The U.S. Government Accountability Office (GAO) recently released a statement identifying “significant and increasing” cybersecurity risks to the Maritime Transportation System (MTS) and highlighting gaps in the U.S. Coast Guard’s oversight and strategic planning.
The GAO’s latest report outlines critical vulnerabilities and provides recommendations to enhance cybersecurity protections for maritime facilities and vessels.
The report underscores the increasing cyber threats posed by state-sponsored actors, transnational criminal organizations, and other malicious entities. According to the 2024 Annual Threat Assessment of the U.S. Intelligence Community, adversaries such as China, Iran, North Korea, and Russia remain the most significant cyber threats to the MTS. Additionally, hackers and insider threats present growing concerns, as the accessibility of commercial cyberattack tools has lowered the barrier for launching disruptive cyber incidents, the report said.
MTS facilities and vessels rely on interconnected networks and digital systems, making them vulnerable to cyberattacks that could disrupt port operations and cargo movement. The GAO cited previous cyber incidents that affected maritime operations and warned that future attacks could have severe consequences for national security and the economy.
The report highlighted the Coast Guard’s role in assisting and overseeing cybersecurity efforts within the MTS. It provides technical support, voluntary cybersecurity guidelines, and cyber threat intelligence to maritime operators. The agency also conducts facility and vessel inspections to identify cybersecurity deficiencies.
Just last month, the Coast Guard finalized new maritime security regulations to address evolving cybersecurity risks within MTS.
However, the GAO found that the Coast Guard lacks a streamlined method to access complete cybersecurity-related inspection data, limiting its ability to oversee and mitigate risks effectively.
The Coast Guard’s Marine Information for Safety and Law Enforcement (MISLE) system does not allow for efficient retrieval of cybersecurity deficiency data, GAO said. The GAO recommends that the Coast Guard update its system to provide better access to this information, improving oversight and responsiveness to cyber threats.
Although the Coast Guard has developed a cybersecurity strategy for the MTS, the GAO found that it does not fully align with key national strategy characteristics. GAO stated that by refining the Coast Guard’s cyber strategy to fully address these areas, the agency could better prioritize cybersecurity risks and allocate resources more effectively.
The report highlighted the Francis Scott Key Bridge allision with containership Dali in March 2024. Though that event was not the result of a cyberattack, GAO said its correspondence with Coast Guard officials and a nonfederal organization noted that a cyberattack on a large vessel of that size could lead to a similar result.
GAO also identified shortcomings in the Coast Guard’s cybersecurity workforce development, noting the service has not fully defined competency requirements or assessed workforce gaps. Without a comprehensive workforce strategy, the Coast Guard may struggle to recruit, train, and retain personnel capable of mitigating cyber threats to the MTS, GAO said.
GAO issued five recommendations to strengthen cybersecurity protections for the maritime sector, including MISLE upgrades that they estimate would improve access to cybersecurity deficiency data for better oversight, enhancing cyber strategy to align the Coast Guard’s cyber strategy with all key national strategy characteristics, assessing workforce competency gaps to better define cybersecurity competency requirements and address workforce deficiencies, allocating resources to ensure cybersecurity funding and staffing levels meet strategic goals, and improving coordination efforts intended to strengthen collaboration among federal agencies, industry stakeholders, and international partners.
GAO said the Department of Homeland Security (DHS) has concurred with these recommendations and is expected to take steps to implement them.
The GAO report highlighted MTS as a critical infrastructure sector, handling over $5.4 trillion in goods and services annually. Cyberattacks on maritime facilities and vessels could disrupt global supply chains, threaten national security, and cause significant economic losses. GAO said strengthening cybersecurity measures is essential to protecting maritime operations from evolving cyber threats.
The GAO report serves as a call to action for the Coast Guard and maritime stakeholders to address vulnerabilities and enhance cyber resilience across the MTS. As cyber threats continue to evolve, proactive measures will be crucial to safeguarding the integrity and efficiency of U.S. maritime operations.
