Coast Guard Cyber teams made history last year, helping interdict Dark Fleet vessels and engaging with AI cyber platforms for the first time ever.
But even as our cybersecurity specialists tackled advanced global missions, they found the biggest threats to ports and waterways here at home were often as basic as a phishing email.
Those are the primary takeaways from the newly released 2025 Cyber Trends and Insights in the Marine Environment (CTIME) report. The fifth edition of the annual report once again summarizes the work of CG Cyber Command throughout the Marine Transportation System (MTS) over the past year, identifying threats and offering recommendations on how operators and our other partners in the maritime community can protect their vital systems.
“The collaborative work between our exceptional workforce and our partners in the public and private sectors is the true foundation of our ability to secure our ports and waterways against any threat,” said Rear Admiral Jason Tama, Commander, U.S. Coast Guard Cyber Command.
Expanding our reach
Working alongside the Department of War (DoW) and Coast Guard tactical law enforcement teams, CGCYBER established cyber positive control, meaning we took command over the relevant digital systems of the seized tankers and ensured there were no cyber threats that could compromise their operational safety.
These rogue ships try to hide using spoofed tracking signals and pirated navigation software to evade international law. Ironically, the very tools they use to operate in the shadows leave their own systems highly vulnerable to cyber threats. Securing such systems prevents these potentially unseaworthy vessels from threatening the safety of the U.S. law enforcement teams onboard and overall global maritime security.
AI is not a magic bullet
We are also testing boundaries with Artificial Intelligence. In 2025, Cyber Protection Teams (CPTs) conducted seven missions against networks defended by AI cyber platforms.
Our conclusion? You can’t simply buy an AI tool, plug it in, and assume your security is handled. When properly configured, one AI platform spotted our team’s simulated attack in just 30 seconds. But when these tools were set up poorly, they saw nothing at all. Investing in AI means operators still must put in the work to configure, tune, and monitor any defenses.
Securing Operational Technology (OT)
As the maritime industry continues to modernize, more organizations understand the importance of securing their operational systems. Last year saw a massive 35% increase in demand for CGCYBER Operational Technology (OT) testing services. This highlights a growing recognition that we must aggressively protect the critical networks that keep operational systems running and our ports open.
Old threats still work
Despite the rise of AI and advanced hacking techniques, intruders are still getting in the old-fashioned way. In their missions last year, CPTs were able to successfully hack into an operator’s system 53 percent of the time with a simple phishing attack. So basic human error remains our biggest blind spot.
In one real-world case highlighted in the report, a scammer impersonated a maritime company’s CEO via email and stole nearly $50,000 using a fake invoice.
Other trends and insights from 2025
- 97% of organizations reported an AI-related security incident.
- Across all missions, CPTs cracked 4,605 passwords, among which 28 were privileged or service accounts.
- 273 Known Exploitable Vulnerabilities (KEV) were detected
Charting the next course
The MTS is becoming increasingly interconnected. This means a single compromise, especially in the Terminal Operating Systems (TOS) that run port operations, could potentially cripple an entire corporation.
To combat this, we must go back to the basics. First, we need to harden our systems: restricting public-facing login portals and properly segmenting networks will drastically reduce our attack surface. Second, we must build resilience into our critical business processes. This ensures that even if a cyber incident does occur, operations can keep running without interruption.
Looking toward the future, we have a dual mandate: to embrace cutting-edge technology to hunt down complex threats, while mastering the cybersecurity basics to protect our own house.
For an in-depth look at the data and recommendations, you can read the full report here.
This article by Kathy Murray was originally published on MyCG.
