Improved satellite connectivity has made vessels more efficient at sea, but it has also left their operations and network systems more vulnerable to cyber-attacks. That is one of the main takeaways from a newly released report, which lays out threats to the Marine Transportation System (MTS) that Coast Guard Cyber identified in 2024, as well as ways operators can strengthen their cyber defenses against them.
The fourth annual Cyber Trends and Insights in the Marine Environment (CTIME) report is once again a must-read for any operator, industry partner, or Coast Guard member who works in or travels through the MTS. The 2024 edition describes how the blurring separation between the information technology (IT) and operational technology (OT) that powers ships, machinery, and port facilities has increased the risk of a physical attack in the MTS. It is easier to hack into an onshore enterprise network and disrupt the operations of ship, for example, if that ship is constantly connected.[1]
In addition, the CTIME report underscores ongoing vulnerabilities with ship-to-shore cranes manufactured in China, which came to light after a Congressional investigation last year. Some 80% of the cranes that load and unload container ships in American ports are made by Zhenhua Heavy Industry Limited (ZPMC), which is controlled by the Chinese government. While Coast Guard Cyber Protection Teams (CPTs) have not observed any ‘active’ malicious cyber activity on cranes, the potential for a threat actor to gain backdoor access and disrupt crane and port operations exists. The report also includes ways to mitigate these risks.
While common cybersecurity vulnerabilities were still observed, baseline cybersecurity posture has improved across the MTS in 2024. This was aided by widespread adoption of multi-factor authentication (MFA), technical improvements against phishing, better password policy enforcement, and a decrease in successful CPT phishing and brute force password cracking attempts.
Other trends and insights from 2024 –
- Cyber incidents and CPT missions involving cloud systems and services have increased. Many of its maritime partners use cloud-based infrastructure, but many don’t understand that they still have security responsibilities even with a cloud service provider. Some 40% of Incident Response missions observed adversaries attempting to gain access to cloud infrastructure, so having defenses in place is essential. Reported attacks from nation-state actors, such as Salt Typhoon, continue to rise.
- Some 42% of hackers gained access through phishing, leaked credentials, and brute force password cracking. Administrator accounts remained the primary targets, and their compromise often led to the most damaging cyber incidents. This highlights the need for user awareness training for employees.
- For the first time in 2024, CGCYBER tracked partners using Managed Security Service Providers (MSSP). 73% of mission partners used MSSP to outsource their cybersecurity monitoring and management.
- There was a slight uptick in marine environment partners requesting CPT support as CGCYBER achieved a record high operational tempo of 42 marine environment missions.
How CGCYBER operates - The CTIME report was developed by the Coast Guard’s CPTs and Maritime Cyber Readiness Branch (MCRB) based on operations, technical exchanges, and industry engagements in 2024.
The US Coast Guard now has three active duty CPTs and one reserve CPT. These teams work with partners and operators in the Marine Transportation System (MTS), conducting assessments, emulating threats, and using known attack techniques to evaluate system security. In 2024, CPTs were deployed to help find vulnerabilities and better secure OT systems.
There was a 71% year-over-year increase in the use of stolen or compromised credentials in reported cyber incidents and CPTs discovered default credentials on over two thirds of missions.
CGCYBER’s MCRB and local Coast Guard units investigate cyber incidents and provide risk assessments. Each Area, District, and Sector Commander has a Marine Transportation Systems Specialist – Cyber (MTSS-C) to advise their command on cyber risks in the marine environment.
For an in-depth look at the report[2].
This article is shared at no charge for educational and informational purposes only.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. We provide indicators of compromise information via a notification service (RedXray) or an analysis service (CTAC). For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@redskyalliance.com
Weekly Cyber Intelligence Briefings:
- Reporting: https://www.redskyalliance.org/
- Website: https://www.redskyalliance.com/
- LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://register.gotowebinar.com/register/5207428251321676122
[1] https://www.mycg.uscg.mil/News/Article/4190254/modernization-increases-cybersecurity-challenges-in-the-marine-transportation-s/
[2] https://www.uscg.mil/Portals/0/Images/cyber/CGCYBER%202024%20CTIME.pdf?ver=AgbTrQoh4Fs91HUmdhd_xA%3d%3d×tamp=1747657640065
Comments