An official website of the United States government
A .mil website belongs to an official U.S. Department of Defense organization in the United States.
A lock (lock ) or https:// means you’ve safely connected to the .mil website. Share sensitive information only on official, secure websites.

My Coast Guard

Subscribe to receive MyCG updates

Commentary | May 19, 2025

Modernization increases cybersecurity challenges in the Marine Transportation System (MTS)

By Kathy Murray, Senior Writer, MyCG

Improved satellite connectivity has made vessels more efficient at sea, but it has also left their operations and network systems more vulnerable to cyber-attacks. 

That is one of the main takeaways from a newly released report, which lays out threats to the Marine Transportation System (MTS) that Coast Guard Cyber identified in 2024, as well as ways operators can strengthen their cyber defenses against them. 

The fourth annual Cyber Trends and Insights in the Marine Environment (CTIME) report is once again a must-read for any operator, industry partner, or Coast Guard member who works in or travels through the MTS. The 2024 edition describes how the blurring separation between the information technology (IT) and operational technology (OT) that powers ships, machinery, and port facilities has increased the risk of a physical attack in the MTS.  It is easier to hack into an onshore enterprise network and disrupt the operations of ship, for example, if that ship is constantly connected.   

In addition, the CTIME report underscores ongoing vulnerabilities with ship-to-shore cranes manufactured in China, which came to light after a Congressional investigation last year. Some 80 percent of the cranes that load and unload container ships in American ports are made by Zhenhua Heavy Industry Limited (ZPMC), which is controlled by the Chinese government. While Coast Guard Cyber Protection Teams (CPTs) have not observed any active malicious cyber activity on cranes, the potential for a threat actor to gain backdoor access and disrupt crane and port operations exists. The report also includes ways to mitigate these risks. 

There was also good news: While common cybersecurity vulnerabilities were still observed, baseline cybersecurity posture has improved across the MTS in 2024. This was aided by widespread adoption of multi-factor authentication (MFA), technical improvements against phishing, better password policy enforcement, and a decrease in successful CPT phishing and brute force password cracking attempts. 

Other trends and insights from 2024 

  • Cyber incidents and CPT missions involving cloud systems and services increased. A majority of our partners use cloud-based infrastructure, but many don’t understand that they still have security responsibilities even with a cloud service provider. Some 40% of Incident Response missions observed adversaries attempting to gain access to cloud infrastructure, so having defenses in place is essential. 
  • Reported attacks from nation-state actors, such as Salt Typhoon, continue to rise. 
  • Some 42% of hackers gained access through phishing, leaked credentials, and brute force password cracking. Administrator accounts remained the primary targets, and their compromise often led to the most damaging cyber incidents. This highlights the need for user awareness training for employees. 
  • For the first time in 2024, CGCYBER tracked partners using Managed Security Service Providers (MSSP). 73% of mission partners used MSSP to outsource their cybersecurity monitoring and management. 
  • There was a slight uptick in marine environment partners requesting CPT support as CGCYBER achieved a record high operational tempo of 42 marine environment missions. 

How CGCYBER operates 

The CTIME report was developed by the Coast Guard’s CPTs and Maritime Cyber Readiness Branch (MCRB) based on operations, technical exchanges, and industry engagements in 2024.   

The Coast Guard now has three active duty CPTs and one reserve CPT. These teams work with partners and operators in the Marine Transportation System (MTS), conducting assessments, emulating threats, and using known attack techniques to evaluate system security. In 2024, CPTs were deployed to help find vulnerabilities and better secure OT systems. 

Not so fun fact: There was a 71% year-over-year increase in the use of stolen or compromised credentials in reported cyber incidents and CPTs discovered default credentials on over two thirds of missions.  

CGCYBER’s MCRB and local Coast Guard units investigate cyber incidents and provide risk assessments. Each Area, District, and Sector Commander has a Marine Transportation Systems Specialist – Cyber (MTSS-C) to advise their command on cyber risks in the marine environment.  

For an in-depth look at the report, click here

-USCG- 

Resources: 

feature news cyber security CTIME

The U.S. Department of Defense is committed to making its electronic and information technologies accessible to individuals with disabilities in accordance with Section 508 of the Rehabilitation Act (29 U.S.C. 794d), as amended in 1998. DoD websites use the WCAG 2.0 AA accessibility standard.

For persons with disabilities experiencing difficulties accessing content on a particular website, please use the form DoD Section 508 Form.  In this form, please indicate the nature of your accessibility issue/problem and your contact information so we can address your issue or question. If your issue involves log in access, password recovery, or other technical issues, contact the administrator for the website in question, or your local helpdesk.