The Eurofile Live Podcast: is a New Era Emerging for the Euro?
November 17, 2025 • 11:00 am – 12:00 pm EST
Hosted by Europe, Russia, and Eurasia Program
The U.S. Coast Guard and the Future of Maritime Cybersecurity
Photo: Ilja/Adobe Stock (AI-Generated)
Regulatory, legislative, and policy developments have provided the U.S. Coast Guard (USCG) with new cybersecurity tools and expanded authorities to secure the marine transportation system (MTS) from cyber threats. At the same time, budgetary headwinds that historically plagued the service have shifted. With nearly $25 billion of funding in the One Big Beautiful Bill Act, the USCG finds itself in the favorable—if unfamiliar—position of having resource winds at its back. The result? A chance for generational change in safeguarding the maritime cyber domain and bolstering the USCG cyber workforce. This commentary prescribes a path to capitalize on these legislative, policy, and funding wins: confirmation of key USCG senior leaders, enhanced cyber talent management, passage of pending USCG cyber legislation, broader interagency integration of USCG cyber capabilities, and rapid integration of private sector tools.
Maritime Cybersecurity: Regulatory, Legislative, and Policy Developments
President Biden signed Executive Order 14116, “Amending Regulations Relating to the Safeguarding of Vessels, Harbors, Ports, and Waterfront Facilities of the United States.” Invoking the Magnuson Act, the executive order (EO) found that “malicious cyber campaigns” are endangering the United States and amended regulations at Title 33, Code of Federal Regulations, Part 6, to better protect vessels, harbors, and waterfront facilities from cyber threats. The updated regulations mandate cyber incident reporting and empower the captain of the port (COTP)—a USCG official with broad law enforcement authorities in a designated COTP zone—to directly address a host of cyber threats. While COTPs have long exercised broad authorities to address maritime threats, EO 14116 makes clear that those authorities explicitly include cyber threats.
The USCG also issued a notice of proposed rulemaking to implement minimum cybersecurity requirements for U.S.-flagged vessels, Outer Continental Shelf facilities, and U.S. facilities subject to the Maritime Transportation Security Act of 2002. The final rule requires cyber incident response plans, cybersecurity drills, and designation of a cybersecurity officer, among other measures. It expands the definition of a maritime “hazardous condition,” which must be reported to the USCG, to include cyber incidents. The proposed rule drew robust public comment, which informed phased implementation and potential additional delays. But time is of the essence. Major cyberattacks, including Colonial Pipeline and NotPetya, have illustrated the damage that state and nonstate cyber actors can cause to maritime infrastructure and utilities. While the industry has agitated for more time to implement new requirements, maritime stakeholders should be preparing for these heightened cybersecurity standards.
The service has also promulgated policies to sharpen its focus on cyber threats and its cyber workforce, including the 2015 USCG Cyber Strategy and 2021 USCG Cyber Strategic Outlook. These strategic documents, coupled with a new technology campaign and improved cybersecurity posture, underscore the service’s commitment to treating cyberspace as a coequal operational domain. But strategic documents are cold comfort to maritime stakeholders who face daily assaults from sophisticated cyber threats. And USCG cybersecurity is not without its critics. The Government Accountability Office (GAO), the U.S. congressional watchdog, released a 2025 report concluding that the service has not sufficiently addressed key characteristics to inform an effective national strategy, inadequately assessed cyber workforce gaps, and cannot readily access complete data on cyber deficiencies.
There is reason for optimism. In March, the Department of Homeland Security (DHS) announced Force Design 2028 (FD 2028), an initiative to identify and establish the USCG force necessary to meet the demands of current and future operating environments. DHS Secretary Kristi Noem approved the FD 2028 execution plan, making a host of changes to the USCG’s organization, contracting, acquisitions, personnel, and technology. Most relevant to cybersecurity, the execution plan modernizes legacy USCG cyber systems, enhances its cybersecurity posture (including implementation of the Department of Defense zero trust architecture), establishes a program executive office for Command, Control, Communication, Computer, Cyber, and Intelligence, and equips the USCG Cyber Command with new tools to defend the USCG network and combat cyber threats.
USCG Cyber at a Crossroads: The Way Ahead
The historic $25 billion investment in the service, expanded USCG cyber authorities, and FD 2028’s targeted actions augur well for maritime cybersecurity and the USCG cyber workforce. But capitalizing on this opportunity requires the following actions by the Trump administration, Congress, the interagency, and the USCG.
