US Coast Guard Addresses Maritime Cybersecurity Issues
By Glynn Cosker
Editor, In Homeland Security
The United States Coast Guard fielded questions from maritime security experts and officials Jan. 15 during a Maritime Cybersecurity Standards Public Meeting held at the U.S. Department of Transportation Headquarters in Washington, D.C.
Captain Andrew Tucci, of the U.S. Coast Guard’s Office of Port & Facility Compliance opened and closed the 3-hour proceedings that featured a list of high-ranking officials from various sectors including the military, cybersecurity and other security fields.
Silicon Valley isn’t the only place affected by high-tech hackers in today’s cyber world. The maritime industry is centuries old, but that doesn’t make it immune to the risks posed by cyber-attacks. Criminals have the means to take over a ship, change container numbers, or even close a major port—and the Coast Guard is employing a proactive approach to the problem.
Maritime cybersecurity awareness is high considering that most products and goods enter and exit our ports on a daily basis. There are many national strategic-planning cybersecurity events scheduled this year, including the Maritime Cyber Security Learning Seminar and Symposium at CCICADA from March 2 to 3, 2015. American Military University (AMU) is partnering with Rutgers University to co-sponsor that event, and In Homeland Security will cover it.
“The Coast Guard has a long, proud history of protecting our coasts, our maritime interests and American waters from all manners of hazards and threats. Cybersecurity is one of those threats, and we need to figure out the best way to address those threats,” stated Captain Tucci. “We may not be successful today at protecting cyber events as we have been to date on physical events, but if an attack does occur, then how do we respond and recover from that?”
That question is paramount in light of recent high-profile and potentially embarrassing national and international hacks and cyber-attacks, some of which captured the world’s attention.
“Cybersecurity is critical to everything we do,” stated Coast Guard Rear Admiral Marshall Lytle. “Just as we’ve seen recently with Sony, the hacks on [CENTCOM’s] Twitter and YouTube accounts this week, the German steel mill that was hacked last month—all cyber incidents—and all affecting businesses and their bottom line.”
Brett Rouzer, Chief of Maritime Critical Infrastructure and Key Resources Protection USCG Cyber Command, addressed the major threat of hacking and other attacks, particularly on maritime interests: “Cybersecurity is a national priority; it is directly responsible for the success of our national economy as well as our national security.”
Rouzer stated that an astonishing 95 percent of all U.S. overseas trade travels through 360 ports, carrying more than $1.3 trillion in annual cargo. With those kind of statistics, protecting our ports and shipping channels is of extreme importance.
Cybersecurity is a safety issue…Every ship built has software that manages its engines; and that software is updated while the vessel is underway from the beach, and the Master doesn’t even know that the software is being updated.” – Rear Admiral Paul Thomas, U.S. Coast Guard.
An open forum for questions from guests followed the presentations by each military and cybersecurity expert. Questions ranged from softer inquiries such as social media’s role in maritime cybersecurity to more hard-hitting and though-provoking inquiries like the one from Caitlyn Stewart of The American Waterways Operators.
“It would be helpful for the Coast Guard to more clearly articulate about what it believes to be the most significant cybersecurity risks facing the maritime industry,” opined Stewart. “A sector-specific assessment could result in a more productive collaboration with the industry and ultimately more effective protection of maritime infrastructure.”
Other attendees to Thursday’s U.S. Coast Guard Maritime Cybersecurity meeting included Coast Guard Vice Admiral Charles D. Michel; Barry Westreich, Director, Cybersecurity Directorate for the Nuclear Regulatory Commission; Neil Hershfield, Deputy Director of Industrial Control Systems Cyber Emergency Response Team (ICS CERT); and Matthew Barrett of the National Institute of Standards and Technology (NIST).