PRIA Logo
Start Free Watch
Back to search
Defense & SecurityHomeland Security

Maritime Port Security

9 min read·Updated Apr 21, 2026

Maritime Port Security

The Maritime Transportation Security Act (MTSA) of 2002 established the framework for securing America's ports, waterways, and maritime transportation system against terrorism and other threats. Administered by the Coast Guard under the Department of Homeland Security, the program requires vulnerability assessments, security plans at the national, regional, and facility level, and a biometric identification credential (TWIC) for workers accessing secure port areas.

Current Law (2026)

ParameterValue
Lead agencyU.S. Coast Guard (DHS)
Security plansNational, Area, facility, and vessel levels
TWIC credentialRequired for access to secure areas of MTSA-regulated facilities and vessels
Port security grantsRisk-based allocation to port authorities, facility operators, state/local agencies
Foreign port assessmentsCoast Guard evaluates antiterrorism measures at foreign ports serving U.S. trade
Deployable forcesSpecialized maritime security teams established by statute
  • 46 U.S.C. § 70101 — Definitions (defines key terms including "transportation security incident," "Area Maritime Transportation Security Plan," and "cybersecurity risk")
  • 46 U.S.C. § 70102 — United States facility and vessel vulnerability assessments (directs the Secretary to assess vessel types and facilities to identify high-risk targets for transportation security incidents)
  • 46 U.S.C. § 70103 — Maritime transportation security plans (requires a National Maritime Transportation Security Plan and subordinate Area Maritime Transportation Security Plans for each Coast Guard Captain of the Port zone)
  • 46 U.S.C. § 70104 — Transportation security incident response (establishes response plans for vessels and facilities involved in security incidents; integrates with FEMA response frameworks)
  • 46 U.S.C. § 70105 — Transportation Worker Identification Credential (TWIC) (prescribes biometric identification requirements for individuals accessing secure areas of vessels and facilities)
  • 46 U.S.C. § 70106 — Deployable, specialized forces (establishes maritime security teams to safeguard vessels, harbors, ports, facilities, and cargo)
  • 46 U.S.C. § 70107 — Grants (creates a risk-based grant program for implementing Area Maritime Transportation Security Plans and facility security plans)
  • 46 U.S.C. § 70108 — Foreign port assessment (requires Coast Guard assessment of antiterrorism effectiveness at foreign ports serving U.S.-documented vessels)
  • 46 U.S.C. § 70109 — Notifying foreign authorities (directs notification to foreign governments when their ports are found to lack effective antiterrorism measures)
  • 46 U.S.C. § 70110 — Actions for foreign ports and U.S. territories (authorizes conditions on entry to U.S. waters for vessels arriving from ports with inadequate security, up to and including denial of entry)
  • 14 U.S.C. § 311 — Captains of the port (Commandant may appoint officers as port captains with broad authority over vessel movements, port operations, and safety/security in U.S. waters — the Coast Guard's primary port-level authority)
  • 14 U.S.C. § 522 — Coast Guard law enforcement (boarding and inspection authority: Coast Guard may board and inspect any vessel on the high seas or in U.S. waters to prevent, detect, and stop violations of U.S. law without a warrant)
  • 14 U.S.C. § 527 — Safety of vessels of the Armed Forces (Secretary may control vessel anchoring and movement in navigable waters to protect armed forces vessels; if Secretary has not acted, the senior Coast Guard officer present may take immediate action)

How It Works

Maritime port security operates through a layered system of assessments, plans, credentials, and enforcement. At the top level, the Coast Guard maintains a National Maritime Transportation Security Plan that sets standards and coordinates federal, state, local, and private-sector efforts. Below that, Area Maritime Transportation Security Plans cover each Captain of the Port zone — roughly corresponding to major port regions — tailoring security measures to local geography, traffic patterns, and threats.

Individual facilities (terminals, refineries, chemical plants adjacent to navigable waters) and vessels must develop and implement their own security plans, approved by the Coast Guard. These plans address access control, restricted areas, cargo handling security, surveillance, communications, and incident response procedures.

The broader legal framework for maritime commerce, including vessel documentation and maritime liens, operates alongside port security requirements. The Transportation Worker Identification Credential (TWIC) is the program's most visible feature for workers. Anyone needing unescorted access to secure areas of MTSA-regulated facilities or vessels must hold a valid TWIC — a biometric (fingerprint-based) credential issued by TSA after a security threat assessment including criminal history, immigration status, and terrorism database checks. The credential requirement affects hundreds of thousands of port workers, truck drivers, merchant mariners, and longshoremen.

