The U.S. Coast Guard issued a policy letter outlining new cybersecurity training requirements for personnel with access to IT or OT (operational technology) systems. Aligned with recent regulations, the policy is part of broader efforts to enhance cybersecurity within the Marine Transportation System. It also mandates that personnel on U.S.-flagged vessels, facilities, and Outer Continental Shelf (OCS) facilities subject to the Maritime Transportation Security Act (MTSA) of 2002 complete the required cybersecurity training by Jan. 12, 2026.
In an update last week, the USCG detailed an October Policy Letter that announced the publication of Navigation and Vessel Inspection Circular (NVIC) 02-24, CH 1, Reporting Breaches of Security, Suspicious Activity, Transportation Security Incidents, and Cyber Incidents. The circular includes updated guidance on reporting cyber incidents.
The key updates include the incorporation of reportable cyber incident reporting requirements, alignment of cyber incident and reportable cyber incident reporting criteria, and harmonization of cyber incident reporting. Additionally, the FBI now accepts NRC reports as meeting federal notification requirements. This update reflects the Coast Guard’s ongoing efforts to enhance maritime cybersecurity policy and ensure consistent, efficient communication in light of evolving threats. Maritime industry professionals should review the updated NVIC closely to ensure full compliance with these revised requirements.
Read the rest of the story at Industrial Cyber.