Nominate and Confirm USCG Senior Leadership
The USCG’s cyber goals are ambitious. But DHS and USCG leadership are—at this particular moment—uniquely positioned to execute on ambition in the cyber domain. Sean Plankey, senior advisor to the Secretary of Homeland Security for the USCG, is leading FD 2028 development and implementation and has been nominated to lead the Cybersecurity and Infrastructure Security Agency. A prior National Security Council (NSC) director of cyber policy, Department of Energy principal deputy assistant secretary for cybersecurity, and private sector cyber executive, Plankey has the experience, technical expertise, and interagency bona fides to successfully drive cyber change at speed and scale. Acting Commandant Kevin Lunday previously served as commander of the USCG Cyber Command—the first USCG 4-star to have led the service’s cyber workforce. Admiral Lunday also has joint experience as director of exercises and training at U.S. Cyber Command. Finally, the Commander of USCG Cyber Command, Rear Admiral Jason Tama, previously served as the NSC senior director for resilience, leading responses to national crises, including cyberattacks. The USCG has a very deep bench of senior cyber experience. This will not always be the case. Accordingly, the service should aggressively execute FD 2028’s cybersecurity changes while these senior leaders are in place.
To capitalize on this expertise, USCG leaders should be confirmed. At the USCG Academy commencement in May, Secretary Noem announced President Trump’s intent to nominate Admiral Lunday to serve as the 28th commandant. Other announced nominees included the vice commandant, deputy commandant for operations, chief of staff, Atlantic area commander, and Pacific area commander. To date, formal nominations for these positions have not been transmitted to the Senate. Plankey and Admirals Lunday and Tama are uniquely qualified to drive USCG cybersecurity changes. That work is made harder by further delays in nominating USCG executive leadership. A recent report by the CSIS Intelligence, National Security, and Technology Program warned that Russia, China, and Iran will continue to aggressively deploy offensive cyber tools, including in the maritime domain. Senate-confirmed USCG leaders are best positioned to confront these threats.
Attract and Retain a USCG Cyber Workforce
Executive leadership is critical, but USCG cyber engagements are won or lost by cybersecurity specialists, cyber protection teams, and facility and vessel inspectors. In GAO’s telling, that workforce leaves more to be desired: Its 2025 report noted that the USCG cyber workforce has key vacancies and found that the USCG has not adequately assessed cyber staffing. The challenge is not unique to the USCG. As others have observed, there is a “perennial shortage of qualified personnel in the military cyber community.”
Policy measures are taking aim at such gaps. In September, the USCG released special duty pay (SDP) levels. While SDP interventions target various critical specialties (e.g., rescue swimmers, marine inspectors, and intelligence specialists), cyber operators, cryptologic specialists, and C5ISC electronics repair personnel were all included and will receive pay incentives up to $300 per month. Moreover, critical skills retention bonuses for enlisted cyber personnel range from $50,000 to $120,000 and up to $30,000 for officers. Though modest compared to private sector compensation, these incentives are a meaningful step in attracting and retaining the talent necessary to carry out the USCG’s cyber missions. Continuing to enhance and expand these incentives is vital to USCG cyber talent management.
The USCG’s mandate for all-domain security necessitates a different kind of workforce. Afloat, aviation, and marine safety professionals remain essential to core USCG functions. But new positions such as the chief data and artificial intelligence officer and ratings such as cyber mission specialist underscore that legacy USCG missions are necessary—but not sufficient—for the modern threat landscape. The service, which prizes multidisciplinary officers, must learn to treat consecutive and specialized tours in cybersecurity as assets rather than liabilities. The challenge here extends beyond the USCG, and all military services have proven “reluctant to change their promotion and talent management processes to accommodate the long timelines required for mission effectiveness in the cyber domain.”
The USCG will not outcompete the tech private sector in financial incentives. But it should leverage what it uniquely offers in the cyber domain: a strong sense of mission, coupled with a viable path to promotion and the opportunity for greater leadership. Nor are military service and private sector employment mutually exclusive. Indeed, the establishment of the first USCG reserve cyber unit has shown that private sector talent can increase operational effectiveness and open new pathways to military service.
Pass USCG Cyber Legislation
The One Big Beautiful Bill Act contains $2.2 billion for USCG aviation, cutter, and shore facility depot maintenance and maintenance of command, control, communication, computer, and cyber assets. It also provides $170 million for improving maritime domain awareness, including in the cyber domain. With these resources, the service is better positioned than ever to execute broader cyber detection and enforcement authorities.
The USCG Authorization Act of 2025 (CGAA), passed in differing forms in the House and Senate, contains promising changes. Included in the House CGAA is Section 212, Cyber Coordination and Support in Foreign Territories. This provision allows the USCG to coordinate with foreign governments and intergovernmental organizations to provide cyber assistance related to the MTS and assets outside the United States, so long as those systems and assets have a nexus to the U.S. MTS or to illegal fishing. Foreign assistance is a muscle the service has exercised extensively in the post–9/11 era. For example, the service’s International Port Security Program has identified gaps in foreign antiterrorism measures and built international capacity to mitigate those threats. Through international engagements, workshops, and country assessments, the USCG has improved international port security measures. The Cyber Coordination and Support in Foreign Territories provision would similarly allow the United States and international partners to better detect and respond to cyber threats. Both House and Senate CGAAs would amend 46 U.S.C. 70011 to increase USCG waterfront safety authorities to protect bridges and navigable waterways from cyber incidents, transnational organized crime, or foreign state threats. In addition, both bills amend the president’s authorities under the Magnuson Act to explicitly include cyber incidents, transnational organized crime, or foreign state threats.
