A recent Government Accountability Office (GAO) report has revealed significant cybersecurity vulnerabilities within the U.S. Maritime Transportation System (MTS), emphasizing the need for stronger U.S. Coast Guard oversight and strategic planning. The MTS, a critical infrastructure subsector handling trillions of dollars in goods and services annually, faces increasing cyber threats from nations like China, Iran, North Korea, and Russia, as well as transnational criminal organizations.
The report underscores the growing reliance of maritime facilities and vessels on internal and external networks, including internet-connected technology, which unfortunately increases their susceptibility to cyberattacks. Officials have already reported cyber incidents impacting port operations, and the potential for future, more severe disruptions is a major concern.
While the Coast Guard plays a crucial role in providing guidance, technical assistance, and conducting inspections to mitigate these risks, the GAO report identified several key areas needing improvement. A significant challenge is the Coast Guard’s difficulty in accessing complete, cybersecurity-related inspection data due to limitations in its Marine Information for Safety and Law Enforcement system. This lack of readily available information hinders effective oversight of facility and vessel operators, and impedes proactive prevention of cyberattacks.
Furthermore, GAO found that the Coast Guard’s current cyber strategy, while addressing some aspects, falls short of the key characteristics of an effective national strategy. Specifically, it lacks a comprehensive risk assessment of the MTS. This deficiency makes it difficult to ensure that resources are being directed to the most critical vulnerabilities.
Another area of concern is the Coast Guard’s cyber workforce. The report highlights the absence of fully developed competency requirements and a comprehensive assessment of competency gaps within the cyber workforce. Without a clear understanding of the necessary skills and existing deficiencies, the Coast Guard cannot guarantee its personnel are adequately equipped to address the complex cybersecurity challenges facing the MTS.
To address these shortcomings, the GAO report issued five key recommendations, all of which were concurred with by the Department of Homeland Security:
- Improve Data Accuracy: Implement procedures to ensure the accuracy of cybersecurity incident information.
- Enhance Data Accessibility: Update the case management system to provide ready access to complete data on cybersecurity deficiencies identified during inspections.
- Strengthen Cyber Strategy: Ensure the cybersecurity strategy fully addresses all key characteristics of an effective national strategy, including a thorough MTS risk assessment.
- Develop Competency Requirements: Define future competency needs for all personnel with MTS cyber responsibilities, and analyze gaps between current and future needs.
- Address Competency Gaps: Utilize the gap analysis to address any deficiencies in competencies, potentially through targeted training programs.
By implementing these recommendations, the Coast Guard can significantly improve its ability to protect the MTS from evolving cyber threats, safeguarding this vital component of the U.S. economy and national security.
Read the full GAO report here.
