The Government Accountability Office has found three issues preventing the U.S. Coast Guard from effectively addressing the cybersecurity risks faced by the Maritime Transport System, a critical infrastructure subsector for which the Coast Guard serves as lead risk management agency.
Table of Contents
Cybersecurity Risks to MTS
GAO said in a report released Tuesday that the cybersecurity risks faced by the MTS — which handles $5.4 trillion in goods and services annually — stems from the reliance of its constituent vessels and facilities on various technologies, including networking capabilities, that are susceptible to attack from numerous threat actors such as transnational criminal organizations and adversary countries.
Incomplete Cyber Information
One of the ways the Coast Guard helps the MTS address these threats is by identifying cybersecurity-related deficiencies, a function that is impeded by the inability of the system of record — the Marine Information for Safety and Law Enforcement, or MISLE, system — to provide the Coast Guard access to complete information on inspection results concerning to cybersecurity.
Deficient Cyber Strategy
The Coast Guard has also established a cyber strategy to address MTS cybersecurity risks, but of the five characteristics that make such a strategy effectively, only one has been fully addressed.
Workforce Competency Issues
The Coast Guard also appears to not have adhered to leading practices that would ensure its personnel would be capable of handling cybersecurity risks at all. Competency requirements have not been fully developed and competency gaps have not been fully assessed.
GAO Recommendations
To correct these problems, GAO offered five recommendations, including that the Coast Guard update MISLE so it could provide full access to cyber-related information; ensure that all the key characteristics of its cybersecurity strategy are addressed; and assess all workforce competency gaps.