New Report Warns Of Critical Weakness At U.S. Ports, Leaving Them Vulnerable To Cyber Attacks

The U.S. Maritime Transportation System (MTS), which is responsible for handling over $5.4 trillion worth of goods and services annually, is facing increasing cybersecurity risks from foreign countries and criminal organisations.

A new report from the Government Accountability Office (GAO) reveals critical weaknesses in the Coast Guard’s ability to monitor and mitigate these risks, warning that oversight gaps could leave U.S. ports vulnerable to cyber attacks.

The GAO identifies China, North Korea, Iran, Russia, and transnational criminal organisations as the primary cyber threats to U.S. ports, vessels, and maritime facilities.

With growing reliance on digital systems, the risk of cyber-attacks has increased, and past incidents have already disrupted port operations. The report warns that future cyber intrusions could cause severe economic and security consequences.

The Coast Guard provides cybersecurity guidance, voluntary best practices, and direct technical assistance to facility and vessel operators to counter these threats. It also conducts security inspections to identify vulnerabilities.

However, the GAO report points to a major flaw- the Coast Guard lacks quick and complete access to cybersecurity inspection results, making it harder to track and address risks effectively.

The Coast Guard uses the Marine Information for Safety and Law Enforcement (MISLE) system to document facility and vessel inspections, including cybersecurity deficiencies.

However, the system does not allow easy retrieval of cyber-related inspection data, limiting the agency’s ability to oversee risks.

In response, the GAO has made five key recommendations to strengthen maritime cybersecurity:

• Improve Cyber Incident Tracking- Establish clear procedures to ensure cybersecurity deficiencies identified during inspections are accurately recorded and monitored.
• Enhance Access to Cybersecurity Data- Upgrade the Coast Guard’s case management system to provide complete and easily accessible records of cyber vulnerabilities.
• Strengthen Cybersecurity Strategy- Revise the Coast Guard’s cyber strategy to fully address national security risks and align with best practices.
• Analyse Workforce Competency Gaps- Assess the current and future cybersecurity skills required for Coast Guard personnel responsible for securing the MTS.
• Implement Targeted Training Programs- Develop and implement training to address cybersecurity skill gaps within the Coast Guard.

In November 2024, the Coast Guard issued MARSEC Directive 105-5, which focuses on cybersecurity risks linked to Chinese-made ship-to-shore cranes.

These cranes, built by Shanghai Zhenhua Heavy Industries (ZPMC), dominate 80% of U.S. port infrastructure, raising fears of espionage.

Investigations by the FBI found intelligence collection devices on ZPMC cranes at the Port of Baltimore, along with unauthorised cellular modem installations and attempts to gain remote access to port systems.

These findings call for an urgent need for stronger cybersecurity measures in the maritime sector.

While the Coast Guard has developed a cyber strategy, the GAO report finds it falls short of meeting key national security standards.

Reference: GAO

Source: Maritime Shipping News