The maritime transportation sector is undergoing massive digital transformation that is introducing an increased cyber-physical attack surface. In response to this and federal mandates, major U.S. port authorities have begun a shift from voluntary best practices to adhering to strict, mandatory security guidelines for their tenants.
That shift is being driven by the Coast Guard’s Cybersecurity in the Marine Transport System (MTS) final rule. Organizations operating within these jurisdictions are now required to implement comprehensive cybersecurity policies covering all information technology (IT) and operational technology (OT) networks on site.
This means compliance is no longer just about firewalls and segmentation, it also includes requirements around deep visibility and asset inventories, and control over cyber-physical systems (CPS) protection of critical assets such as automated ship-to-shore cranes, remote control centers, HVAC and building automation and management systems, and project engineering stations.
Some of the measures in the final rule for MTS-regulated facilities and vessels include:
Cybersecurity Plan (CSP): Entities must develop and maintain a plan covering account security, data protection, and OT system safeguards.
Cybersecurity Officer (CySO): A designated person must be appointed to oversee the implementation of the cybersecurity plan.
Assessments and Audits: Annual risk assessments of IT/OT systems are required to identify vulnerabilities.
Incident Response Plan: A documented plan for responding to and reporting cyber incidents.
Technical Controls:
Account Security: No default passwords, mandatory multi-factor authentication (MFA), and automatic account lockouts.
Access Control: Strict control over access to systems, including least privilege for users.
Network Security: Segmentation of IT/OT networks.
Training and Exercises: Personnel must undergo cybersecurity training, and facilities must conduct annual cybersecurity drills.
The rule applies to owners and operators of U.S.-flagged vessels, outer continental shelf (OCS) facilities, and facilities required to have a security plan under 33 CFR parts 104, 105, and 106.
Port operators are required to adhere to the following.
Incident Reporting: A "reportable cyber incident" includes any incident that results in a significant disruption to operations or a loss of confidentiality/integrity.
Deadlines: The rule was effective as of July 16, 2025, with compliance expected within 24 months for certain requirements.
A purpose-built CPS protection platform is now a necessity rather than a nice-to-have and if port operators are to improve cyber and operational resilience, the new set of rigorous new standards requires programmatic support.
How the Claroty Solution Supports Port Authorities
To support cyber-physical systems protection (CPSP) programs for port operators, Claroty presents a solution-forward approach to reducing operational risk while improving resiliency across the operation:
Mandated OT Network Segmentation
The MTS Requirement: Recent seaport guidelines explicitly require tenants to develop network segmentation policies to ensure that OT systems can continue to safely operate even if an IT system has been compromised, and vice versa.
The Claroty Solution: Claroty maps network assets and their communication pathways, providing the baseline visibility required to design, test, and enforce robust IT/OT segmentation without risking disruption to critical terminal operations.
Continuous Monitoring and Anomaly Detection
The MTS Requirement: Port operators must implement continuous monitoring and detection policies to defend, detect, and respond to cybersecurity threats and anomalies that affect critical system operations.
The Claroty Solution: Claroty’s Continuous Threat Detection (CTD) and xDome solutions by either actively (safe queries) or passively monitor network traffic in real-time. This ensures that security teams are instantly alerted to malicious activity, unauthorized changes, or policy violations within the OT environment, fulfilling the continuous monitoring mandate.
Proactive Vulnerability Management and Patching
The MTS Requirement: Guidelines dictate that tenants must reduce the risk of exploitation by applying security patches and updates to critical systems in a timely manner using a risk-based methodology. They also mandate periodic vulnerability testing.
The Claroty Solution: Claroty’s Exposure Management automatically correlates discovered OT and IT assets with known vulnerabilities. By providing risk-based scoring and mitigation recommendations, Claroty helps operators prioritize their hardening efforts and patch management long before threat actors can exploit them.
Securing Access to Critical Systems
The MTS Requirement: Seaport tenants are required to create strict access control measures to secure and prevent unauthorized access to critical cyber systems.
The Claroty Solution: Standard IT VPNs are often insufficient and risky for OT environments. Claroty Secure Access is specifically designed for industrial networks, providing frictionless, secure, and fully audited remote access for internal personnel and third-party contractors while ensuring strict credential management.
Additionally, some protocols central to critical port components and operations are in Claroty xDome. Those include Siemens’ S7, Rockwell Automation’s CIP, ABB’s RNRP, Modbus, Profinet, MQTT, and other standard protocols used across commercial products and applications.
Programmatic CPS Protection a Must
The regulatory environment for seaports is getting stricter. Relying on legacy IT security tools for complex cyber-physical environments will lead to compliance gaps and, more importantly, increased cyber and operational risks. Better governance and programmatic support of CPS is urged.
