⚓ USCG MTSA Cybersecurity Toolkit

Meet USCG MTSA Cybersecurity Exercise Requirements
with AI-Powered Maritime OT Tabletop Scenarios

The Coast Guard's Marine Transportation System cybersecurity rule (33 CFR) requires MTSA-regulated facilities and vessels to conduct cybersecurity exercises under an approved Cybersecurity Plan. CyberICS delivers 300+ ready-to-run OT/ICS scenarios, AI-generated After Action Reports, and audit-ready evidence — so your Cybersecurity Officer can demonstrate exercise completion to the Captain of the Port.

Annual Cybersecurity Exercise — approved Cybersecurity Plan
NRC / Coast Guard Incident Reporting Drilled
Terminal OT — Cranes, Gates & TOS Scenarios
300+ ICS/OT Scenarios Ready to Run
Start Free — 14-Day Trial Talk to Our Maritime Sector Team
Compliance Note: CyberICS's exercise scenarios reference the USCG Marine Transportation System cybersecurity rule (33 CFR) as part of a structured training and preparedness program. Completion of exercises on this platform supports — but does not replace — formal Coast Guard-approved Cybersecurity Plan compliance, which requires engagement with your Cybersecurity Officer, Facility Security Officer, and the cognizant Captain of the Port. Consult qualified legal and compliance counsel for official determinations.
Applicability

Who Must Comply with USCG MTSA Cybersecurity

The MTS cybersecurity rule applies to MTSA-regulated facilities, vessels, and OCS facilities that must maintain and exercise a Coast Guard-approved Cybersecurity Plan. Tabletop exercises satisfy the plan's annual exercise obligation.

⚓ MTSA-Regulated Facilities & Terminals

Container terminals, bulk facilities, and port operators subject to MTSA must maintain a Cybersecurity Plan and exercise its incident-response, OT-isolation, and reporting procedures for terminal operating systems, cranes, gates, and reefer monitoring.

🚢 Vessels & OCS Facilities

MTSA-regulated vessels and Outer Continental Shelf facilities must address the vessel-shore interface — navigation data integrity, remote engineering access, and shipboard OT — under the approved Cybersecurity Plan and Coast Guard reporting duties.

👤 Cybersecurity & Facility Security Officers

The designated Cybersecurity Officer and Facility Security Officer must exercise their authorities — activation criteria, OT shutdown decisions, NRC notification, and COTP / Area Maritime Security Committee coordination — with the personnel who would execute them.

Standards Alignment

MTS Cybersecurity Rule — How CyberICS Maps to Each Duty

The Cybersecurity Plan's exercise, reporting, OT-protection, and coordination duties are the ones most directly addressed by tabletop exercises. Both the annual exercise and the annual plan review are tracked as live clocks.

MTSA Cybersecurity Plan Mapping Reference

Relevance: Direct = exercise explicitly required  |  Supporting = exercise validates controls  |  Scenario = scenario content covers the threat domain

Standard Title Key Requirement Addressed CyberICS Capability Relevance
33 CFR — CS Plan Cybersecurity Plan — Incident Response Maintain and exercise incident-response procedures under the Coast Guard-approved Cybersecurity Plan, including reportable-incident determination. Live session mode, scenario-driven exercise flow, timestamped responses, AI AAR documenting the plan-activation record for the annual exercise. Direct
Annual Exercise Annual Cybersecurity Exercise Conduct cybersecurity exercises at least annually per the approved plan (with more frequent drills on the plan's schedule). A formal, evaluated exercise on plan objectives with named personnel; the AAR becomes the annual exercise record supporting the plan review. Direct
NRC Reporting Coast Guard / NRC Incident Reporting Report reportable cyber incidents to the National Response Center and the cognizant Captain of the Port. In-exercise reporting-decision timestamps in the compliance log; drip micro-drills reinforce NRC/COTP notification thresholds. Direct
Plan Review Cybersecurity Plan Review / Audit Annual review/audit of the Cybersecurity Plan, informed by exercise findings. AAR findings and the remediation tracker feed plan amendments; readiness trend surfaces recurring gaps for the annual review. Supporting
OT Measures Terminal & Vessel OT Protection Protect terminal operating systems, cranes, gates, and vessel OT; define safe-state and isolation procedures. Crane, TOS, and vessel-shore scenarios exercise safety-first shutdown decisions, OT isolation, and return-to-service verification. Scenario
AMSC Coord. COTP & Area Maritime Security Coordination Coordinate cyber-physical incidents through the COTP and Area Maritime Security Committee at the applicable MARSEC level. Capstone coordinated cyber-physical scenarios exercise unified command, AMSC coordination, and MARSEC-level decisioning with the COTP. Scenario
Platform Capabilities

How CyberICS Directly Supports MTSA Cybersecurity Compliance

Three platform capabilities work together to satisfy the Cybersecurity Plan's annual-exercise and documentation duties.

