The U.S. Coast Guard Cyber Command (CGCYBER) has released its fourth annual Cyber Trends and Insights in the Marine Environment (CTIME) report, summarizing cybersecurity issues observed across the Marine Transportation System (MTS) in 2024. The report is based on data collected from operations, technical assessments, and industry engagements carried out by Coast Guard cyber protection teams (CPTs) and the Maritime Cyber Readiness Branch.
With 95,000 miles of U.S. coastline, 3,500 marine terminals, and 4.5 million square miles of Exclusive Economic Zone to protect, the maritime domain represents a cyber-physical challenge, the report highlighted. Vessels and facilities increasingly rely on networked systems and satellite communications, often tethering operational technology (OT) directly to company enterprise networks. This integration delivers efficiencies but also introduces risk, the report said.
One of the more alarming findings concerns ship-to-shore (STS) cranes manufactured in China. These cranes, integral to port operations, present a vector for supply-chain-based cybersecurity vulnerabilities. In 2024, the issue gained national attention, prompting the release of Maritime Security Directives 105-4 and 105-5. CGCYBER’s CPTs, already conducting assessments of these systems, found recurring concerns related to insecure configurations and network connectivity.
While not all STS cranes share the same risk profile, the Coast Guard recommends a set of best practices, including hardware and software inventory controls, regular network segmentation audits, and disabling unused remote access ports.
The report highlighted that in 2024, CGCYBER conducted 42 missions across the MTS which is the highest annual total to date. These missions included incident response, ransomware investigation, system assessments, and hunt operations to detect and mitigate threats.
Key developments in 2024 include CGCYBER’s third active-duty CPT reached full operational capability, a reserve CPT was formally established, CPT missions increasingly focused on OT systems in addition to traditional IT systems, and 73% of mission partners reported using Managed Security Service Providers (MSSPs) to manage cybersecurity operations.
CGCYBER said it continues to advise stakeholders including facility security officers, IT and cybersecurity directors, and port authorities to apply technical best practices, review system configurations, and ensure staff understand shared responsibilities in cybersecurity.
WorkBoat spoke with retired commander of the Office of Naval Intelligence, Gene Price, for additional insight on steps that companies and operators can take to protect themselves from cyberattacks. Price emphasized actionable items including basic cybersecurity hygene, multifactor authentication, encrypted data, phishing training with consequence, patch discipline, zero trust architecture, software bill of materials and tailored incident response plans.
The full CTIME 2024 report is available through CGCYBER’s website.
