GAO calls on Coast Guard to improve cyber for Maritime Transportation System

A team from the U.S. Coast Guard Academy participated in the National Security Agency’s 20th annual National Cyber Exercise (NCX), a three-day cyber competition that tests the offensive and defensive cybersecurity skills virtually, April 8-10, 2021.(U.S. Coast Guard photo by Petty Officer 2nd Class Hunter Medley)

WASHINGTON  — The Government Accountability Office released a report today calling for the US Coast Guard to improve the cybersecurity infrastructure of the Maritime Transportation System (MTS), the complex network of ports, waterways, ships and other vessels that are used to transport goods and passengers. 

The government watchdog found several gaps in the MTS’s cybersecurity practices in its study, which was conducted as a result of the 2023 National Defense Authorization Act. These include inconsistencies in cyber incident data, incompetencies in cyber professionals and a lack of a cohesive cybersecurity strategy to protect the MTS. 

“Owners and operators of maritime facilities and vessels (MTS owners and operators) collectively manage these goods and services via technology systems that are often interconnected with internal and external systems and networks, including the internet,” the report explained. 

“Although these technologies facilitate MTS operations, they are also vulnerable to cyberattacks with the potential to cause significant and catastrophic damage to maritime infrastructure. Consequently, the safe operation of the MTS is critical to our national and economic security.” 

The report emphasizes that the Coast Guard must fill the gaps as the MTS, which handles more than $5.4 trillion in goods and services annually, “faces significant and increasing cybersecurity risks” from China, Iran, North Korea and Russia and other “transnational criminal organizations.” Additionally, the increasing reliance on technology makes the MTS more susceptible to cyber threats. 

Related: US cyber vulnerabilities fuel N. Korea’s nuclear arsenal, but solutions are near: DARPA official

The GAO outlined five recommendations the Coast Guard should implement to ensure the MTS is resilient against cyber attacks:  

• Develop and implement procedures to ensure the accuracy of cybersecurity incident information; 
• Provide complete access to information on specific cybersecurity deficiencies identified during facility and vessel security inspections;
• Ensure its cybersecurity strategy and plans address the key characteristics of an effective and cohesive national strategy, which include a full inspection of cybersecurity risks to the MTS;
• Determine competency needs for cyber personnel and identify the gaps between current competencies and future needs; and
• Address the gaps between current and future competencies through training 

The Department of Homeland Security concurred with all five recommendations and provided the Coast Guard’s planned actions to address them. 

“Although the maritime critical infrastructure subsector is owned and operated by private industry and state and local governments, the federal government has a significant role in addressing cybersecurity risks facing the MTS,” the report reads.