GAO Report Warns of Cybersecurity Gaps in U.S. Maritime System

On February 11, 2025, the U.S. Government Accountability Office (GAO) released a report stating that the U.S. Coast Guard needs to take additional measures to address cybersecurity risks in the Maritime Transportation System (MTS).

The report identifies China, Iran, North Korea, Russia, and transnational criminal organizations as the primary cyber threats to the MTS. It also notes that MTS facilities and vessels are increasingly reliant on technologies vulnerable to cyberattacks. According to federal officials and industry representatives, cyber incidents have already disrupted port operations, and future incidents could have severe consequences.

The GAO outlines the Coast Guard’s ongoing efforts to support MTS owners and operators, including providing direct technical assistance, issuing voluntary cybersecurity guidelines, and sharing cyber threat intelligence. Additionally, the Coast Guard conducts facility and vessel inspections to identify and document cybersecurity deficiencies. However, the report highlights a significant issue: the Coast Guard’s current record-keeping system, the Marine Information for Safety and Law Enforcement (MISLE), does not provide easy access to comprehensive cybersecurity inspection data. GAO recommends updating this system to enhance oversight and prevent cyber threats more effectively.

The report also critiques the Coast Guard’s cybersecurity strategy, stating that while it includes objectives, scope, and methodology, it lacks key elements essential for an effective national strategy. Specifically, GAO notes deficiencies in problem definition and risk assessment, performance measures, resource allocation, and coordination roles. Addressing these gaps would ensure that the Coast Guard’s actions and resources target the most pressing cybersecurity risks.

Additionally, GAO points out that the Coast Guard has not fully implemented leadership practices to ensure its cybersecurity workforce has the necessary competencies to manage MTS cyber risks. The report states that the Coast Guard has not fully developed competency requirements or assessed skill gaps within its cyber workforce. Addressing these shortcomings would enhance the Coast Guard’s ability to mitigate cyber threats to the MTS.

GAO’s Five Key Recommendations:

1. Establish Documented Procedures for Cybersecurity Incidents: The Coast Guard should develop and implement procedures to ensure the accuracy of identified and monitored cybersecurity incidents.

2. Improve Case Management Systems: The system used for facility and vessel security inspections should provide easy access to detailed data on cybersecurity deficiencies.

3. Strengthen Cybersecurity Strategy: The Coast Guard should enhance its cybersecurity strategy to include a comprehensive risk assessment and align with national security principles.

4. Assess Future Workforce Competency Needs: The Coast Guard should identify the competencies required for personnel responsible for mitigating MTS cyber risks and analyze gaps between current and future needs.

5. Address Skill Gaps Through Training: Based on the competency gap analysis, the Coast Guard should take actions, such as training programs, to enhance its workforce’s cybersecurity capabilities.

The Department of Homeland Security (DHS) agreed with GAO’s recommendations, and the Coast Guard has outlined planned actions to address them.

Loading...

Taking too long?

Reload document

| Open in new tab