USCG has published its annual cyber trends and knowledge in the marine environment report for 2024 and has found a generally improved cyber security position on the Navy Transportation System (MTS), including more stronger password guidelines, increased use of multi-factor authentication and better tools to combat phishing.
HAccording to the USCG, the opponents have developed their tactics that exploited stolen login information and weaknesses in public. Technological advances as always-on satellite connectivity have improved operational efficiency, but also new risks, so that malware can quickly spread between corporate networks and ships.
While many MTS organizations have made considerable progress in cyber security, the rapidly developing threat landscape demands continuing vigilance. CGCYBER is still obliged to use Federal Cyber skills to protect MTS, but emphasizes that success is based on the dedication of its workforce and the strong partnerships throughout the public and private sector.
Other trends and knowledge of 2024
- Missions for cyber incidents and cyber protection team (CPT) with cloud systems and services. A majority of USCG partners use cloud-based infrastructure, but many do not understand that they still have security responsibility even with a cloud service provider.
- About 40% of the missions of the incidents observed opponents who tried to gain access to the cloud infrastructure. Therefore it is essential.
- Accordingly, attacks by actors from the nation state like Salztaifun continue to increase.
- About 42% of hackers were given access by phishing, leaked login information and brute -force password -cracking. Administrator accounts remained the main goals, and their compromise often led to the most harmful cyber incidents. This underlines the need for training courses for user awareness for employees.
- For the first time in 2024, the Coast Guard Cyber Command (CGCYBER) followed partners with the help of Managed Security Service Providers (MSSP). 73% of the mission partners used MSSPs to store their surveillance and management of cyber security.
- There was a slight increase in marine environmental partners who demanded CPT support when CGCYBER achieved a record temperature pace of 42 marine environmental missions.
Key Takeaways
- Supply chain risks and other observed weaknesses consist of ship-at-shore cranes that were produced in China: While every sickness and employment method varies through its ratings, the coast guard has identified several best practices that should be used to alleviate some of the most common vulnerabilities.
- Improved connectivity and the spread of networked technology create new cyber risks for ships: In view of the improvement of satellite networks and the networked technology, ships are more integrated into the company networks of their company than ever before. Although there are significant operational advantages, this creates cyber security risks that did not previously exist. Cyber attacks that affect the company network of a company now affect the IT systems (IT information technology) much more frequently and may affect ship processes.
- Increase in cyber incidents and CPT missions with cloud systems and services: Cloud services are now used by a majority of organizations in the MTS. However, there is still a misunderstanding of security responsibility. A misunderstanding that the cloud service provider has all security responsibility remains, however, (at least) partially responsibility for the safety of your systems and data.
- The most frequently observed cybersecurity weak spots in 2024 were similar to those that were highlighted in previous Cime reports. However, the basic cyber security has improved via the MTS: The widespread introduction of multi-factor authentication and technical improvements to phishing has contributed to promoting this change, but there is still much more to do. Effective cyber security requires vigilance and continuous improvement.
The introduction of new technologies continues to promote operational efficiency and at the same time create new weaknesses and attack vectors. CGCYBER is obliged to work with industry in order to tackle this developing threat landscape and to protect the marine traffic system in cyberspace.
… Said Jason P. Tama, counter -admiral, commander of the US Coast guard, cyber command of the coast guard.