51
Summer 2015 Proceedings
www.uscg.mil/proceedings
For more information:
Where to Get Help
The U.S. Coast Guard and the Department
of Homeland Security provide extensive
information on improving cyber security.
The Homeport cyber security page, https://
homeport.uscg.mil, includes a wide variety
of resources and tools. Individuals may also
submit a request to join the Homeport Cyber
Security community, which has additional
information.
The Department of Homeland Security's
Computer Emergency Response Team is
probably the most comprehensive source
for cyber security information, tools, and
best practices. The "publications" tab, https://
www.us-cert.gov/security-publications,
includes topics such as cyber threats to
mobile phones, password security, virus
basics, and protecting data.
The CERT Industrial Control System portion,
https://ics-cert.us-cert.gov/, has a similarly
impressive list of resources and information
specifically for industrial control system
cyber security.
isolate, test, repair, and resume operations for any impacted
systems.
Good marine practice is just as important in cyber security
as it is with other risks. It has always been important for
mariners to have an understanding of how GPS and other
devices actually operate and how to make the most of their
capabilities. For example, many GPS devices will show the
signal-to-noise ratio. An unusually low ratio would suggest
jamming. Most importantly, the prudent mariner should
always use multiple ways of determining position and be
ready for any emergency. For navigation, engineering, or
shore side operations, a combination of good cyber and
marine practices will substantially reduce risk.
The prudent mariner uses multiple
methods to determine position.
Vessel and facility operators should also work with their
local captain of the port and area maritime security commit-
tee to identify, evaluate, and address cyber risks in the mari-
time environment. Operators should report cyber security
breaches or suspicious activity that could lead to a transpor-
tation security incident to the National Response Center and
to the captain of the port.
3
As with other security-related
reports, Coast Guard personnel treat these as sensitive
security information and do not disclose them outside the
"need to know" law enforcement community. Additionally,
reporting these incidents enables the Coast Guard to iden-
tify potentially broader maritime security threat patterns.
In Clarke's story, humanity faced a threat from its own
creation. Today, it is not a singular super intelligence that
threatens us, but simply other human beings, seeking to
exploit existing systems to their own evil ends. We must
address this threat with the resolve, innovation, and deter-
mination we have employed for other threats in the past.
Doing so will ensure a safe, secure marine transportation
system well into the future.
About the author:
CAPT Tucci is chief of the Offce of Port and Facility Compliance at Coast
Guard headquarters. He has served in the Coast Guard for more than
20 years. His feld assignments include vessel and facility inspections, oil
spill response, marine casualty investigations, and search and rescue. CAPT
Tucci holds a bachelor's degree in business administration from Miami Uni-
versity, and a master's degree in marine affairs from the University of Wash-
ington, Seattle.
Report cyber security breaches or
suspicious activity to the National
Response Center at (800) 424-8802.
Endnotes:
1.
See http://niccs.us-cert.gov/glossary.
2.
As a junior offcer, one of my frst marine casualty investigations involved a fsh-
ing vessel that struck a rock that the master had programmed into his GPS as a
waypoint.
3.
See 33 CFR 101.105.