The 2023 Cyber Trends and Insights in the Marine Environment (CTIME) report by Coast Guard Cyber highlights an alarming rise in cyber threats to the U.S. Marine Transportation System (MTS). The report notes that cyberattacks have become more sophisticated, with nation-state actors increasingly targeting the infrastructure that supports U.S. vessels, shipyards, waterways, and port facilities. Particularly concerning were actions by the China-sponsored hacking group Volt Typhoon, which have prompted enhanced cybersecurity measures by the U.S. Coast Guard.
In response to the escalating threats, the Coast Guard has been granted increased authority to protect the MTS from cyber attacks, following a February Cyber Executive Order. This has led to new regulatory developments, enabling the Coast Guard to mandate cybersecurity measures for vessels and waterfront facilities. Moreover, Captains of the Port now have the authority to prevent potentially compromised vessels from entering harbors, significantly strengthening security protocols at these critical entry points.
Ransomware attacks specifically have surged by 80% in 2023, targeting sectors such as maritime shipping companies, logistics providers, and the petrochemical industry. These attacks typically involve encrypting systems to lock users out, followed by demands for ransom to release the decryption key. The report also points out persistent basic cybersecurity deficiencies among maritime entities, such as inadequate software patching, limited network access controls, and the lack of multi-factor authentication—all of which contribute to the vulnerability of the industry.
The Coast Guard’s Cyber Protection Teams (CPTs) and the Maritime Cyber Readiness Branch (MCRB) have been proactive in addressing these threats. Throughout 2023, they conducted operations and technical exchanges with industry partners, hunting for vulnerabilities and assessing system security. However, despite these efforts, many incidents may go unreported due to fears of negative publicity. Looking ahead, the Coast Guard is set to train its Marine Science Technicians (MSTs) as the first line of defense against future cyber threats, indicating a strategic shift towards enhanced cyber resilience in the maritime sector.
