Thursday, June 18, 2015

Coast Guard Releases Cyber Strategy

On June 16, 2015, the U.S. Coast Guard issued its Cyber Strategy.  The document may be found at http://www.uscg.mil/seniorleadership/DOCS/cyber.pdf.  

The document opens with a sobering statement of the problem: “Cybersecurity* is one of the most serious economic and national security challenges we face as a Nation. Government systems—including Coast Guard systems—face a mounting array of emerging cyber threats that could severely compromise and limit our Service’s ability to perform our essential missions.” “In the digital age…there is no strategic objective the Coast Guard can adequately meet—or operational mission the Coast Guard can fully perform—without a robust and comprehensive cyber program.*”

The asterisks link to definitions, and this document gives us a good range of definitions of cyber-related terms.  Definitions, so important to the MTSA community, are found in Appendix I, and definitions sources are from a variety of documents and explain many cyber-related terms, including:
Cybersecurity breach – Unauthorized access to data, applications, services, networks and/or devices, by-passing their underlying security mechanisms. A cybersecurity breach that may rise to the level of a reportable Maritime Transportation Security Act (MTSA) security breach occurs when an individual, an entity, or an application illegitimately enters a private or confidential Information Technology perimeter of a MTSA-regulated facility or vessel, Maritime Critical Infrastructure/Key Resources, or industrial control system such as Supervisory Control and Data Acquisition systems, including but not limited to terminal operating systems, global positioning systems, and cargo management systems.

Reproduced in its entirety below is the Executive Summary. Port security stakeholders are encouraged to read the entire document.

The Coast Guard is committed to ensuring the safety, security, and stewardship of our Nation’s waters. This commitment requires a comprehensive cyber strategy that provides a clear framework for our overall mission success.

Cyber technology has fueled great progress and efficiency in our modern world. Coast Guard operations are more effective because of the rapid evolution in cyber technology, and advanced technologies have also led to an unprecedented era of efficiency of the Maritime Transportation System (MTS). However, with these benefits come serious risks. Information and its supporting systems are continually attacked and exploited by hostile actors. Foreign governments, criminal organizations, and other illicit actors attempt to infiltrate critical government and private sector information systems, representing one of the most serious threats we face as a nation.

As the Coast Guard relies on modern digital information and communications systems to execute its missions, the Service must defend against those who threaten them. The Coast Guard must also build and sustain an operational advantage in cyberspace to ensure optimal integration of information and intelligence with our operations. Moreover, the Coast Guard must lead the effort to protect maritime critical infrastructure from a broadening array of cyber threats.

To fully ensure the Coast Guard is able to perform its essential missions in the 21st Century, it must fully embrace cyberspace as an operational domain. To this end, the Coast Guard will focus on three specific strategic priorities in the cyber domain over the next ten years:
•             Defending Cyberspace
•             Enabling Operations
•             Protecting Infrastructure

Defending Cyberspace: Secure and resilient Coast Guard IT systems and networks are essential for overall mission success. To ensure the full scope of Coast Guard capabilities are as effective and efficient as possible, the Coast Guard must serve as a model agency in protecting information infrastructure and building a more resilient Coast Guard network.

Enabling Operations: To operate effectively within the cyber domain, the Coast Guard must
develop and leverage a diverse set of cyber capabilities and authorities. Cyberspace operations, inside and outside Coast Guard information and communications networks and systems, can help detect, deter, disable, and defeat adversaries. Robust intelligence, law enforcement, and maritime and military cyber programs are essential to enhancing the effectiveness of Coast Guard operations, and deterring, preventing, and responding to malicious activity targeting critical maritime infrastructure. Coast Guard leaders must recognize that cyber capabilities are a critical enabler of success across all missions, and ensure that these capabilities are leveraged by commanders and decision-makers at all levels.

Protecting Infrastructure: Maritime critical infrastructure and the MTS are vital to our
economy, national security, and national defense. The MTS includes ocean carriers, coastwise shipping along our shores, the Western Rivers and Great Lakes, and the Nation’s ports and terminals. Cyber systems enable the MTS to operate with unprecedented speed and efficiency. Those same cyber systems also create potential vulnerabilities. As the maritime transportation Sector Specific Agency (as defined by the National Infrastructure Protection Plan), the Coast Guard must lead the unity of effort required to protect maritime critical infrastructure from attacks, accidents, and disasters.

Ensuring Long-term Success: In support of the three strategic priorities, this Strategy
identifies a number of cross-cutting support factors that will ensure the Coast Guard’s long-term success in meeting the Service's strategic goals in the cyber domain. These include:
(1) recognition of cyberspace as an operational domain,
(2) developing cyber guidance and defining mission space,
(3) leveraging partnerships to build knowledge, resource capacity,
and an understanding of MTS cyber vulnerabilities,
(4) sharing of real-time information,
(5) organizing for success,
(6) building a well-trained cyber workforce, and

(7) making thoughtful future cyber investments.

Friday, June 12, 2015

TSA Posts Notice Regarding Resolution of Delays in Processing TWIC Cards, with Caveat

On June 12, 2015, the Transportation Security Administration posted the following notice at http://www.tsa.gov/stakeholders/transportation-worker-identification-credential-twic:

1) UPDATED! TWIC Processing Delays: The previously announced delay in processing some TWIC applications has been resolved.  Most applicants will receive a TWIC within a month of enrolling, and often in about two weeks.  However, despite progress in reducing processing delays for the small number of applicants whose criminal or immigration records indicate that they may not be eligible for a TWIC, those applicants may still experience a two-and-a-half month wait before receiving a TWIC or notification from TSA.
To ensure all eligible applicants receive a new or renewal TWIC before it is needed for work we continue to strongly encourage all applicants to apply for their TWIC at least 10 to 12 weeks prior to when the card will be required to avoid inconvenience or interruption in access to maritime facilities.

_______________________________________________________

Takeaways from this notice: applicants with anything in their background that might result in a application refusal on criminal history or immigration grounds may still experience a lengthy delay.  It remains to be seen if persons with clean backgrounds continue to experience lengthy delays.  Employers would be well-served to take TSA’s advice and assume that the application process will take 10 – 12 weeks.


The only way to find out if anything new has been posted on the TSA TWIC website is to check it daily.  At the bottom of the site is a revision date.  If this date has changed, new material has been added.  Do not rely on the NEW!  verbiage on notices because TSA does not remove this on a timely basis.