Proceedings Winter 2014 – 2015
NRC if these organizations receive some tangible beneft
from reporting. It is the duty of the public sector, including
elements at all levels of government, to establish response
plans to cyber incidents so recovery plans are in place. Suc-
cessful mitigation and recovery will lead to future report-
ing, which better arms the government with information
about attacks. This reporting and recovery cycle continues
to feed itself, creating the best scenario for the most up-to-
date threat information, combined with the best possible
tools to respond to such threats.
Although it remains perceptibly different from physical
security in the eyes of many in the emergency preparedness
communities, cybersecurity follows all the same require-
ments when it comes to recovery. Instead of framing cyber
as its own problem with its own solutions, it is necessary for
local communities to address the issue head-on and compre-
hensively, knowing that cyber insecurities can create physi-
cal problems. Without preparing for the future effectively,
we will simply be unsuccessful when it comes to recovery.
About the author:
Mr. Weston R. Laabs is an intelligence operations specialist at U.S. Coast
Guard Sector Lake Michigan. In this capacity, he functions as the sector
intelligence staff cybersecurity specialist. Prior to this position, he served
as an intelligence analyst with the Michigan Intelligence Operations Cen
ter, Michigan's DHSsponsored fusion center. He holds a master's degree in
law enforcement intelligence and analysis and a bachelor's degree in interna
tional relations from Michigan State University.
A hacktivist is a computer hacker whose activity is aimed at promoting a social
or political cause.
Cyber Security and the Marine Transportation System (MTS). ALCOAST 122/14. Wash-
ington, DC: U.S. Coast Guard, 2014. Available at www.uscg.mil/announcements/
The Maritime Transportation Security Act of 2002.
Available at www.gpo.gov/fdsys/pkg/PLAW-107publ295/pdf/PLAW-107publ295.
immediately causing the audience to tune out is to relay
cyber as a method, not a target.
Cyber incident reporting needs to be secured and han-
dled separately than other suspicious activity reports. The
Department of Homeland Security has time-tested abilities
to receive and report on cyber-specifc incidents without
compromising public trust of the reporting organization.
Actionable intelligence is not derived from the name of
a victim; instead, the bad actor's tactics, techniques, and
procedures are the real substance of any report. Specifc
attacking IP addresses, intrusion methods, and malware
flenames, and hashes are extremely useful to organiza-
tions trying to secure systems from attack. Assuring timely
actionable technical information reporting related to cyber
attacks will offer cross-sector personnel the best chance to
mitigate the same or similar attacks against their own net-
Cyber crime is not going away. In the homeland security
and emergency management worlds, there are constant
responses to new threats and challenges, including radia-
tion detection equipment, anthrax awareness, and active
shooter training. All have been recently promoted as neces-
sities to improve resilience among frst responder communi-
ties. However, unlike these evolving threats and challenges,
cybersecurity is deeply interwoven into almost all aspects
of life. From our basic utilities to our communications plat-
forms, all are dependent upon functioning cyber platforms.
As cyber continues to grow in importance, investing in its
security is the best chance we have to remain one step ahead
of the criminals and hacktivists attempting to uproot the
system. Therefore, to keep up with emerging cyber technol-
ogy and threats, constant interaction between the public and
private sectors is critical, but cannot remain as one-sided as
it has in the past. MTSA-regulated and other critical infra-
structure facilities will only report cyber breaches to the