This month’s Coast Guard Corner is brought to you by LT Christian Miura, Chief of the Port State Control Branch. If you have recommendations for future topics, we would appreciate your input. See you in the port!
– CAPT Tom Allan
Cyber Security, A New Focus on Maritime Protection
According to a White House Cyberspace Policy Review, industry estimates of losses from intellectual property to data theft in 2008 ranged as high as $1 trillion. In 2010, a Data Breach Investigations Report concluded that 70% of security breaches were caused by external agents, while 90% were the result of deliberate and malicious activity. October 2012 marked the 10th anniversary of National Cyber Security Awareness Month (NCSAM). NCSAM is intended to promote safe online behavior, institute sound cyber security practices to combat threats, and raise awareness of cyber security across the nation.
What is cyber security? Cyber security is the prevention of damage to, unauthorized use of, or exploitation of information and communication systems. It includes the protection of computer systems against unauthorized attacks or intrusion. Why should we care about cyber security in the maritime industry? Cyber systems are considered an integral part of the nation’s critical infrastructure, and are vital to the nation’s economic security. In particular, U.S. port facilities are so crucial to preserving U.S. economic and national security that the Department of Homeland Security (DHS) identified them as one of only sixteen designated sectors of U.S. Critical Infrastructure. According to a recent study published by the Brookings Institution, public and private sectors are increasingly dependent on cyber systems for routine and emergency services. However, efforts to protect these systems remain relatively low.
Robert Mueller, the former FBI Director, recently expressed grave concern that the cyber threat will soon overtake Al-Qaida as the highest priority. The outgoing DHS Secretary, Janet Napolitano, warned a serious cyber attack on the U.S. homeland was highly probable. In order to address this vulnerability, President Obama signed Executive Order 13636 to improve critical infrastructure cyber security, and Presidential Policy Directive 21 to improve critical infrastructure security. These documents direct government agencies to take steps to seek voluntary cooperation from private industries.
While the Coast Guard does not have authority to enforce cyber security requirements on commercial facilities or vessels, the agency is playing a vital role alongside our government and industry partners to improve cyber security awareness. The Coast Guard recognizes the tireless efforts of the maritime community to take proactive measures to address cyber risks. While many actions are underway, below is a series of important actions industry can take now to supplement or initiate cyber security measures:
- Obtain training on cyber security: DHS’ exercises website is an excellent source of basic cyber security awareness training.
- Participate in your local Area Maritime Security Assessments, Plans and Exercises.
- Report cyber incidents to the National Response Center at the NRC website or by calling 1-800-424-8802.
- Become familiar with the DHS Industrial Control Systems Cyber Emergency Response Team website. This site has extensive information, recommended best practices, and assessment tools useful for many organizations, including those that do not use cyber industrial control systems.
- Visit and join the Cyber Security Homeport Community to keep abreast of recommendations with regard to cyber security. Please send an email to firstname.lastname@example.org to request access to this community.
The Coast Guard is committed to raising cyber security awareness and will continue work with our government and maritime partners to address this serious threat.
Featured image photo credit: U.S. Coast Guard photo by Petty Officer 1st Class Lauren Jorgensen