Proceedings magazine is a communication tool for the Coast Guard's Marine Safety & Security Council. Each quarterly magazine focuses on a specific theme of interest to the marine industry.
Issue link: https://uscgproceedings.epubxp.com/i/436751
63 Winter 2014 – 2015 Proceedings www.uscg.mil/proceedings security, and maritime law enforcement. The Maritime Transportation Security Act (MTSA) of 2002 requires vessels and port facilities to develop security plans and conduct vul- nerability assessments. The USCG regulates these screen- ing plans, which involve screening procedures, establishing restricted areas, personnel identifcation procedures, access control measures, and site surveillance equipment. Currently, there is no requirement mandating cyber- specifc security plans or vulnerability assessments. However, MTSA-regulated vessels and facilities are required to report security incidents that meet the threshold of a transporta- tion security incident (TSI) — any incident that results in a signifcant loss of life, environmental damage, transporta- tion system disruption, or economic disruption to a particu- lar area. 3 In the Great Lakes, the lion's share of transporta- tion security incidents involve small-quantity oil spills and/ or discharges and security breaches to critical infrastructure facilities. Due to increased awareness of the "See Something, Say Something" public awareness campaign, many facilities report pre-incident indicators of terrorism to the National Response Center — events such as suspicious photogra- phy or surveillance of critical infrastructure sites, eliciting information about access control or security, or physical security breaches such as theft from within a secured area. Although these types of incidents meet the threshold required for "suspicious activity," there is currently no regu- lation or requirement to report any cyber-specifc incidents. However, the Coast Guard and the Department of Home- land Security are making inroads to tackle this issue. Training the Right Person for the Position While it is possible to organize an institutional change when addressing an issue as complex and far-reaching as cybersecurity, a complete overhaul of personnel across the maritime environment to address cyber security insuffcien- cies is simply not operationally feasible, or the best option in many situations. Training existing personnel in cyber security issues, while also refocusing efforts from physi- cal security and toward cyber, may be a viable alternative. Personnel already in these positions may have knowledge, skills, and expertise unique to their posts that cannot always be matched or flled by cybersecurity experts. Additionally, the foray into cyber incident reporting best practices should begin by limiting the requirements to only those events that involve physical as well as cyber infrastructure. The best way to explain "cyber" without Developing Post-Incident Response and Recovery Plans Two major inhibitors prevent incident reporting: • perceived lack of governmental ability to respond and assist with such an attack, • lack of cyber-specifc incident response plans. Well-established security and response plans exist from all levels of government and the private sector to respond to, mitigate, and recover from all types of physical security breaches and attack scenarios, yet many organizations do not know who to contact when a cyber intrusion is detected or have plans in place that quantify cyber-specifc breaches. Similarly, while many government agencies are prepared for phys- ical security response, they may not have the capabilities or exper- tise to assist in recovery from a cyber incident. For example, would the Coast Guard marine security technicians that regulate MTSA facilities and normally respond to physical security breaches have the knowledge, skills, and abilities to assist IT staf at an afected organization? As agencies build exercise plans, cyber should be stressed as an essential element, specifcally as the method behind the root problem of the scenario. Bringing cyber to the forefront of exer- cise planning, preparation, and execution is critical to explore the problem and its response, prior to an actual incident. Additionally, exercise planners are required to consider expanding exercises to include organizations and personnel not normally afliated with maritime security. This move will greatly enhance the content shared at the exercise and bring legitimacy through subject matter expertise in response and recovery capability scenarios. One of the main issues with exercise planning in its current form is the unnecessary isolation of cyber elements when planning exer- cises. The cyber and physical worlds are intertwined, and exercise scenarios must be written to accommodate both environments. What planners and exercise participants should understand is that there is not a need to inundate players with technical details about cyber attacks. Many cyber-specifc scenarios begin with an elec- tronic malfunction; however, cyber elements almost always bleed into the physical environment, requiring frst responder interven- tion and other typical disaster recovery decisions. For example, a cyber attack at a MTSA-regulated chemical facility causes a hazardous spill. Of course, there is a physical response: local police and fre, emergency management personnel, and federal agencies, if necessary. So it makes sense to integrate cyber-specifc exercise scenarios into other response exercises.