The U.S. Coast Guard is focusing on three strategic priorities in the cyber domain over the next 10 years: defending cyberspace, enabling operations, and protecting infrastructure, according to a strategy document released on June 16.
“Cyber’s not a mission, it’s a domain that we operate…We are one and all cyber operators and so that is a fundamental skillset for every member of the coast guard,” Adm. Paul. Zukunft, Commandant of the Coast Guard, said at a Center for Strategic and International (CSIS) unveiling of the strategy document.
Zukunft said he looks at cyber strategy from a generalized private and public sector perspective and not just through the Coast Guard. “How would you address cyber in the 21st century? And so we came up with three domains that are not unique to the Coast Guard but to anybody who can spell the word cyber.”
“The reason I wanted this strategy is we needed to build out a program of record,” Zukunft said.
Each domain or strategic priority in the new strategy contains specific goals and objectives.
Goals of defending cyberspace include identify and harden systems and networks, understand and counter cyber threats, and increase operational resilience.
The weakest link in defending the Coast Guard’s own cyberspace involves human resource capital and cyber hygiene, Zukunft said.
“The Coast Guard must make consistent adherence to IT security policies and recognize cyber hygiene as one of its highest priorities,” the strategy said.
Zukunft noted how the service recently created a 70-person cyber command.
“It may not sound like a lot, but they can have awareness across our full operating domain in cyber within the Coast Guard. So daily they can look at where those potential leaks are, malware that may be introduced and then go out and fix it,” Zukunft said.
“I never built it into my program of record, it was much quicker for me to reprogram billets,”
He also highlighted an example of enabling operations within the cyber domain. Over a week ago the Coast Guard interdicted six go-fast vessels over a 36-hour period over an area the size of North America, seizing over four tons of cocaine, Zukunft said.
“That would not be possible without our ability to operate in the cyber domain. And it’s not just the CG (Coast Guard) operating in the cyber domain, in this case it’s the entire intelligence community.”
The goals of enabling operations are incorporate cyberspace operations into mission planning and execution and deliver cyber capabilities to enhance all missions, according to the strategy document.
The strategy highlights the importance of protecting infrastructure because “With approximately 360 sea and river ports that handle more than $1.3 trillion in annual cargo, our nation is critically dependent on a safe, secure, and efficient MTS (Maritime Transportation System).”
The MTS includes ocean carriers, coastwise shipping along shores, Western rivers, the Great Lakes, and the U.S. ports and terminals.
The private operators of the MTS use computer and cyber-dependent technologies for many purposes that allow them to operate very reliably, the strategy said. However, the strategy noted risks in the system.
“Exploitation, misuse, or failure of cyber systems could cause injury or death, harm the marine environment, or disrupt vital trade activity. Even a temporary or partial disruption of MTS operations could have serious consequences for the local, regional, national, and even global economy,”
Zukunft cited a case where a mobile offshore drilling unit (MODU), relying on dynamic positioning systems, “drove off the well site because malware was introduced into the server because employees aboard this MODU thought they could access anything on the internet.”
“Fortunately the blowout preventer kicked in and it shut it down,”, Zukunft said. (The blowout preventer was the device that failed in the Deepwater Horizon oil spill.)
The goals of protecting infrastructure in the strategy are risk assessment and prevention. Prevention in the MTS involves developing guidance for commercial vessel and facility operators on how to identify and evaluate cybersecurity-related vulnerabilities, identifying appropriate cybersecurity standards, and improving resiliency.