Bipartisan consensus, even in the defense and security space, is a rare commodity. USCG cyber funding and broadened authorities to address domestic and international cyber threats are examples of where that rare consensus has been built. Moreover, a CGAA has not been passed into law since December 2022. The CGAA of 2025 is the vehicle for expanding USCG cyber authorities. Leaders of both parties should insist on its standalone passage or inclusion in the National Defense Authorization Act for Fiscal Year 2026.
Further Integrate the Coast Guard in Whole-of-Government Cyber Operations
USCG cyber operators are integral to whole-of-government cyber operations. U.S. Cyber Command recently completed its annual training exercise, Cyber Guard 25-2, which created a joint task force with the USCG to defend maritime infrastructure from cyberattacks. Beyond exercises, USCG cyber operators are assigned to U.S. Cyber Command and collaborate with intelligence community components. This integration of USCG forces should continue and expand. To do so successfully, defense- and intelligence-related cyber legislation must not inadvertently exclude the USCG by virtue of its place within the DHS. The USCG should be fiscally resourced to increase the size and proficiency of its cyber workforce. While recent reconciliation funding for cyber tools is a positive start, it is no panacea. Optimizing the USCG’s role in whole-of-government cybersecurity will require sustained investment.
Rapidly Procure and Integrate Private Sector Cyber Tools
Many USCG members are familiar with—and contemptuous of—legacy systems such as the Marine Information for Safety and Law Enforcement (MISLE) database that hinder rather than advance operations. Defending the USCG’s network from external attack and rooting out MTS cyber threats requires more. And that work has begun. Thoughtful analysis of the Technology Revolution initiative to modernize USCG information technology (IT) infrastructure notes improvements in cutter connectivity, data analytics, and deployment of DoD365. It also takes a clear-eyed view of enduring deficiencies such as MISLE and legacy financial systems. The USCG recently approved a decision to proceed with the replacement of MISLE—a critical, if long overdue, milestone.
Two of the four FD 2028 pillars are centered on modernizing technology to better support USCG personnel: “contracting and procurement” and “technology.” This will include the acquisition of new technologies such as artificial intelligence and commercial cloud services, and optimization of existing technologies. The service is also ensuring operators can connect to upgraded systems through the cutter internet project, installing satellite connectivity technology on over 80 percent of the cutter fleet. Stable satellite, 5G, and wifi connectivity, long treated as “nice to haves,” are increasingly treated as imperatives. USCG missions and personnel will benefit from this shift in thinking.
The USCG need not—indeed, should not—undertake to organically design, build, and install these technology tools. The time is ripe for private sector innovation. For example, in the thorny area of ship construction, members of Congress are increasingly looking to the private sector for “rapid, agile, iterative” manufacturing solutions rather than lengthy, stilted, and increasingly untenable government acquisition processes. And the April 2025 EO on Restoring Common Sense to Federal Procurement makes it the policy of the United States to “create the most agile, effective, and efficient procurement system possible.” Consistent with that policy, the speed and scale of USCG acquisitions are increasing with its establishment of RAPTOR, a rapid prototype team to quickly identify and deliver technology capabilities. This fresh approach to technology integration promises more agility in adopting leading-edge tools and a willingness to dispose of obsolete tech. For servicemembers raised on “do more with less”—what one USCG officer has aptly described as a “scarcity culture”—a brighter and more dynamic era of technology adoption is on the horizon.
Conclusion
Recent regulatory, legislative, and policy changes are reshaping the USCG cyber workforce and the broader regulatory regime for securing the MTS from cyberattack. Congress and the Trump administration have made a generational investment in the USCG via the One Big Beautiful Bill Act, and the service has the deepest bench of senior cyber leaders in its history. This level of USCG funding, coupled with this cadre of senior cyber leadership, may not recur for some time. It may not recur at all. To seize this moment, the White House should formally nominate USCG executive leadership, and the Senate should timely confirm those officers. The Service must enhance and expand financial and career progression incentives to continue the growth and expertise of its cyber workforce. Congress should also codify expanded cyber authorities by passing the CGAA of 2025. FD 2028 promises to break the mold, establishing the procurement, personnel, and operational dynamism that modern military cyber operations demand. With cyber funding, authorities, personnel, and confirmed executive leadership in place, the USCG will be well-positioned to make good on that promise.
Commander Joel Coito is a military fellow in the Defense and Security Department at the Center for Strategic and International Studies in Washington, D.C.