Cyber threats to the Marine Transportation System (MTS) continued to surge last year, as more sophisticated perpetrators tried new ways to disrupt systems in U.S. vessels, shipyards, waterways, and port facilities, according to a newly released report from Coast Guard Cyber.
The 2023 Cyber Trends and Insights in the Marine Environment (CTIME) report noted an uptick in nation-state actors targeting critical U.S. infrastructure, including the MTS. In fact, incursions by China-sponsored Volt Typhoon, a group seeking to hack into U.S. infrastructure systems using network-facing devices, were part of what prompted a February Cyber Executive Order bolstering the Coast Guard’s authority to protect the MTS from cyber attacks.
For that reason, this year’s CTIME report is worth a look, and not just if you’re an operator, or industry partner in the MTS. Any Coast Guard unit or member who travels through the MTS or calls in at a U.S. port can benefit from being aware of cyber risks. In addition, the service is currently developing regulations that will allow the Coast Guard to require vessels and waterfront facilities to mitigate cyber incidents that could cause harm, and Captains of the Port can now prevent a suspect vessel from entering a harbor. (To learn more about how the recent executive order could change day-to-day work or careers for members check out MyCG’s Ask Me Anything on April 17.)
“As stewards of maritime trade, it is our collective responsibility to safeguard our ports and maritime infrastructure,” said Rear Adm. John C. Vann, commander Coast Guard Cyber.
“The consequences of a cyber attack on the port infrastructure extend far beyond financial losses. Disruptions to the supply chain can have cascading effects on global economies, impacting industries and livelihoods.”
Trends and Insights from 2023
- Ransomware attacks increased 80% in 2023. These attacks encrypt systems with the goal of locking users out of systems, then extorting the victim and demanding ransom for a decryption key. Perpetrators are becoming more sophisticated and requested ransoms have tripled.
- Maritime shipping companies, logistics and technology service providers; liquid natural gas processors (LNGP)and distributors; and petrochemical companies are common targets. It’s not difficult to imagine what could happen if a bad actor was able to alter mixtures, discharge, stop discharge, or even ignite these chemicals.
- Very basic cyber deficiencies persist. Patching and updating software, limiting network access, and implementing multi-factor authentication are foundational cybersecurity measures and would go a long way towards safeguarding systems.
- Network-connected operating technology (OT) in port facilities and shore-side are being targeted. These systems are particularly vulnerable to attack as they often rely on outdated software and network protocols, and insufficient access controls.
How CGCYBER operates
The CTIME report was developed by the Coast Guard’s Cyber Protection Teams (CPTs) and Maritime Cyber Readiness Branch (MCRB) based on operations, technical exchanges, and industry engagements in 2023.
The Coast Guard now has three Active Duty CPTs and one Reserve CPT. These teams work with partners and operators in the MTS, doing assessments, emulating threats, and using known attack techniques to evaluate system security. In 2023, CPTs were sent to hunt for nation-state bad actors. They were also deployed to help find vulnerabilities and better secure OT systems.
Not so fun fact: In two thirds of the MTS partner companies they tested last year, CPTs were able to access credentials through phishing emails.
CGCYBER’s MCRB and local Coast Guard units investigate cyber incidents and provide risk assessments. Each Area, District, and Sector Commander has a Marine Transportation Systems Specialist – Cyber (MTSS-C) to advise their command on cyber risks in the marine environment.
Worth knowing: In 2023, the MCRB investigated 46 cybersecurity incident reports (including phishing, ransomware attacks, and other cyber incidents). While the number of incidents decreased from 2022, the MCRB believes many incidents go undetected because companies fear the publicity.
Going forward, Marine Science Technicians (MST) will likely become the first line of defense in spotting cyber issues. The Coast Guard will soon begin training its 1,200 active-duty MSTs about the cyber issues they’ll need to look for.
You can take a deeper dive into the report here.
-USCG-
Resources:
In the news: