of operations.
Milestone Dates: The final rule on MTSA Cyber Regulations published by the USCG goes into effect July 16, 2025, which includes a cybersecurity training deadline on January 12, 2026 and a full compliance deadline of July 2027.
Cybersecurity Solutions to Support MTSA Compliance
IACS E26 regulations establish cybersecurity requirements for vessels and shipbuilding processes. These standards ensure that vessels are designed, constructed and operated with robust cybersecurity measures to protect onboard systems from cyber threats.
IACS E27 regulations address cyber resilience of individual systems and equipment installed on the ship, with particular emphasis on the security of third-party equipment and systems.
Milestone Date: The IACS E26 and E27 regulations are mandatory for new ships contracted for construction on or after July 1, 2024, and are strongly recommended for consideration by ship owners in their existing fleets to improve cyber security preparedness.
Non-compliance with these regulations can result in operational disruptions, financial losses due to cyber incidents and Regulatory penalties and reputational damage.
By proactively addressing these regulations, maritime stakeholders can:
ABS Consulting is a premier provider of cybersecurity consulting, implementation, and risk management services. We will work with you to understand and reduce your cyber risk. From the earliest concept and design phases to integrating a program into existing operations, we'll help your organization develop and implement the controls you need to manage cyber risk.
Our qualified consultants leverage multiple engineering disciplines and emergency management expertise to help companies protect, defend, detect, and respond to a cyber incident. Explore our OT cybersecurity solutions or get started with a consultation at your facility.
ABS Consulting is your trusted advisor for Cyber Risk Management. Get started with a custom plan to secure your operations.
