- Female workforce up 14%, but overall representation down from 26% in 2021 to under 19% in 2024.
- Private sector and mid-management roles see sharp declines in female participation.
- Industry leaders call for renewed DEI commitment amid growing skepticism and slipping progress.
USCG has released its annual Cyber Trends and Insights in the Marine Environment report for 2024, finding a generally improving cyber security posture across the Marine Transportation System (MTS), including stronger password policies, increased use of multi-factor authentication, and better tools to combat phishing, reports Safety4sea.
However, according to USCG, adversaries have evolved their tactics, exploiting stolen credentials and public-facing vulnerabilities. Technological advancements, such as always-on satellite connectivity, have enhanced operational efficiency but also created new risks, allowing malware to spread quickly between corporate networks and ships.
While many MTS organizations have made significant strides in cybersecurity, the rapidly evolving threat landscape demands ongoing vigilance. CGCYBER remains committed to using federal cyber capabilities to protect the MTS, but emphasizes that success relies on the dedication of its workforce and strong partnerships across the public and private sectors.
Other trends and insights from 2024
- Cyber incidents and Cyber Protection Team (CPT) missions involving cloud systems and services increased. A majority of USCG partners use cloud-based infrastructure, but many don’t understand that they still have security responsibilities even with a cloud service provider.
- Some 40% of Incident Response missions observed adversaries attempting to gain access to cloud infrastructure, so having defenses in place is essential.
- Reported attacks from nation-state actors, such as Salt Typhoon, continue to rise.
Some 42% of hackers gained access through phishing, leaked credentials, and brute force password cracking. Administrator accounts remained the primary targets, and their compromise often led to the most damaging cyber incidents. This highlights the need for user awareness training for employees. - For the first time in 2024, Coast Guard Cyber Command (CGCYBER) tracked partners using Managed Security Service Providers (MSSP). 73% of mission partners used MSSPs to outsource their cybersecurity monitoring and management.
- There was a slight uptick in marine environment partners requesting CPT support as CGCYBER achieved a record high operational tempo of 42 marine environment missions.
Key takeaways
- Supply-chain risks and other observed vulnerabilities exist within ship-to-shore cranes manufactured in China: While every crane configuration and employment method varies, through its assessments, the Coast Guard has identified several best practices that should be applied to mitigate some of the most common vulnerabilities.
- Improved connectivity and the proliferation of networked technology create new cyber risks for vessels: With improvements in satellite networks and more networked technology, vessels are more integrated with their company’s enterprise networks than ever before. While there are significant operational benefits, this creates cybersecurity risks that did not exist before. Cyberattacks impacting a company’s enterprise network are now far more likely to impact shipboard Information Technology (IT) systems and potentially impact vessel operations.
- Uptick in cyber incidents and CPT missions involving cloud systems and services: Cloud services are now utilized by a majority of organizations in the MTS; however, there continues to be a misunderstanding of security responsibilities. A misconception that the cloud service provider owns all the security responsibilities persists, but companies using cloud computing still retain (at least) partial responsibility for security of their systems and data.
- The most common cybersecurity vulnerabilities observed in 2024 were similar to those highlighted in previous CTIME reports, however the baseline cybersecurity posture has improved across the MTS: Widespread adoption of Multi-Factor Authentication and technical improvements against phishing have helped drive this change, but there is still much more work to do. Effective cybersecurity requires vigilance and continuous improvement.
Did you subscribe to our daily Newsletter?
It’s Free Click here to Subscribe!
Source: Safety4sea
