A new report from the Department of Homeland Security (DHS) Office of Inspector General (OIG) says that the United States Coast Guard needs to do more to improve the cybersecurity of the Marine Transportation System (MTS) in order to better protect the U.S. supply chain.
The Coast Guard plays a key role in securing the MTS, which the OIG said facilitates the transport of almost $5.4 trillion in commerce – representing about 25 percent of the U.S. gross domestic product.
While the Coast Guard – which is a DHS component agency – has taken some steps to better secure the MTS, the OIG said the Coast Guard “faces challenges fully implementing cybersecurity readiness efforts.”
For instance, in 2021, the Coast Guard established cybersecurity teams that could help industry partners and stakeholders prevent malicious cyberspace activity. However, the OIG said that “private industry stakeholders have not fully adopted these services.”
“Stakeholders in only 36 percent of Coast Guard’s sectors requested and received these services,” the report says. “Coast Guard faced these challenges because industry stakeholders are hesitant to use the cybersecurity services offered.”
The OIG also said that while the Coast Guard often conducts assessments of vessels, these do not always include a cybersecurity check-up. “This occurred because Coast Guard does not have the authority or training to enforce private industry compliance with standard cybersecurity practices,” the report states.
This means that the Coast Guard could identify a vulnerability in a vessel, but it can’t mandate how the vessel resolves the issue – as it could with a physical safety violation, for example.
Additionally, the report found that the Coast Guard is not “adequately staffed” to have cybersecurity expertise for industry stakeholders or for facility and vessel inspections.
“Overcoming these challenges will better enable Coast Guard to protect the MTS, which remains vulnerable to the exploitation, misuse, or failure of cyber systems. This continued cyber vulnerability may lead to injury or death, harm the marine environment, or disrupt vital trade activity,” the OIG warns.
The DHS OIG offered four recommendations to address each of these issues and ultimately improve the Coast Guard’s cyber readiness. The Coast Guard agreed with all four of the recommendations.
