The vulnerability of the critical maritime sector to cyber attack along with a threat landscape “markedly more complex than ever before, posing novel threats to our national security and economic strength and stability” underscore the need to apply tested risk management principles to guarding the cyber domain, according to the service’s newly updated Cyber Strategic Outlook.
The U.S. Coast Guard’s Cyber Strategy issued in 2015 “established cyberspace as a new operational domain for the U.S. Coast Guard,” noted Commandant Adm. Karl Schultz, and the new outlook “reaffirms that foundation and that we will bring the same ethos, proven doctrine and operational concepts, and over 230 years of experience to bear on our operations in and through cyberspace.”
“The events of the last five years, including the exploitation of U.S. Coast Guard networks and information, the attacks on maritime critical infrastructure, and adversarial efforts to undermine our democratic processes – not just by exploiting networks, but by negatively shaping information – reinforce that cyberspace is a contested domain,” Schultz wrote at the outset of the report. “Working in close collaboration with the Department of Homeland Security (DHS), the Department of Defense (DOD), our government partners, foreign allies, and the maritime industry, we will act to protect the marine transportation system from threats delivered in and through cyberspace and we will hold accountable those who would do our nation harm through attacks on our networks, operations, or the Marine Transportation System (MTS).”
The outlook highlights some key challenges in the cyber landscape: Every 39 seconds a hacker attacks. The average cost of a data breach last year was $3.86 million. In the first half of 2020, 36 billion records were exposed by data breaches. The average time it took to identify a breach was 207 days. The average lifecycle of a breach was 280 days.
More than 500 major operational technology cyber attacks hit the marine industry in 2020. Twenty-five percent of the country’s gross domestic product flows through the Marine Transportation System.
The Coast Guard will “apply the same proven risk management framework” used to confront physical threats to “the prevention and mitigation of cyber risks to the Marine Transportation System… the U.S. Coast Guard’s risk management approach for all hazards and threats is applicable to those delivered in and through cyberspace.”
“Cyberspace is a U.S. Coast Guard operational domain. Modern maritime commerce occurs both on the seas and in cyberspace. We will execute operations, including cyber operations, to protect American commerce and the international rules-based order that has provided wealth and prosperity for the nations of the world,” the outlook says. “The U.S. Coast Guard will hold accountable those who use cyberspace to undermine the security of our nation and the Marine Transportation System.”
Cyber response actions are grouped in three lines of effort: defend and operate the enterprise mission platform, protect the Marine Transportation System; and operate in and through cyberspace.
In the first line of effort, the establishment of CGCYBER and the “employment of intelligence, operational plans, and objectives into the defense and operation of our EMP enables the U.S. Coast Guard to keep pace with operational requirements.”
Goals are to:
- “Invest, develop, and acquire capabilities to detect, prevent, respond, and be resilient against adversaries who seek to disrupt U.S. Coast Guard operational assets.
- Invest in capabilities – sensors, automation, artificial intelligence, cloud architecture and mobility – to provide a persistently monitored, secure, and resilient environment for U.S. Coast Guard operations.
- Proactively assess and strengthen the cybersecurity of our supply chains, major systems, and information dependent assets to anticipate and remove attack vectors.
- Seek further interoperability with U.S. Cyber Command and the Joint Force, and continue to leverage DOD architecture, intelligence, and information capabilities as a member of the DODIN enterprise.
- Create a capable workforce to detect and defend against adversaries who seek to disrupt U.S. Coast Guard land, sea, air, and space command and control systems.
- Develop and employ cyberspace operational forces trained, ready, postured, and organized to project national and U.S. Coast Guard power in the defense and operation of our networks, systems, and information.
- Develop and implement doctrine and tactics, techniques, and procedures to protect U.S. Coast Guard information and sustain mission outcomes in a contested cyberspace environment.”
The second line of effort “will require prioritization of cyber operations, capabilities, and workforce, alongside partnership with other government agencies and the private sector” to protect maritime transportation that “is inherently both global and commercial.”