The Coast Guard also conducts vulnerability assessments of U.S. facilities and vessel types to identify high-risk targets. These assessments inform both security plan requirements and the allocation of port security grants, which flow to port authorities, facility operators, and state and local agencies on a risk-based formula.

Port security also intersects with Customs and Border Protection screening of cargo and admiralty law governing vessel operations. Internationally, the Coast Guard assesses antiterrorism measures at foreign ports that serve vessels trading with the United States. When a foreign port is found deficient, the U.S. notifies the foreign government and recommends improvements. If deficiencies persist, the Secretary can impose conditions on vessels arriving from that port — including denying entry to U.S. waters entirely.

The statute also establishes deployable specialized forces — maritime security teams that can be surged to ports facing elevated threats. These forces supplement the Coast Guard's standing presence with additional capabilities for high-risk situations.

How It Affects You

If you work at a port, terminal, marine facility, or need unescorted access to a secure waterfront area, you need a Transportation Worker Identification Credential (TWIC) — the biometric ID card that proves TSA has conducted a security threat assessment on you. The TWIC application process: apply at a TSA enrollment center (tsa.gov/for-industry/twic), submit fingerprints, pay the $125.25 enrollment fee (reduced to $99.75 if you already hold a HazMat endorsement), and wait approximately 7–9 weeks for processing. TSA conducts a criminal history, immigration status, and terrorism database check. Permanent disqualifying offenses — including espionage, treason, and certain violent crimes — result in automatic denial. Interim disqualifying offenses (felony drug convictions within 7 years, certain felonies within 7 years) can also result in denial but may be waived. The TWIC card is valid for 5 years and must be renewed before expiration; you cannot continue working in secure areas with an expired TWIC. If you're denied a TWIC, you have the right to appeal and to seek a waiver for certain offenses — the TSA appeals process is described at tsa.gov/for-industry/twic-waiver-process. If you work at a facility that uses electronic TWIC readers, your card is verified biometrically; some facilities still conduct visual inspections, which provide less security assurance.

If you're a vessel operator, shipping company, or maritime carrier operating at U.S. ports, your MTSA compliance obligations fall into two tracks: the vessel and its crew. Every MTSA-regulated vessel must have a Vessel Security Plan (VSP) approved by the Coast Guard — a living document covering access control, restricted areas, cargo security, surveillance, communications, drills, and incident response. Your designated Vessel Security Officer (VSO) is responsible for implementing and maintaining the plan. The Coast Guard assesses MARSEC (Maritime Security Condition) levels — MARSEC 1 (baseline), MARSEC 2 (heightened), MARSEC 3 (imminent threat) — and facilities and vessels must escalate their security measures accordingly. Drills are required at minimum intervals: crew security drills at least every 3 months, full-scale exercises annually. Coast Guard Port State Control (PSC) officers board foreign-flagged vessels calling at U.S. ports and inspect for MTSA compliance — deficiencies can result in a vessel being detained until corrected. The cybersecurity requirements in Vessel Security Plans are actively expanding following the Coast Guard's 2024-2026 rulemaking; cyber incident reporting and network segmentation requirements are moving toward mandatory standards for commercial vessels.

If you manage or operate a waterfront facility — a marine terminal, bulk liquid terminal, cruise ship pier, ferry terminal, or other MTSA-regulated facility — your Facility Security Plan (FSP) is your central compliance document. The FSP must address access control (identifying who may enter secure areas and how), restricted zones, cargo handling security, personnel identification, surveillance systems, communications, drills, and recordkeeping. The Coast Guard's Captain of the Port (COTP) approves your FSP and verifies compliance through periodic inspections. MARSEC level escalations require you to implement pre-planned additional security measures on short notice — your FSP should include specific measures for each MARSEC level. Civil penalties for MTSA violations can reach $25,000 per day per violation. The Port Security Grant Program (fema.gov/port-security-grant-program) provides risk-based federal funding to help facilities implement security improvements — port authorities and facility operators in high-risk areas should check their eligibility annually. The Chinese crane cybersecurity issue identified in 2024 is increasingly relevant for terminal operators with ZPMC-manufactured ship-to-shore cranes — coordinate with your IT security team and the Coast Guard's cyber team on risk mitigation.

