How We Think About Security at MobileOps
Security isn't a checkbox. It's a mindset, and for tug and barge operators, it's increasingly a regulatory requirement. With the U.S. Coast Guard's landmark cybersecurity rule now in effect, there's no better time to share how MobileOps approaches data security and what we're doing to help our customers stay compliant, protected, and operational.
The New USCG Cybersecurity Rule: What You Need to Know
On January 17, 2025, the U.S. Coast Guard published its final rule, Cybersecurity in the Marine Transportation System, codified at 33 C.F.R. Part 101, Subpart F. The rule took effect July 16, 2025, and applies to U.S.-flagged vessels subject to MTSA, Outer Continental Shelf facilities, and facilities regulated under 33 CFR Parts 104, 105, and 106. Applicability doesn't hinge on the size of your IT footprint — even vessels with minimal digital systems must assess vulnerabilities and implement appropriate controls.
Every regulated operator faces the same core obligations:
Designating a Cybersecurity Officer (CySO) responsible for overseeing implementation and incident response
Conducting an annual Cybersecurity Assessment to identify vulnerabilities and evaluate system resilience
Developing and submitting a Cybersecurity Plan to the USCG for approval
Reporting cyber incidents to the National Response Center (NRC)
Full compliance is required by July 16, 2027. The rule doesn't prescribe exactly how you meet these requirements — but it holds you accountable for having a documented, enforceable plan. For many tug and barge operators, that means taking a hard look at what systems you're running, who has access to them, and what happens if something goes wrong.
Why Cybersecurity Matters for Tug and Barge Operators
Cyberattacks on maritime operations can lead to severe consequences: financial losses, operational disruptions, and in worst-case scenarios, environmental disasters and compromised crew safety. Vulnerabilities in navigation systems, operational technologies, and communications are real and growing.
Tug and barge operators who embrace cybersecurity best practices protect their assets, maintain regulatory compliance, reduce liability exposure, and ensure that operations keep running when it matters most.
How MobileOps Approaches Security
MobileOps is built for maritime operators managing compliance, inspections, crew records, and operational documentation. Our customers trust us with sensitive data — crew schedules, maintenance records, operational reports — and we take that responsibility seriously.
Here's how we build and maintain security across the platform:
Two-Factor Authentication (2FA)
Relying solely on passwords is no longer enough. Two-Factor Authentication adds a critical second layer of security, requiring users to validate their identity using something they know (a password) and something they have (a mobile device or authentication app). For tug and barge operators, this is especially important for protecting mission-critical systems — crew schedules, maintenance records, and operational reports that your business depends on.
All MobileOps accounts support 2FA, and we strongly encourage our customers to use it.
Single Sign-On (SSO)
For organizations managing users at scale, MobileOps supports Single Sign-On (SSO) integration. SSO means your team authenticates through your organization's trusted identity provider rather than managing a separate set of credentials for MobileOps. This reduces credential sprawl, centralizes access control, and makes onboarding and offboarding significantly safer.
Password Policies and Reset Intervals
We enforce documented password policies across the platform, including minimum complexity requirements and periodic reset intervals. Accounts that exceed the defined reset threshold are flagged and prompted to update. This is consistent with the USCG rule's access control requirements and NIST 800-171 guidance on password management.
Role-Based Access Control
MobileOps uses role-based access control (RBAC) so users only access the data relevant to their role. We highly discourage customers from creating shared accounts in favor of individual, auditable credentials per user — a requirement under the USCG final rule. Every action in the system is attributable to a specific user.
Session Timeouts and Login Lockouts
Inactive sessions are automatically terminated after a defined period. Repeated failed login attempts trigger automatic account lockout and cooldown period — consistent with USCG rule requirements for IT systems.
Data Security and Encryption
All data in MobileOps is encrypted in transit and sensitive data is encrypted. We follow industry-standard practices for protecting stored credentials and sensitive operational records, and we undergo regular security reviews to stay ahead of emerging threats.
Reliable Access in the Field
We understand that tug and barge crews often operate in remote locations with limited or intermittent connectivity. MobileOps is designed to keep critical operational data accessible and secure, regardless of where your crew is working. Ensuring that vital information is never delayed or exposed is built into how we architect the platform.
Incident Response and Transparency
We maintain documented incident response procedures. In the event of a security incident, we are committed to transparent, timely communication with our customers: what happened, what data was affected, and what's being done about it.
The Bigger Picture
The USCG's cybersecurity rule is a response to a real and growing threat. The maritime industry is increasingly a target and the consequences of a breach go beyond data loss. Software platforms like MobileOps sit at the intersection of your operational data and your regulatory obligations.
That means we have a responsibility to be part of the solution: building a platform that makes compliance easier, protecting your data with the same care you bring to protecting your crew, and earning the trust you place in us every day.
We'll keep investing in security — not because a regulation requires it, but because your operation depends on it.
Have questions about how MobileOps handles security or how our platform can support your cybersecurity compliance efforts? Contact us via support@mobileops.co
