The U.S. Government Accountability Office (GAO) recently released a statement identifying “significant and increasing” cybersecurity risks to the Maritime Transportation System (MTS) and highlighting gaps in the U.S. Coast Guard’s oversight and strategic planning.
The GAO’s latest report outlines critical vulnerabilities and provides recommendations to enhance cybersecurity protections for maritime facilities and vessels.
The report underscores the increasing cyber threats posed by state-sponsored actors, transnational criminal organizations, and other malicious entities. According to the 2024 Annual Threat Assessment of the U.S. Intelligence Community, adversaries such as China, Iran, North Korea, and Russia remain the most significant cyber threats to the MTS. Additionally, hackers and insider threats present growing concerns, as the accessibility of commercial cyberattack tools has lowered the barrier for launching disruptive cyber incidents, the report said.
MTS facilities and vessels rely on interconnected networks and digital systems, making them vulnerable to cyberattacks that could disrupt port operations and cargo movement. The GAO cited previous cyber incidents that affected maritime operations and warned that future attacks could have severe consequences for national security and the economy.
The report highlighted the Coast Guard’s role in assisting and overseeing cybersecurity efforts within the MTS. It provides technical support, voluntary cybersecurity guidelines, and cyber threat intelligence to maritime operators. The agency also conducts facility and vessel inspections to identify cybersecurity deficiencies.
Just last month, the Coast Guard finalized new maritime security regulations to address evolving cybersecurity risks within MTS.
However, the GAO found that the Coast Guard lacks a streamlined method to access complete cybersecurity-related inspection data, limiting its ability to oversee and mitigate risks effectively.
The Coast Guard’s Marine Information for Safety and Law Enforcement (MISLE) system does not allow for efficient retrieval of cybersecurity deficiency data, GAO said. The GAO recommends that the Coast Guard update its system to provide better access to this information, improving oversight and responsiveness to cyber threats.
Although the Coast Guard has developed a cybersecurity strategy for the MTS, the GAO found that it does not fully align with key national strategy characteristics. GAO stated that by refining the Coast Guard’s cyber strategy to fully address these areas, the agency could better prioritize cybersecurity risks and allocate resources more effectively.