Some of those assets, such as the Medium-Endurance
Cutter, are more than 40 years old and have become
very expensive to update and difficult to patch simple
The newer assets, such as the National Security Cutter,
have security concerns as well. The contract for them was
signed in the late 1990s, when the service was not focusing on cyber security as much as it does now, Dickey said,
and it now is playing catch-up to properly defend its
information systems against current threats.
The amount and types of information and data the
service was expecting the ships to be able to handle
when they were being planned are nothing compared
to what they must process now. And as technology and
capabilities of the information systems have improved,
so too have the threats.
“Our newest ships I am most concerned about,” he
As the next generation of cutters, such as the
Offshore Patrol Cutter, comes online, Dickey said he
hopes they will be better equipped with information
security defenses than the previous generation.
The effort to stress to senior leaders the importance
of cyber-security measures was illustrated in testimony
from the commandant, ADM Paul F. Zukunft, during a
Feb. 25 House Transportation and Infrastructure Coast
Guard and maritime transportation subcommittee hearing when he said he will bring special focus to enhancing the service’s internal information technology security and promote cyber security within ports.
“In 2016, we will remain in lockstep with other
components of DHS and DoD [Department of Defense]
efforts to enhance cyber security to defend our own
network and work with port partners to protect mar-
itime critical infrastructure and operators,” he said.
The Coast Guard continues to study cyber-security
measures that need to be taken in the future to
improve the force.
The C4ISR&IT Strategic Plan that was released in
February focused on five main goals: cyberspace opera-
tions, efficient information management, technology and
innovation, governance and organizational excellence.
Among its priorities were attracting high-caliber
information technology professionals; defining, implementing and enforcing standards for supportable and
enterprise-wide C4ISR&IT systems; enabling information sharing; and improving the Coast Guard’s ability
to detect and respond to C4ISR&IT incidents
It was built upon recommendations put forth by the
C4ISR&IT Resource Council. The plan will be updated
“As cyber threats continue growing and present
major challenges to the organization, we must improve
our defensive posture while developing strategic offensive capabilities,” the strategy said.
Another aspect of cyber security is protecting the U.S.
ports and maritime community. CAPT Andrew E. Tucci,
chief of the office of port and facility compliance, said
his responsibility extends to cyber security as it applies
to the marine transportation system and the world of
commercial shipping at ports and facilities.
“Cruise ships, container terminals, oil tankers, liquefied natural gas tankers, anything that floats and anything
that’s on the waterfront I am in charge of,” he said.
Calling cyber attacks another vulnerability that the
Coast Guard has to be prepared for, Tucci said the service is seeing an increasing number of incidents.
“The Coast Guard is taking a comprehensive look at
this,” he said.
Over the last several years, Tucci said he has seen a
drug smuggling operation hack into a container terminal computer system overseas, and attacks on Global
Positional Systems on vessels, terminals and cargo
cranes. There also have been instances of commercial
ships with advanced networks on them acting as
points of operation for cyber crime.
Cyber attacks on ports have implications for trade
as they could, conceivably, shut down a port complex
or disrupt shipping. There are lower-level threats as
well, such as a port worker accidently clicking on a
dangerous link, or software updates being done incorrectly, that can compromise a system.
“We talk about cyber security, but it’s also a safety issue
as there is equally likelihood of a simple accident, bad programming, improper use of the system, as there is of an
attack [by] an advanced persistent threat,” Tucci said. ;
Petty Officer 3rd Class David Twine, a machinery technician at Coast Guard Station Cape May, N.J., stands watch
surrounded by an array of computer monitors Aug. 27 at
the station. The Coast Guard released the “Command,
Control, Communications, Computers, Intelligence,
Surveillance, Reconnaissance and Information Technology
Strategic Plan for Fiscal Years 2015-2019” as part of a
comprehensive cyber security strategy.