Proceedings magazine is a communication tool for the Coast Guard's Marine Safety & Security Council. Each quarterly magazine focuses on a specific theme of interest to the marine industry.
Issue link: https://uscgproceedings.epubxp.com/i/436751
66 Proceedings Winter 2014 – 2015 www.uscg.mil/proceedings If understanding cyberspace is the goal, then a critical frst step is to get ahead of the hack. The Coast Guard must get a clear picture of its adversaries' capabilities, motivations, intentions, and activities in the cyber domain, before an attack, so personnel can develop proper operational countermeasures. Additionally, understanding that actionable intelligence comes from knowledge, not just from a collection of data points, is a good frst step toward scoping what comprises cyber intelligence. However, there are key points that must be established if the Coast Guard, or any enterprise for that matter, intends to fully implement a cyber intelligence- driven approach to cyber defense: • The quest for relevant knowledge must look beyond the network. Technical collection is important, but it is not suffcient to counter the complex and evolving array of today's cyber threat actors. • The cycle of collection, analysis, dissemi- nation, and feedback must be a continu- ous — not a periodic or intermittent — pro- cess. The cyber domain is highly dynamic, so an effective defense posture must be agile and adaptive. • Actionable cyber intelligence needs to inform all levels of operation. It must sup- port decisions and decision makers at the strategic, operational, and tactical levels. The Elements of Cyber Intelligence Cyber intelligence should not only drive the Coast Guard's cybersecurity and cyber defense missions, it should be an enabling function for Coast Guard missions across the board. The scope of that intelligence must operate at strate- gic, operational, and tactical levels. This means going beyond the network. Just as operational plans are rou- tinely supported by intelligence from human and signals sources, an effective cyber defense plan must be similarly supported to anticipate and respond to specifc threats, such as who is likely to attack, where, when, how, and why. Prep- aration for cyber defense operations and feld operations involves assessing the adversary and the environment. Just as Coast Guard operators evaluate the operational envi- ronment for a law enforcement operation, a marine facilities security inspection, or a search and rescue mission, so must they also consider its cyber operating environment within the context of a planned and dynamic defense, informed by cyber intelligence. Not only will cyber intelligence directly support operations in the feld, it must also address actual threats and preparations for potential threats that engage in and through cyberspace. Firewalls and network logs are not suffcient. More proactive defense measures, informed by cyber intelligence, must be the way the Coast Guard protects itself and achieves a high level of mission assurance. Reliance upon electronic means for operational planning and communications continues to grow, and maritime interests regulated by the Coast Guard increasingly rely on cyberspace and information and communication technolo- gies to conduct essential mission and business functions. Therefore, understanding and effectively operating in that cyberspace environment is critical to mission success. In developing its cyber strategy, the Coast Guard has a remarkable opportunity to lead America's homeland defense enterprise by developing a cyber intelligence- driven approach to cyber defense that corresponds with Coast Guard operations. A cyber intelligence-driven model has three distinct advantages, it: A marine science technician at Coast Guard Sector Baltimore and a Customs and Border Protection offcer stand by while a container is inspected with a vehicle and cargo inspection system (VCIS), a tool used for non-intrusive container inspections. The VCIS takes X-ray images of containers to fnd illegal cargo, such as narcotics. It can be interfered with via cyber means if overall systems are not properly defended. U.S. Coast Guard photo by Petty Offcer Robert Brazzell. According to USCG Publication 2-0, the pur- pose of intelligence is to inform commanders and decision makers by providing accurate, timely, and relevant knowledge about adver- saries, threats, and the surrounding environ- ment. In the Coast Guard, this surrounding environment includes the maritime domain and the cyber domain. Many Coast Guard members often narrowly interpret this as providing tac- tically actionable intelligence to operational forces and, as a result, measure the effective- ness of intelligence support accordingly.