New Rulemaking Alert: Updates to 33 CFR Part 101 — General Maritime Security Provisions
The U.S. Coast Guard has issued a new rulemaking impacting 33 CFR Part 101, the foundational section that defines the general provisions under the Maritime Transportation Security Act (MTSA). These changes reflect the evolving nature of maritime threats, particularly those involving cybersecurity, supply chain disruption, and the need for enhanced coordination between industry and federal stakeholders.
Even though we covered 33 CFR Part 101 in the previous part, here is a more detailed breakdown:
Part 101 serves as the cornerstone of the MTSA regulatory framework. It defines:
- General maritime security policies
- Definitions and responsibilities for key personnel (e.g., COTP, FSO, FMSC)
- The MARSEC (Maritime Security) level system
- National and Area Maritime Security Planning
- Requirements for incident reporting, including Transportation Security Incidents (TSIs)
This section applies broadly to all MTSA-regulated vessels, facilities, and Outer Continental Shelf (OCS) activities. It also serves as the cornerstone of the MTSA regulatory framework.
It defines the following:
- General maritime security policies
- Definitions and responsibilities for key personnel (e.g., COTP, FSO, FMSC)
- The MARSEC (Maritime Security) level system
- National and Area Maritime Security Planning
- Requirements for incident reporting, including Transportation Security Incidents (TSIs)
Note: This section applies broadly to all MTSA-regulated vessels, facilities, and Outer Continental Shelf (OCS) activities.
Why This Matters to Facilities and FSOs?
These rule changes will directly impact how Facility Security Officers (FSOs) and regulated facilities approach:
- Cybersecurity planning
- Incident reporting
- Annual reviews of Facility Security Plans (FSPs)
- Participation in port-wide exercises and tabletop scenarios
If your facility is located along a navigable waterway especially in high-traffic zones like the Houston Ship Channel you must stay current with these evolving requirements. And if you dont, then the consequences can be as follows:
- Civil Penalties: Fines can range from thousands to hundreds of thousands of dollars per violation, depending on severity.
- Operational Restrictions: The Coast Guard (COTP) can impose restrictions or even shut down port operations or vessel movements until compliance is restored.
- Criminal Liability: In extreme cases, especially where negligence leads to safety or security incidents, criminal charges may be pursued.
- Reputational Damage: Non-compliance can severely damage a company’s reputation with regulators, customers, and partners.
- Increased Scrutiny: The facility may be subject to more frequent inspections, audits, and enforcement actions.
Who is utimately responsible?
The primary legal responsibility lies with the Facility Owner and/or Operator.
- They must ensure all MTSA security requirements, including those under Part 101, are implemented.
- The Facility Security Officer (FSO) manages day-to-day compliance and acts as the liaison with the Coast Guard but does not bear ultimate legal liability.
- Owners/operators are accountable for ensuring resources, training, and security measures are adequate and maintained.
Now for the meat on the bone! The actual CFR which is in Subpart F—Cybersecurity and is found in the last part of this article – [All about the Cyber Security Plan (CSP), CySO and MTSA Facility – Part 4]