On June 16,
2015, the U.S. Coast Guard issued its Cyber Strategy. The document may be found at http://www.uscg.mil/seniorleadership/DOCS/cyber.pdf.
The document
opens with a sobering statement of the problem: “Cybersecurity* is one of the
most serious economic and national security challenges we face as a Nation.
Government systems—including Coast Guard systems—face a mounting array of
emerging cyber threats that could severely compromise and limit our Service’s ability
to perform our essential missions.” “In the digital age…there is no strategic
objective the Coast Guard can adequately meet—or operational mission the Coast
Guard can fully perform—without a robust and comprehensive cyber program.*”
The asterisks
link to definitions, and this document gives us a good range of definitions of
cyber-related terms. Definitions, so
important to the MTSA community, are found in Appendix I, and definitions
sources are from a variety of documents and explain many cyber-related terms,
including:
Cybersecurity breach – Unauthorized
access to data, applications, services, networks and/or devices, by-passing their
underlying security mechanisms. A cybersecurity breach that may rise to the
level of a reportable Maritime Transportation Security Act (MTSA) security
breach occurs when an individual, an entity, or an application illegitimately
enters a private or confidential Information Technology perimeter of a
MTSA-regulated facility or vessel, Maritime Critical Infrastructure/Key
Resources, or industrial control system such as Supervisory Control and Data
Acquisition systems, including but not limited to terminal operating systems,
global positioning systems, and cargo management systems.
Reproduced
in its entirety below is the Executive Summary. Port security stakeholders are
encouraged to read the entire document.
The Coast
Guard is committed to ensuring the safety, security, and stewardship of our
Nation’s waters. This
commitment requires a comprehensive cyber strategy that provides a clear
framework for our
overall mission success.
Cyber
technology has fueled great progress and efficiency in our modern world. Coast
Guard operations
are more effective because of the rapid evolution in cyber technology, and
advanced technologies
have also led to an unprecedented era of efficiency of the Maritime
Transportation System
(MTS). However, with these benefits come serious risks. Information and its
supporting systems are
continually attacked and exploited by hostile actors. Foreign governments,
criminal organizations,
and other illicit actors attempt to infiltrate critical government and private
sector information
systems, representing one of the most serious threats we face as a nation.
As the Coast
Guard relies on modern digital information and communications systems to
execute its
missions, the Service must defend against those who threaten them. The Coast
Guard must also build
and sustain an operational advantage in cyberspace to ensure optimal
integration of information
and intelligence with our operations. Moreover, the Coast Guard must lead the
effort to protect
maritime critical infrastructure from a broadening array of cyber threats.
To fully
ensure the Coast Guard is able to perform its essential missions in the 21st
Century, it must fully
embrace cyberspace as an operational domain. To this end, the Coast Guard will focus on three
specific strategic priorities in the cyber domain over the next ten years:
• Defending Cyberspace
• Enabling Operations
• Protecting Infrastructure
Defending
Cyberspace: Secure and resilient Coast Guard IT systems and networks are
essential for overall
mission success. To ensure the full scope of Coast Guard capabilities are as
effective and
efficient as possible, the Coast Guard must serve as a model agency in
protecting information infrastructure
and building a more resilient Coast Guard network.
Enabling
Operations: To operate effectively within the cyber domain, the Coast Guard
must
develop and
leverage a diverse set of cyber capabilities and authorities. Cyberspace
operations, inside and
outside Coast Guard information and communications networks and systems, can
help detect,
deter, disable, and defeat adversaries. Robust intelligence, law enforcement,
and maritime and military
cyber programs are essential to enhancing the effectiveness of Coast Guard
operations, and
deterring, preventing, and responding to malicious activity targeting critical
maritime infrastructure.
Coast Guard leaders must recognize that cyber capabilities are a critical
enabler of success
across all missions, and ensure that these capabilities are leveraged by
commanders and decision-makers
at all levels.
Protecting
Infrastructure: Maritime critical infrastructure and the MTS are vital to our
economy,
national security, and national defense. The MTS includes ocean carriers,
coastwise shipping
along our shores, the Western Rivers and Great Lakes, and the Nation’s ports
and terminals.
Cyber systems enable the MTS to operate with unprecedented speed and
efficiency. Those same
cyber systems also create potential vulnerabilities. As the maritime
transportation Sector
Specific Agency (as defined by the National Infrastructure Protection Plan),
the Coast Guard must
lead the unity of effort required to protect maritime critical infrastructure
from attacks,
accidents, and disasters.
Ensuring
Long-term Success: In support of the three strategic priorities, this Strategy
identifies a
number of cross-cutting support factors that will ensure the Coast Guard’s
long-term success in
meeting the Service's strategic goals in the cyber domain. These include:
(1)
recognition of cyberspace as an operational domain,
(2)
developing cyber guidance and defining mission space,
(3)
leveraging partnerships to build knowledge, resource capacity,
and an
understanding of MTS cyber vulnerabilities,
(4) sharing
of real-time information,
(5)
organizing for success,
(6) building
a well-trained cyber workforce, and
(7) making
thoughtful future cyber investments.