Cybersecurity Concerns Front and Center
Cybersecurity across the U.S. Maritime Transportation System (MTS) remains a pressing concern, according to Rear Admiral Wayne R. Arguin’s introduction in the Coast Guard’s 2024 Port State Control Annual Report. He stresses that increased digital integration has opened new vulnerabilities in maritime operations. Arguin calls on industry leaders to evaluate each vessel’s unique cyber exposure and adopt strong protective measures as marine cyber threats evolve. These remarks arrive at the heels of a February 2025 Government Accountability Office (GAO) report criticizing the Coast Guard’s oversight of maritime cybersecurity.
Concerning is this collection of words, “Recognizing the growing threat, the United States recently published a cybersecurity final rule; when these regulations enter into force, they will create baseline requirements for cyber resilience and resistance to cyber-attacks.”
The clear implication is that they do not currently have “baseline requirements” that meet the reality of the cyber threat.
GAO Flags Urgent Weaknesses in Maritime Cybersecurity
We covered on the GAO’s February report titled “Coast Guard: Additional Efforts Needed to Address Cybersecurity Risks to the Maritime Transportation System.” It highlights critical shortcomings. It emphasizes that the MTS, a system supporting over 30 million U.S. jobs and handling $5.4 trillion in goods annually, is increasingly threatened by sophisticated cyber actors.
Foreign adversaries, ransomware gangs, and insiders now pose significant risks. Common attack vectors include outdated systems, insecure remote access, and widespread overreliance on GPS. These gaps leave ports and vessels vulnerable to disruption, theft, or worse.
Real-World Attacks Illustrate the Stakes
Recent cyber incidents underscore the risk:
- In 2017, the NotPetya malware attack, attributed to Russian hackers, paralyzed Maersk operations, disrupting U.S. ports.
- A 2019 ransomware attack halted operations at a major U.S. port for 30 hours.
- In 2024, GPS spoofing interfered with navigation on over 100 cargo ships in the Mediterranean.
Each example reveals how cyberattacks can destabilize commerce, damage infrastructure, and endanger national security.
Coast Guard Cyber Oversight Called “Inadequate”
The GAO found that the Coast Guard has not maintained accurate data on cyber incidents, nor does it fully document cyber deficiencies identified during port and vessel inspections. The agency’s cybersecurity strategy fails to meet core standards set for national cyber resilience. Additionally, the Coast Guard lacks a clear assessment of workforce competencies needed to handle maritime cyber threats.
Policy Momentum: Cybersecurity Rule in Development
In his 2024 report, Admiral Arguin acknowledged that cyber threats are expanding as maritime systems grow more interconnected. He cited a new federal cybersecurity rule, expected to take effect soon, that will establish mandatory resilience standards. These will include incident response plans, cyber asset management, and crew training. Arguin reaffirmed the Coast Guard’s commitment to enhancing global maritime cybersecurity.
GAO’s Call to Action
The GAO’s five recommendations include:
- Accurate cyber incident logging.
- Better inspection data on cyber deficiencies.
- Strategic alignment with national cybersecurity policies.
- Clear skill requirements for cyber personnel.
- Workforce development in cybersecurity expertise.
The Department of Homeland Security has accepted all recommendations and pledged reform.
A Maritime Sector at Risk
Rear Admiral Arguin’s words and the GAO’s findings point to one urgent truth: without immediate action, the U.S. maritime industry remains dangerously exposed to cyber events and attacks.
Other News: New USCG Cybersecurity Rule Targets Maritime Cybersecurity Risks(Opens in a new browser tab)