🎲
Annual Cybersecurity Exercise

Documented Exercise Execution

Live Session mode provides a structured, real-time exercise environment. Participants join by code, respond to scenario steps, and all activity is timestamped — creating an auditable exercise record.

  • Timestamped participant activity log
  • Step-by-step scenario walkthrough record
  • Host control bar with session metadata
  • Exercise duration and completion record
📋
Annual Cybersecurity Exercise

AI-Generated After Action Report

CyberICS's AI engine generates a structured AAR immediately after each exercise — documenting gaps identified, recommended corrective actions, and framework alignment.

  • Structured gap analysis with severity ratings
  • Framework reference per identified gap
  • Corrective action recommendations
  • Downloadable PDF in minutes, not days
📄
Audit Evidence Package

Compliance Evidence Export

The Compliance Dashboard generates per-framework evidence packages — a multi-page audit PDF covering exercise log, controls mapping, gap analysis, remediation timeline, and formal attestation page.

  • Exercise date, participants, and scenario record
  • Framework controls coverage map
  • Gap-to-remediation timeline
  • Attestation page for compliance files
Scenario Library

Maritime Sector Scenarios — Ready to Run

Six high-fidelity maritime and port scenarios are immediately available, sequenced from foundational to advanced. Each exercises Cybersecurity Plan procedures across your OT, terminal operations, and executive teams.

Terminal Operations
Terminal Operating System Ransomware

The TOS is encrypted an hour before vessel operations; gate lanes and crane queues are dead. Tests NRC/COTP reporting, manual vessel-work decisions, and landside backlog management.

CS Plan IR Reporting TOS OT
Crane & Quay OT
Ship-to-Shore Crane OT Compromise

An STS crane executes an uncommanded movement; its PLC shows firmware nobody installed. Tests safety-first shutdown decisions, OEM coordination, and return-to-service verification.

OT Measures Safety Vendor
Vessel-Shore Interface
Navigation Data Manipulation

Arriving vessels report GPS jumps and AIS ghosts in the channel. Tests pilot/VTS/COTP coordination and determining whether the facility network is the interference source.

CS Plan COTP Integrity
Formal Exercise
Annual Cybersecurity Exercise (Formal)

A planned, evaluated exercise on the plan's objectives — Cybersecurity Officer authorities, OT isolation for cranes/gates/reefer, and NRC reporting. Deviations become plan-review findings.

Annual Exercise Plan Review Governance
Port Community Systems
Cargo Data Integrity Attack

Containers are released against manipulated manifest data over days. Tests CBP/carrier coordination, access-path hunting in shared port systems, and shipment-verification decisions.

CS Plan CBP Integrity
Cyber-Physical
Coordinated Port Disruption

Gate systems fail open across terminals while a drone closes the anchorage — possibly coordinated. Tests unified command, AMSC coordination, and MARSEC-level decisions with the COTP.

AMSC Unified Cmd MARSEC

Plus 59 additional scenarios across Energy, Oil & Gas, Manufacturing, Water, Rail, and more. Browse the full library →

Evidence Artifacts

Audit-Ready Documentation — Every Exercise

Every CyberICS exercise automatically generates four categories of compliance evidence that map directly to Cybersecurity Plan documentation requirements.

📋
After Action Report (AAR)

AI-generated structured PDF with gap analysis, corrective actions, and framework references. Ready within minutes of exercise completion.

Annual Exercise Record
📈
Compliance Evidence Package

Multi-page per-framework audit PDF: exercise log, controls mapping, gap analysis, remediation timeline, and signed attestation page.

All Plan Objectives
🕑
Session Activity Transcript

Timestamped record of all participant responses, host actions, and step progression. Demonstrates real exercise activity to auditors.

NRC Reporting Log
🔗
Gap-to-Ticket Tracking

Gaps identified in the exercise are automatically pushed to ServiceNow or Jira as remediation tickets — creating a documented corrective action trail.

Remediation Evidence

Explore the Full Regulatory Toolkit Library

CyberICS exercise evidence maps to multiple frameworks simultaneously. One exercise program — complete regulatory coverage.

Ready to Run Your Annual MTSA Cybersecurity Exercise?

Start free with a 14-day trial — no credit card required. Or talk to our maritime sector team about Cybersecurity Plan exercise programs across your terminals and vessels.

Also explore: TSA Directives Toolkit  ·  NIST SP 800-82 Toolkit  ·  IEC 62443 Toolkit