If you're an importer, cargo owner, or trade logistics professional, MTSA's foreign port assessment authority directly affects your supply chain. When the Coast Guard finds that a foreign port lacks adequate antiterrorism measures, vessels arriving from that port face additional inspections, delays, or — in extreme cases — denial of entry to U.S. ports. Importers can reduce these risks and accelerate cargo processing by joining C-TPAT (Customs-Trade Partnership Against Terrorism, administered by CBP at cbp.gov/trade/trusted-trader-programs/ctpat) — a voluntary program where importers commit to specific supply chain security standards in exchange for expedited processing, reduced exam rates, and front-of-line positioning. C-TPAT Tier 3 certified importers receive the highest level of trusted trader benefits. Even with C-TPAT certification, only a fraction of inbound containers receive physical examination — the screening system relies heavily on CBP's National Targeting Center pre-arrival risk scoring, which assesses manifests, carrier history, and shipper profiles. If a container is flagged for examination, you can expect 3–5 day delays at minimum; a full physical exam (devanning) can take longer and creates re-stuffing costs.

State Variations

Maritime port security is exclusively federal law administered by the Coast Guard. However, state and local agencies play significant roles:

  • State and local law enforcement often participate in Area Maritime Security Committees
  • Port authorities (state or local entities) implement facility security plans and receive federal grant funding
  • Some states have additional port security requirements beyond the federal baseline
  • State and local first responders integrate with federal incident response plans

Implementing Regulations

  • 33 CFR Part 101 — Maritime security general (MARSEC directives, TWIC requirement, electronic TWIC inspection, Risk Group A requirements)
  • 33 CFR Part 103 — Area Maritime Security (FMSC designation, AMS Committee composition/responsibilities, AMS Assessment elements)

Pending Legislation

  • HR 6507 — Standardize DHS grant deadlines, 30-day application windows, 54-month spending periods for port security grants. Status: In committee.
  • S 1541 (Sen. Kelly, D-AZ) — Boost U.S. shipbuilding with $20B Maritime Security Trust Fund, workforce upgrades, cargo-preference rules. Status: Introduced.
  • HR 2510 (Rep. Garbarino, R-NY) — Create U.S.-Israel-Greece-Cyprus counterterrorism and maritime security training program. Status: Introduced.

Recent Developments

  • Chinese-manufactured port cranes designated a national security threat: The Biden administration identified ship-to-shore cranes manufactured by ZPMC (Zhenhua Port Machinery Company, a subsidiary of Chinese state-owned COSCO Shipping) as a potential espionage and sabotage risk. Approximately 80% of large ship-to-shore cranes at major U.S. ports are ZPMC-manufactured; Coast Guard and CISA investigations found that crane control systems contained communications equipment capable of transmitting operational data. Trump Executive Order 13873 (2019) and subsequent directives required federal agencies to review and mitigate risks from Chinese-manufactured port infrastructure. The Port Infrastructure Development Program now prioritizes domestic or allied-nation crane sourcing for new acquisitions. ZPMC cranes already installed present a longer-term remediation challenge — replacing them involves multi-billion-dollar capital costs.
  • Coast Guard maritime cybersecurity authority expanded and exercised: The Maritime Transportation Security Act, as amended, now explicitly includes cybersecurity requirements in Facility Security Plans and Vessel Security Plans. The Coast Guard issued a cybersecurity marine safety information bulletin (MSIB) series and began incorporating cyber assessments into facility security inspections. A Coast Guard rulemaking to formalize cybersecurity requirements for Outer Continental Shelf facilities, vessels, and MTSA-regulated facilities is in progress as of 2026 — proposing standardized incident reporting, network segmentation requirements, and crew cybersecurity training for commercial vessels.
  • Francis Scott Key Bridge collapse (March 2024) tested port security and continuity protocols: The collapse of Baltimore's Francis Scott Key Bridge after a container ship allision closed the Port of Baltimore for weeks and blocked the Patapsco River channel. The incident tested the inter-agency coordination structure under MTSA — Coast Guard, MARAD, Army Corps of Engineers, FEMA, and state emergency management all engaged simultaneously. The port closure demonstrated the economic cascading effects when a major port is taken offline: approximately $100 million/day in cargo throughput disruption at peak. The incident renewed attention to bridge vulnerability assessments for bridges over navigable waterways, which the Coast Guard and Army Corps assess but cannot directly protect.
  • Container cargo inspection rates remain low despite screening advances: CBP's National Targeting Center pre-screens all manifest data for inbound containers, but physical examination rates for sea containers remain under 5% nationally. The Container Security Initiative inspects cargo at foreign ports before loading at origin; the Customs-Trade Partnership Against Terrorism (C-TPAT) certifies trusted importers for expedited processing. Despite technology advances in non-intrusive inspection (NII) equipment, the volume of container traffic (approximately 50 million TEUs per year) means that comprehensive physical inspection is operationally impossible. A radiological or chemical weapon concealed in a container remains one of the highest-consequence, lower-probability threat scenarios MTSA security frameworks are designed to detect.