[Cyware] Coast Guard Battles Cyberthreats Amid Industry Resistance

Summary: This article discusses the industry’s reluctance to use Coast Guard cybersecurity services despite the increasing cyber threats.

Threat Actor: N/A
Victim: N/A

Key Point :

  • The industry is hesitant to utilize Coast Guard cybersecurity services due to concerns about sharing sensitive information and potential regulatory burdens.

Government
,
Industry Specific
,
Professional Certifications & Continuous Training

New Report Reveals Industry’s Reluctance to Use Coast Guard Cybersecurity Services

Coast Guard Battles Cyberthreats Amid Industry Resistance
A Coast Guard ship docked in the port of Key West, Florida (Image: Shutterstock)

Private sector stakeholders in the marine transportation system are “hesitant” to use critical cybersecurity services offered by the U.S. Coast Guard, according to a new report. This leaves the nation’s network of navigable waterways, ports and vessels susceptible to major security incidents and national security risks.

See Also: Webinar | Old-School Awareness Training Does Not Hack It Anymore

Only 36% of private industry stakeholders requested and received services from the cyber protection teams created by the Coast Guard in 2021 to enhance the cyber posture of the marine transportation system, according to a July report published by the Department of Homeland Security Office of Inspector General. The Coast Guard is tasked with protecting the U.S. maritime industry and commerce under the Maritime Transportation Security Act of 2002, but it lacks congressional authority to enforce private sector compliance with cybersecurity standards and best practices.

The military branch also lacks the necessary cybersecurity training, staffing and expertise to protect the marine transportation system, “which remains vulnerable to the exploitation, misuse or failure of cyber systems,” the report says.

The marine transportation system – which facilitates nearly $5.4 trillion in commerce and represents about 25% of the U.S. gross domestic product – is a prime target among cybercriminals, foreign adversaries and threat actors. The network faces an average of 2,244 cyberattacks per day, according to the latest available Coast Guard data.

The White House issued an executive order in February tasking the Coast Guard with developing minimum cybersecurity standards for the marine transportation system. Anne Neuberger, deputy national security adviser for cyber and emerging technology, told reporters at the time that the executive action would help strengthen the Coast Guard’s ability to mitigate emerging cyberthreats while requiring vessel operators to report incidents (see: Biden to Sign Executive Order Raising Maritime Cybersecurity).

Successful attacks against the marine transportation system have become increasingly common in the past few years. In 2022, the now-defunct LockBit group launched a ransomware attack that crippled Seattle-based logistics giant Expeditors International for three weeks, forcing the company to halt operations as it recovered from the incident. A ransomware attack by now apparently defunct ransomware group LockBit in 2022 paralyzed Seattle-based logistics and freight-forwarding giant Expeditors International for three weeks while operations were halted as it recovered from the attack. The company reported losing $47 million in cargo overstay fines assessed by ports and spending $18 million in incident-related costs.

In 2021, federal officials disclosed the Port of Houston had thwarted an attempted attack apparently launched by a nation-state attacker. The port annually moves more than 247 million tons of cargo.

The Office of Inspector General report says the Coast Guard has taken significant steps in recent years to address cybersecurity risks for vessels and facilities. It released the Marine Transportation System Cyber Incident Response Playbook in September 2022 and in 2023 provided guidance to area maritime security committees on developing plans that address cyber risks. The branch has also improved private sector reporting around maritime cyber incidents, according to the report.

But the report says industry stakeholders declined to consistently request Coast Guard services to improve their cybersecurity postures in the wake of reported cyber events. Inspections personnel “expressed a limited understanding of how to address cybersecurity when conducting inspections” and “did not feel confident reviewing cybersecurity as part of the inspection,” it says.

The DHS Inspector General recommends that U.S. Cyber Command, the Office of Port and Facility Compliance and the Office of Cyberspace Forces “regularly collaborate with each other” and with marine transportation stakeholders on cyber risk management activities. The report urges the Coast Guard to standardize cybersecurity training on enforceable authorities, complete and publish cybersecurity-specific regulations that provide enforcement authorities for facility and vessel inspections and refine job descriptions for marine transportation cybersecurity specialists.

DHS did not immediately respond to a request for comment. The department concurred with each of the inspector general’s recommendations in the report.

Source: https://www.bankinfosecurity.com/coast-guard-battles-cyberthreats-amid-industry-resistance-a-25779


“An interesting youtube video that may be related to the article above”