Proceedings magazine is a communication tool for the Coast Guard's Marine Safety & Security Council. Each quarterly magazine focuses on a specific theme of interest to the marine industry.
Issue link: http://uscgproceedings.epubxp.com/i/436751
20 Proceedings Winter 2014 – 2015 www.uscg.mil/proceedings "The relevance of information dominance has never been greater, particularly as our adver- saries design new ways to exploit our networks and inhibit our mastery of the electromagnetic spectrum." — U.S. Navy Vice Admiral Kendall Card includes bringing public and private partners into the solu- tion. Agility in this area should be easier for the Coast Guard than many other entities, given our ability to span military and law enforcement communities and our longstanding relationships developed with the maritime industry over the years. Using this to our advantage, we should leverage cybersecurity experts from government and industry in this effort. Change our Paradigm The paradigm of protecting maritime critical infrastructure is turned on its head with the cyber component; therefore addressing jammer threats and port cybersecurity vulner- abilities is only part of the solution. The Coast Guard can leverage various risk assessment tools to better assess cyber risks. MCIKR exercises and workshops will also point to currently unseen areas for improvement, so the Coast Guard can readily apply lessons learned to champion similar exer- cises for all stakeholders involved in protecting critical infrastructure. These exercises simulate and will pave the way to how we will execute cyberspace operations. The Future is Now Unfortunately, we no longer have any lag time to get these efforts underway. It's no longer a question of "if" MCIKR cyberspace vulnerabilities will lead to cybersecurity inci- dents, but "when." Given our national dependency on mar- itime critical infrastructure and key resources, the Coast Guard and its interagency and industry partners cannot afford to delay implementing proactive measures needed to address defciencies. Developing Cyberspace Capability and Capacity Cont i nui ng to develop c yberspace capabilit ies will strengthen the Coast Guard's ability to defend its networks and protect maritime critical infrastructure. Doing so will also enable the service to attain intelligence-based maritime information advantage and the ability to act on that intel- ligence in the cyberspace domain. Likewise, we must be proactive in identifying current and planned DOD and DHS initiatives that contribute to achieving the objectives. Know the Environment As the nation's leading national maritime governing orga- nization, the Coast Guard must continue to address cur- rent and future threats throughout all operational domains impacting the maritime environment. With cyber growth continuing at breakneck speed, achieving a complete com- mon operating picture and improved maritime domain awareness has never had more relevance or presented a greater challenge. The Future is Now Much of our efforts to promote security must be focused inward. The Coast Guard's operational commanders should be concerned about the expanding number of critical ship- board and airborne systems (including combat, communi- cations, engineering, positioning, navigation, and timing systems) that are networked, interdependent, and vulner- able to cyber attack. We must develop a more holistic view of what constitutes the "network," and commanders must understand that the Coast Guard is not outside the splash zone of the potentially crippling effects of attacks targeted at critical systems. Protecting Maritime Critical Infrastructure and Key Resources Know the Environment The Global Positioning System jammer (a device that blocks, jams, or interferes with communications) constitutes a sig- nifcant threat to our maritime transportation industry. 4 The vast majority of U.S. commerce passes through our ports and waterways, so the maritime industry is especially vul- nerable to these devices and similar cyber threats. Mean- while, port facilities rely on networked computer control systems that span across domains. The Coast Guard, in conjunction with its Department of Homeland Security (DHS) and port partners, must conduct maritime critical infrastructure and key resource (MCIKR) risk assessments that address cyber-related threats, vul- nerabilities, and potential consequences. We must develop awareness of the full scope of port systems and how they are networked throughout ports and terminals. 5 We must also ensure that regulations and maritime security plans identify or address potential cyber-related threats or vulner- abilities. Finally, we must leverage cyber capability to share cyber information among other government entities and our port partners to the same extent that we share other data to support mission success. Be Agile While the Coast Guard has already begun to aggressively address these issues, incorporating these into standard practices necessitates an "all hands on deck" effort, which