MTS CYBER Act of 2026
- Bill Number
- H.R. 7625
- Origin Chamber
- House
- Congress
- 119th Congress, Session 2
- Policy Area
- Transportation and Public Works
- Status
- Introduced
- Latest Action
- 2026-02-23: Referred to the Subcommittee on Transportation and Maritime Security.
- Last Updated
- 2026-07-10T08:05:37Z
AI-Generated Summary
Purpose
The legislation, titled the Marine Transportation System Cybersecurity Budget and Evaluation Report Act of 2026 (or MTS CYBER Act of 2026), aims to address growing cyber threats to the U.S. marine transportation system (MTS)—which includes ports, waterways, vessels, and related infrastructure vital for trade and economic stability. It directs an independent review by the Government Accountability Office (GAO, led by the Comptroller General) to evaluate whether the U.S. Coast Guard has sufficient budget, staff, and tools to fulfill its role as a co-Sector Risk Management Agency (SRMA) for protecting the MTS from cyber risks. SRMAs are federal agencies responsible for coordinating risk management in specific infrastructure sectors, as defined under the Homeland Security Act of 2002.
Key Provisions
- Congressional Findings: The bill outlines background facts, including:
- The MTS supports over $2.1 trillion in U.S. economic activity (41.5% of global trade value).
- Rising cyber threats pose risks to national security and the economy.
- The Departments of Homeland Security (DHS) and Transportation (DOT) are co-SRMAs for the MTS, with delegated duties to the Coast Guard and Transportation Security Administration (TSA).
- Recent expansions of Coast Guard authority via Executive Order 14116 (2024) and a new cybersecurity rule require mandatory reporting of cyber incidents by regulated entities (e.g., ports and ships).
- Despite $20 billion in port infrastructure funding, there is no specific allocation for cybersecurity, leaving the Coast Guard underfunded and understaffed for these duties.
- GAO Review Requirement (Section 3):
- The Comptroller General must complete a review within 270 days of enactment.
- The review assesses:
- Whether Coast Guard funding is adequate for SRMA responsibilities, including cybersecurity personnel, training, and enforcement, based on laws like the National Defense Authorization Act for Fiscal Year 2021 and Presidential Policy Directive 21 (which outlines critical infrastructure protection).
- The Coast Guard's ability to check compliance with cybersecurity rules among regulated entities (e.g., verifying if ports and vessels meet reporting and security standards).
- The quality of guidance provided to industry on complying with cyber regulations, compared to federal standards and best practices in maritime cybersecurity.
- Reporting: The GAO must submit findings and recommendations to key congressional committees in the Senate (Commerce, Science, and Transportation; Appropriations; Homeland Security and Governmental Affairs) and House (Transportation and Infrastructure; Appropriations; Homeland Security).
- Definitions (Section 4): Clarifies terms like "marine transportation system" (navigable waters, ports, vessels, etc., for goods and people movement) and "SRMA" (as defined in federal law).
Significant Changes to Existing Law
This bill does not directly amend or repeal existing laws but introduces a new mandate for a one-time GAO audit focused on cybersecurity resourcing. It builds on prior authorities (e.g., the 2021 NDAA and 2024 Executive Order) by requiring evaluation of their implementation, potentially highlighting gaps that could prompt future legislative fixes, such as increased funding or staffing requirements for the Coast Guard.
Potential Impacts
- Government Agencies: The Coast Guard (under DHS) may face increased scrutiny of its budget and operations, possibly leading to recommendations for more funding or personnel to handle cyber oversight. DHS and DOT could see indirect effects through better coordination as co-SRMAs. Congress may use the report to adjust future budgets, addressing noted underfunding.
- Citizens and Economy: Enhanced Coast Guard capabilities could improve protection of the MTS, reducing risks of cyber disruptions to trade, supply chains, and jobs (the MTS supports billions in economic activity). Citizens relying on affordable goods transported by sea might benefit from fewer disruptions.
- International Relations: As the MTS handles global trade, stronger U.S. cybersecurity could bolster alliances with trading partners (e.g., via shared standards) and deter foreign cyber threats, but it might increase regulatory burdens on international shipping firms operating in U.S. waters.
Main Stakeholders Affected
- U.S. Coast Guard: Primary focus, as the review evaluates its readiness and resources for MTS cybersecurity.
- Maritime Industry: Ports, shipping companies, terminals, and vessel operators, who must comply with new cyber rules and receive guidance; they could gain from clearer standards but face potential enforcement.
- Federal Agencies: DHS, DOT, TSA (for coordination and implementation).
- Congressional Committees: Those receiving the report, influencing oversight and funding decisions.
- Broader Economy: Businesses and consumers dependent on MTS for trade, including importers/exporters and logistics firms.
Notable Legal, Constitutional, or Political Implications
- Legal: Reinforces existing frameworks like PPD-21 and the Homeland Security Act by mandating accountability for delegated SRMA duties, without creating new enforcement powers. The GAO's independence ensures an objective, non-partisan assessment, potentially leading to enforceable recommendations via future appropriations.
- Constitutional: Aligns with Congress's power of the purse (Article I) to oversee executive branch spending and national security, promoting checks and balances on agency resourcing for critical infrastructure.
- Political: Highlights bipartisan concerns over underfunding amid rising cyber threats, potentially pressuring the executive branch (e.g., Biden administration initiatives) for targeted cybersecurity investments. It avoids partisan blame but underscores the need for sustained funding in infrastructure agendas, which could influence election-year debates on economic and security priorities.
This summary was generated by AI and may contain inaccuracies. Refer to the official source document for the authoritative text.
Sponsor
Rep. McDowell, Addison P. [R-NC-6]
Cosponsors (2)
Rep. Begich, Nicholas J. [R-AK-At Large], Rep. Garamendi, John [D-CA-8]
Recent Actions
- 2026-02-23: Referred to the Subcommittee on Transportation and Maritime Security.
- 2026-02-21: Referred to the Subcommittee on Coast Guard and Maritime Transportation.
- 2026-02-20: Referred to the Committee on Transportation and Infrastructure, and in addition to the Committee on Homeland Security, for a period to be subsequently determined by the Speaker, in each case for consideration of such provisions as fall within the jurisdiction of the committee concerned.
- 2026-02-20: Referred to the Committee on Transportation and Infrastructure, and in addition to the Committee on Homeland Security, for a period to be subsequently determined by the Speaker, in each case for consideration of such provisions as fall within the jurisdiction of the committee concerned.
- 2026-02-20: Introduced in House
- 2026-02-20: Introduced in House
Bill Versions
- Marine Transportation System Cybersecurity Budget and Evaluation Report Act of 2026 — issued 2026-02-20 — PDF (5 pages)