The Government Accountability Office (GAO) recommended this week that the U.S. Coast Guard update its oversight standards and cybersecurity protections for vessels and facilities within maritime transportation system (MTS) which include waterways, ports, and land connections.
The GAO report released on Feb. 11 found that MTS already face significant cybersecurity risks including from threat actors and technology vulnerabilities, along with cybersecurity incidents which have already impacted port operations.
While the Coast Guard has measures in place to address these threats, GAO found that the Coast Guard remains unable to access complete inspection results about MTS cybersecurity.
“Updating its system to provide ready access to complete information on all cybersecurity-related deficiencies would help the Coast Guard better provide oversight of owners and operators and help position the service to prevent cyberattacks that could impact the MTS,” the report reads.
The GAO report also finds the Coast Guard’s current cybersecurity strategy does not address key characteristics for an “effective national strategy.”
The report says that the current cyber strategy only “partially addresses” four key components of national strategy on cybersecurity including: problem definition and risk management, goals, subordinate objectives, activities, and performance measures, resources and investments, and roles, responsibilities, and coordination.
The report also found several gaps in competency requirements, assessments, and training related to cybersecurity awareness.
Based on those findings, GAO offered five recommendations to the Coast Guard and said it plans to monitor the implementation of their recommendations.
The recommendations include that the Coast Guard develop procedures to ensure accuracy of cybersecurity incident reports and update its record system to provide more complete access to cyber deficiency data.
“Implementing procedures to identify and track accurate cybersecurity incident information would help strengthen the Coast Guard’s ability to prevent or mitigate disruptions that could jeopardize billions in critical commerce,” the report reads.
GAO also recommended the Coast Guard ensure that its cyber strategy plans align with the characteristics of a national strategy listed in its findings, and for the Coast Guard to analyze, assess and address workforce competency gaps.
“Developing competency requirements for all its personnel with MTS cyber responsibilities and addressing any identified gaps could improve Coast Guard’s efforts to effectively manage cyber risks to the MTS,” the report reads.
The Department of Homeland Security (DHS) concurred with all of GAO’s recommendations.