“Cyber risk management must involve proactive actions taken by the maritime industry and be overseen by competent authorities,” the outlook continues. “Underpinning these actions are: (1) acknowledgement that information security and the unimpeded flow of information are vital to maritime transportation; (2) persistent monitoring of organizational information as it is generated, manipulated, shared, and stored; and (3) awareness of ever-evolving threats to the maritime transportation sector.”
To protect the MTS, the U.S. Coast Guard aims to:
- “Apply the prevention and response framework for industry to manage cyber risks to maritime critical infrastructure in alignment with national and DHS cyber strategies.
- Refine cybersecurity incident reporting requirements and promote information sharing to improve the ability of owners and operators to prepare for, mitigate, and respond to threats to maritime critical infrastructure.
- Characterize threats through adversary intent and capability and promulgate threat advisories to the maritime community to reduce the unpredictability of cyber incidents.
- Implement a risk based regulatory, compliance and assessment regime, incorporating international and industry recognized industry cybersecurity standards, to manage cybersecurity threat risks to maritime critical infrastructure and promote the lawful exchange of goods and services in the global marketplace.
- Impose cost to those who act to undermine the security of this vital resource.
- Develop expertise in cybersecurity of maritime IT/OT within the U.S. Coast Guard workforce in support of prevention and response activities.
- Field deployable Cyber Protection Teams, interoperable with the DOD Joint Force and DHS, to augment COTPs in the execution of time critical or nationally significant prevention and response activities.
- Deploy CGCYBER forces to oversee, advise, and support a coordinated response in the event of a cybersecurity incident.
- Use the COTP (serving as the Federal Maritime Security Coordinator) to coordinate with federal, state, local, territorial, tribal, and industry partnerships to develop and exercise nested maritime cybersecurity incident response plans under the guidance from AMSCs and other relevant authorities.
- Coordinate with DHS, interagency partners, and partner nations to support maritime cybersecurity capacity building, training, and port security risk management.”
The third line of effort stresses that as the USCG operating environment “has grown increasingly complex” mission success “depends on secure, unimpeded access to information.”
“Malicious actors apply their limited resources to exploit cyberspace to further their illicit and covert activities driven by: relatively low cost, ease of access, obfuscation of origin, and constrained responses under international law,” the strategy states. “While we mitigate threats to U.S. Coast Guard networks and operations, we will also enhance U.S. Coast Guard missions by conducting operations in and through cyberspace to counter the ability of transnational criminal organizations, hostile nation-states, and unaffiliated criminals to use cyberspace for illicit maritime activity.”
Goals are to:
- “Leverage relationships with the Intelligence Community, DOD, Federal Law Enforcement, and foreign allies to employ intelligence, surveillance, and reconnaissance to illuminate adversaries in cyberspace.
- Equip operational commanders with requisite doctrine and innovative capability to plan, use, and integrate cyberspace and enabling activities into U.S. Coast Guard plans and operations across all missions.
- Field Cyber Mission Teams and Cyber Support Teams, interoperable with the Joint Force and DHS, to conduct full spectrum cyberspace operations.
- Ensure cyber enabling activities and cyberspace operations are embedded into the operational planning cycle at the Area and District levels.
- Extend cyber operations through the electromagnetic spectrum in support of operational commanders.”
Partnerships, intelligence, a skilled workforce, and innovation are key in tackling threats in the cyber domain, the outlook stresses.
“Complex interconnected industries and critical infrastructure, like the MTS, are particularly susceptible to the potentially devastating effects of a cyber attack,” it states. “The U.S. Coast Guard has secured and safeguarded the maritime environment for over 230 years. During that time we have faced many complex challenges. These trials have honed our operating concepts, bolstered our capability, and strengthened our resolve. Working in coordination with foreign allies and partners, we will employ these same concepts and capabilities to secure and protect our nation and maritime critical infrastructure from cyber attacks.”