(WASHINGTON) — U.S. Coast Guard Cyber Command has released its fourth annual Cyber Trends and Insights in the Marine Environment (CTIME) report. The Coast Guard continues its commitment to securing critical systems in the Marine Transportation System (MTS) by collaborating with the maritime industry to share best practices and provide insights into evolving cyber risks.
In the modern MTS, the interconnectedness of operational technology and information technology increases the risk of cyberattacks. CTIME expands on these recent findings derived from engagements with MTS partners throughout 2024, conducted by Coast Guard Cyber Protection Teams (CPTs) and the Maritime Cyber Readiness Branch.
“The adoption of new technologies continues to drive operational efficiencies while also creating new vulnerabilities and attack vectors. CGCYBER is committed to partnering with industry to address this evolving threat landscape and protect the Marine Transportation System in cyberspace,” said Rear Adm. Jason Tama, commander, U.S. Coast Guard Cyber Command.
Four key takeaways from the report include:
• Supply chain risks and other observed vulnerabilities exist within ship-to-shore cranes manufactured in China. While every crane configuration and employment method varies, the Coast Guard has identified several best practices that should be applied to mitigate some of the most common vulnerabilities.
• Improved connectivity and the proliferation of networked technology create new cyber risks for vessels. With improvements in satellite networks and more networked technology, vessels are more integrated with their company’s enterprise networks than ever before. While there are significant operational benefits, this creates cybersecurity risks that did not exist before. Cyberattacks impacting a company’s enterprise network are now far more likely to impact shipboard
information technology (IT) systems and potentially impact vessel operations.
• There was an uptick in cyberincidents and CPT missions involving cloud systems and services. Cloud services are now utilized by a majority of organizations in the MTS; however, there continues to be a misunderstanding of security responsibilities. A misconception that the cloud service provider owns all the security responsibilities persists, but companies using cloud computing still retain (at least) partial responsibility for security of their systems and data.
• Similar cybersecurity vulnerabilities were observed in previous CTIME reports, however the baseline cybersecurity posture has been improved across the Marine Transportation System. Widespread adoption of multi-factor authentication and technical improvements against phishing have helped drive this change, but there is still much more work to do. Effective cybersecurity requires vigilance and continuous improvement.
The full report contains insights and recommendations valuable for all Coast Guard units and organizations ranging from large, cyber-mature organizations to small businesses looking to build out their own cybersecurity programs.
– Coast Guard Maritime Commons
