The Coast Guard plans to unveil a new cyber security strategy within the next month that focuses on protecting not only Coast Guard networks and systems from cyber attacks, but also the country's 3,600 sea ports and facilities, and the ships they serve.
Coast Guard Commandant Adm. Paul Zukunft said in an interview the strategy will outline authorities and requirements for the shipping firms and port facilities the Coast Guard is charged with protecting under the Maritime Transportation Security Act of 2002.
Zukunft said many major U.S. ports are nearly fully automated. "So they are vulnerable to a cyber attack, depending on what safeguards they've put in place. There's no requirement for them to do so and there's no universal standards," he said.
"One challenge that remains is complacency, that 'no one would want to penetrate my system.' And so that's where having authorities and requirements would be in our nation's best interest," he said.
Under the strategy, which is undergoing review now by numerous stakeholders, the Coast Guard would work closely with the Homeland Security Department and the U.S. Cyber Command to determine whether maritime-related cyber events constitute an attack and, if so, by whom.
"If a [container terminal] facility operator says, 'For whatever reason, the gantry's not working today' – about 95 percent of it is automated – you know, it can't find that container. And then another facility operator says, 'I've got the same thing going on.' Well, we can push that up to a national level, and perhaps we push it over to [U.S. Cyber Command] and say, 'Is this privately or is this state-sponsored activity that we're seeing taking place?'" Zukunft said.
Another point of vulnerability is the maritime industry. The engines on modern maritime ships are often monitored and controlled remotely from shore-based facilities thousands of miles away to ensure engine efficiency. This makes them possible cyber targets, he said.
"The challenge right now is you've got some shipping companies that are fully invested in cyber and others perhaps a little bit complacent," he said, adding that 90 percent of U.S. commerce moves by sea.
Other areas of focus for the Coast Guard's relatively small cyber command under the new strategy will be protecting Coast Guard cyber assets, building situational awareness to cyber events, building resiliency to attacks within its operations, and outlining responses to cyber attacks, Zukunft said.
"It's a whole new domain and rules of engagement. When you think cyber, it's electronic warfare, but it's not against competing militaries," he added. "So that's the role of the Coast Guard because we operate in the dot-gov, dot-com and dot-mil domains when it comes to protecting infrastructure."