44
Proceedings Winter 2014 – 2015
www.uscg.mil/proceedings
scenarios included injecting invalid AIS data such as posi-
tion, course, speed, name, cargo, fag, etc., or creating and
modifying aids to navigation entities.
5
Finally, another well documented vulnerability is the vessel
Electronic Chart Display and Information System (ECDIS), a
computer-based navigation information system used as an
alternate to paper nautical charts.
6
While system use is gen-
erally restricted, the use of USB sticks, sensor infltration,
or intrusion into the vessel's local area network could cause
them to be compromised. Vulnerabilities include access to
modify ECDIS fles and insert malicious content.
Cyber Defenses and Resources
The Brookings Institute Policy Paper provided a number
of recommendations and conclusions to close the gap in
cyber vulnerabilities. One highly underutilized program
that all facilities should consider is the Federal Emergency
Management Agency's Port Security Grant Program (PSGP).
At the time of publication of the Brooking Policy Paper,
the PSGP had appropriated more than $2.6 billion, with
only just less than $6 million (or 2 percent) of those dol-
lars going to directly fund cybersecurity projects. Given
the national focus on cybersecurity, the PSGP is a highly
recommended program for facility operators to pursue to
fund cybersecurity projects.
7
Additional recommendations include conducting cyber-
security assessments and response plans. Basic cybersecurity
An Electronic Chart Display and Information System. U.S. Coast Guard
photo.
hygiene needs to become fundamental. Companies should
create a culture of awareness and incorporate procedures
for strong passwords with consistent changes, prevent the
connection of unknown devices and equipment to their sys-
tems, and develop education in common-sense practices.
Such practices should include not clicking on unknown
links or opening suspicious emails.
About the author:
LCDR Marshall Newberry is a U.S. Coast Guard Academy and Univer
sity of Washington graduate. He holds a bachelor's degree and an M.S.
in mechanical engineering. He has served the Coast Guard for more than
14 years, most recently in the 11
th
District Offce of Inspections and Investi
gations, where he provides program oversight and has been instrumental in
implementing Coast Guard cybersecurity initiatives throughout California,
Arizona, Nevada, and Utah.
Endnotes:
1.
Fed Approaches to Cyber Security (2013). Available at www.fedcyber.com/fed-cyber-
reference-library/federal-approaches-to-cyber-security.
2.
Industrial Control Systems Cyber Emergency Response Team. Cyber Threat Source
Descriptions. Available at http://ics-cert.us-cert.gov/content/cyber-threat-source-
descriptions.
3.
Kramek, Joseph, Commander, U.S. Coast Guard, Federal Executive Fellow. (2013).
The Critical Infrastructure Gap: U.S. Port Facilities and Cyber Vulnerabilities. Center for
21
st
Century Security and Intelligence. Foreign Policy at Brookings. Available at
www.brookings.edu/research/papers/2013/07/03-cyber-ports-security-kramek.
4.
Todd Humphreys' Research Team Demonstrates First Successful GPS Spoofng of UAV.
Available at www.ae.utexas.edu/news/features/todd-humphreys-research-team-
demonstrates-frst-successful-gps-spoofng-of-uav.
5.
Trend Micro Warns of Vulnerabilities in Global Vessel Tracking Systems. 2013 Press
Release. Available at http://apac.trendmicro.com/apac/about-us/newsroom/
releases/articles/20131022085503.html.
6.
Dyryavyy, Yevgen (2014). Preparing for Cyber Battleships — Electronic Chart Display
and Information System Security. NCC Group. Available at www.nccgroup.com/
en/learning-and-research-centre/white-papers/preparing-for-cyber-battleships-
electronic-chart-display-and-information-system-security.
7.
Kramek, Joseph, Commander, U.S. Coast Guard, Federal Executive Fellow. (2013).
The Critical Infrastructure Gap: U.S. Port Facilities and Cyber Vulnerabilities. Center for
21st Century Security and Intelligence. Foreign Policy at Brookings. Available at
www.brookings.edu/research/papers/2013/07/03-cyber-ports-security-kramek.
For more information:
The Coast Guard has developed a cybersecurity
page on homeport. Access via www.homeport.
uscg.mil and click on "cybersecurity" on the
left side of the page. Additionally, a Homeport
cybersecurity community has been developed
for real-time information sharing. Directions
for joining are on the Web page above.