Coast Guard looks to plug digital holes in maritime infrastructure under new cyber outlook

The Coast Guard is looking to ramp up its cybersecurity work with companies and other organizations in the maritime transportation sector, and the service is studying its authorities for regulating the network defenses of ports and other infrastructure, according to its top cyber official.

The Coast Guard’s new “Cyber Strategic Outlook” released this week provides an update on its 2015 cyber strategy. The document describes how cyber threats have only increased in the past five years, with the Maritime Transportation System serving as “a prime target for malicious cyber actors who seek to disrupt our supply chain.”

The Maritime Transportation System includes waterways, shorelines, ports, shipyards, facilities, bridges and other infrastructure throughout the United States. According to the Coast Guard, it facilitates $5.4 trillion of economic activity every year, representing about a quarter of U.S. gross domestic product.

Defending the system is a major line of effort under the new strategic outlook. Rear Adm. Mike Ryan, head of U.S. Coast Guard Cyber Command, says the threats to the maritime sector “are real.” He said the flurry of high-profile hacks into U.S. networks over the past year have included attacks on maritime infrastructure. Last November, for instance, ransomware crippled IT systems at the Port of Kennewick in Washington state.

“We want the maritime industry to be better prepared,” Ryan said in an interview with Federal News Network. “We want to partner and engage with them, to ensure that they understand the threats, that they have awareness and access to resources that can support their efforts to combat those threats, and then really ensure from a Coast Guard perspective that we sustain safe and secure ports and waterways on behalf of our nation.”

The Coast Guard is the Sector Risk Management Agency responsible for protecting the Maritime Transportation System under the Department of Homeland Security’s designated critical infrastructure sectors. The new strategy comes at a time when the Biden administration is taking a hard look at critical infrastructure cybersecurity, including by setting new cyber standards for operators.

According to the strategic outlook, the Coast Guard’s Captains of Port — a role typically filled by the commanders who oversee the Coast Guard’s regional sectors — “lead governance by promoting cyber risk management, accountability, and the development and implementation of unified response plans.”

The document also describes how the Coast Guard will “refine cybersecurity incident reporting requirements and promote information sharing to improve the ability of owners and operators to prepare for, mitigate, and respond to threats to maritime critical infrastructure.”

Ryan said the Coast Guard partners with the maritime sector to share information about cyber risks and better understand the challenges those organizations face in cyberspace. He said the service has “the authorities we need” as the Sector Risk Management Agency, but will continue to study the issue in conjunction with evolving cyber threats.

“We’re taking a look at the wealth of authorities we have,” Ryan said. “We’ll be working with Congress if we identify any gaps in that regulatory regime.”

He also advocated for the International Maritime Organization, a U.N. agency that regulates shipping, to set global expectations for cybersecurity in the maritime arena.

“We want to ensure that we have solid approaches, and we want to ensure we have the right thresholds in place, and we don’t want to disadvantage those U.S.-flagged operators beyond the level playing field that we want all of the maritime community to have,” Ryan said.

In addition to overseeing the maritime sector, the new cyber outlook also calls for the Coast Guard to make advances with its own digital infrastructure and capabilities, as well as its cyber forces. It calls for investments in “sensors, automation, artificial intelligence, cloud architecture and mobility” to provide a “persistently monitored, secure, and resilient environment for U.S. Coast Guard operations.”

It also outlines the need for both Cyber Mission Teams and Cyber Support Teams interoperable with both the Defense Department’s Cyber Mission Force and the Department of Homeland Security. The service has already established two Cyber Protection Teams and is in the process of establishing a Cyber Mission Team. It is also seeking funding for a third Cyber Protection Team as part of its fiscal year 2022 budget request.

“That gives us a great foundation,” Ryan said. “I think we’ll have to do some more analytics to figure out whether that’s the right size force, or maybe grow it into the future.”

Related Stories

    (Photo courtesy of the U.S. Coast Guard )U.S. Coast Guard Station Ketchikan crews remain ready, relevant and responsive during changing times.

    With readiness concerns rising, Coast Guard gets flat budget for 2022

    Read more
    In this Friday, March 6, 2020, image provided by the U.S. Coast Guard, Air Station crew members load personal protective equipment into a helicopter in San Francisco. Thousands of anxious people were confined Saturday to a cruise ship circling in international waters off the San Francisco Bay Area, after 21 passengers and crew members tested positive for the new coronavirus. The Grand Princess was forbidden to dock in San Francisco amid evidence that the vessel had been the breeding ground for a cluster of nearly 20 cases that resulted in at least one death after its previous voyage. (Petty Officer 3rd Class Taylor Bacon/U.S. Coast Guard District 11 via AP)

    Coast Guard to stand up first cyber ‘red team’ as it creates Cyber Operational Assessments Branch

    Read more
    FILE - In this July 8, 2016, file photo released by Xinhua News Agency, Chinese missile frigate Yuncheng launches an anti-ship missile during a military exercise in the waters near south China's Hainan Island and Paracel Islands. Ahead of the 2021 annual Congress meetings, China is continuing its military buildup and recently passed a law authorizing its coast guard to use force to remove foreign presences in what it considers Chinese waters and islands. (Zha Chunming/Xinhua via AP, File)

    The Coast Guard steams closer to a modernized financial management system

    Read more

Comments

Sign up for breaking news alerts