Which agency primarily manages vessel cybersecurity policy?

The agency that primarily manages vessel cybersecurity policy is CGCYBER. This division of the Coast Guard is specifically focused on cybersecurity and serves to oversee and enhance the cybersecurity posture of the marine transportation system, including vessels. CGCYBER is responsible for developing policies, guidance, and directives related to the protection of information technology and operational technology connected to maritime systems, thereby ensuring the resilience and security of maritime operations against cybersecurity threats.

The other agencies mentioned, while they may have important roles in maritime safety and security, do not have the same primary focus on cybersecurity. CG-CVC is concerned with commercial vessel safety and compliance, CG-FAC deals with facilities, and MTSS-C focuses on port security and related concerns. None of these agencies possess the primary responsibility or expertise dedicated specifically to vessel cybersecurity policy as CGCYBER does, highlighting the specialized role of CGCYBER within the broader framework of maritime safety and security.