Coast Guard Cybersecurity Lessons from the Field

Takeaways

• Unifying a view of public-private mobilization on cyber readiness will be a focus during the NDTA Surface Force Projection Conference (SFPC). 
• US Coast Guard (USCG) lessons learned provide insights on pushing the envelope on community by community cyber readiness.

The NDTA Cybersecurity Committee will be holding sessions with technology providers to accelerate the continued cyber progress of US Transportation Command (USTRANSCOM) and Defense Logistics Agency (DLA) suppliers. Likewise, the Committee supports the united DOD message that will be shared on May 19, 2022, at the NDTA Surface Force Projection Conference. 

The session will be led by the leadership of both the Cybersecurity Maturity Model Certification (CMMC) 2.0 and the Defense Industrial Base Collaborative Information Sharing Environment/Defense Cyber Crime Center (DCISE/D3), and will be moderated by Norfolk’s Captain of the Port, CAPT Sam Stevens, USCG. As CAPT Stevens accurately said in preparation for this upcoming session, “Cyber-readiness can no longer be left to the technical leaders. It’s the job of the mission leaders with those technical leaders as members of our overall team.”

The Cybersecurity Committee puts special attention on drawing best practices from the Coast Guard based on the USCG’s unique role with private sector critical infrastructure owners outside of the DOD’s scope. ADM Jim Loy, USCG, former Commandant of the Coast Guard and founding Deputy Secretary of the Department of Homeland Security (DHS), focused directly on critical infrastructure protection when he guided NDTA’s formation of what became the Cybersecurity Best Practices Committee after 9/11. 

As a component within DHS, the Coast Guard is a part of the Sector Risk Management Agency for ten of the sixteen designated Critical Infrastructures.¹ Consequently, the Cybersecurity Committee will seek insights from each Coast Guard District. For example, Captain of the Port in New York City, CAPT Zeita Merchant, USCG, met with the Committee to prepare an upcoming session and she immediately prioritized cyber readiness. “On the first day of my change of command to Sector New York, the first call I received was regarding a cybersecurity incident with the Colonial Pipeline…This is what I focus on with our port partners: how do we harden our systems and prepare for these threats?” ²

Over the past two years, RADM John Mauger, USCG, facilitated the Cybersecurity Committee’s best practices exchange as the Coast Guard Senior Government Liaison to NTDA’s Board of Directors. As RADM Mauger takes on his next assignment covering the Northeast as Commander of Coast Guard District 1, NDTA looks forward to welcoming RDML (sel.) Wayne Arguin, USCG, as the new Senior Government Liaison. 

During RADM Mauger’s tenure with NDTA’s Board, the Cyber Committee benefited from his previous experience serving under GEN Paul Nakasone, USA, during the standup of the US Cyber Command as Director of Training and Exercises (J7). In that role, RADM Mauger developed joint training and assessment standards and orchestrated over two dozen large-scale exercises for the Cyber Mission Forces, partner nations, interagencies, all Services, National Guard, Reserves, and private industry. In retrospect, RADM Mauger experienced the reality that, “we have to collaborate across agencies and the private sector because we’re defending the democracy against total unconstrained information warfare.” 

In keeping with that threat, the Coast Guard developed the Cyber Protection Team (www.dco.uscg.mil/Our-Organization/CGCYBER/Maritime-Cyber-Readiness-Branch) to help organizations in the maritime transportation system assess network vulnerabilities among partners and harden systems. Cybersecurity and Information Security Agency (CISA) Director Jen Easterly highlighted the Coast Guard’s new Cyber Protection Teams along with other cyber-readiness resources on the CISA website (www.cisa.gov/shields-up) in her unprecedented 3-hour critical infrastructure alert call with 13,000 industry stakeholders.³

Heightened threats raise the need for these Shields Up resources. To quote DIB-Co’s new CEO, “We have no internal IT staff, but my personal priority and my responsibility as CEO is to make sure we’ve recertified every node of our operations against vulnerabilities.”

By Ted Rybeck Chair, Benchmarking Partners, & Chair, NDTA Cybersecurity Best Practices Committee

1. https://www.cisa.gov/critical-infrastructure-sectors
2. https://waterfrontalliance.org/2022/03/24/women-on-the-waterfront-captain-zeita-merchant/
3. https://www.cisa.gov/news/2022/03/22/readout-cisa-call-critical-infrastructure-partners-potential-russian-cyberattacks