The United States Coast Guard (Coast Guard) took steps to enhance the cyber posture of the Marine Transportation System (MTS) but faces challenges fully implementing cybersecurity readiness efforts to protect the U.S. supply chain. Over the past 2 years, in accordance with its statutory requirements, Coast Guard established maritime cybersecurity teams to deter and respond to transportation cybersecurity incidents. In 2021, Coast Guard implemented Cyber Protection Teams to offer services that can help industry stakeholders prevent and target malicious cyberspace activities. However, private industry stakeholders have not fully adopted these services; stakeholders in only 36 percent of Coast Guard’s sectors requested and received these services. Coast Guard faced these challenges because industry stakeholders are hesitant to use the cybersecurity services offered.
Open Recommendations
| Recommendation Number | Significant Recommendation | Recommended Questioned Costs | Recommended Funds for Better Use | Additional Details | |
|---|---|---|---|---|---|
| 1 | No | $0 | $0 | ||
| We recommend that Coast Guard’s Cyber Command and Office of Port and Facility Compliance develop and implement a plan of action with established benchmarks for the Cyber Protection Team and the Maritime Cyber Readiness Branch to work with Marine Transportation Security Specialists–Cyber to enhance coordination and to build working relationships with private industry stakeholders. | |||||
| 3 | No | $0 | $0 | ||
| We recommend that Coast Guard’s Office of Port and Facility Compliance establish standardized cybersecurity training on enforceable authorities. | |||||
| 4 | No | $0 | $0 | ||
| We recommend that Coast Guard’s Office of Port and Facility Compliance review and determine whether the Marine Transportation Security Specialist–Cyber position description and job series is the correct designation based on the needs of the position. | |||||
| 2 | No | $0 | $0 | ||
| We recommend that Coast Guard’s Assistant Commandant for Prevention Policy complete and publish cybersecurity-specific regulations providing enforcement authority for facility and vessel inspections. | |||||
