The commandant of the Coast Guard says cyber “is going to be a domain as natural as breathing” that offers a host of challenges to the private and public sector, and the first step in meeting those challenges is understanding “the need to defend your cyber space.”
Speaking Tuesday at the Center for Strategic and International Studies, a Washington think-tank, Adm. Paul Zukunft said because his service works across a number of domains (.gov, .mil, .com, .edu) protecting the Coast Guard’s cyber space “comes down to cyber hygiene.”
He noted that even simple things such as recharging a cell phone can compromise security. Zukunft said his 70-person cyber command works constantly to create a patch to cover the breach and “stay one step ahead” of hackers.
“We are one and all cyber operators,” Zukunft said in explaining the Coast Guard’s cyber strategy. “Protecting our cyber domain is a top requirement for me as commandant. We need to do more with training” the 88,000 civilian and uniformed members of the Coast Guard, and that could include re-visiting Internet training. “Our workers need to have a better understanding” of how to practice cyber hygiene.”
Zukunft added that this understanding of the ground rules also makes workers accountable for what they do. “We’re very good at monitoring our systems.”
“The real challenge is, you end up with a single point of failure. See what (Edward) Snowden did” deliberately in leaking large amounts of classified National Security Agency data.
And the single point of failure is not restricted to the actions of individuals, he said. Using GPS as an example, he said it “is a key enabler” to critical infrastructure in the transportation, energy, and financial sectors.
Cyber is a critical enabler in Coast Guard operations. He said it played an invaluable role in the recent interception of six go-fast vessels operating in an area equivalent in size to North America “and removed over four tons of cocaine in 36 hours” through the cooperation of the intelligence community and regional partners.
“What do you do with awareness?” He said the Coast Guard has a “strong lash-up” with the Defense Department’s Cyber Command, Department of Justice, and its own department—Homeland Security—that applies to law enforcement, maritime safety and security.
The service also relies heavily on cyber in search-and-rescue missions and disaster response, such as the Deep Water Horizon spill in the Gulf of Mexico, and potential accidents in far northern ocean drilling.
Zukunft said the Coast Guard also works to protect outward-looking infrastructure in the maritime arena such as ports. He described the ripple effect of a work slowdown at West Coast ports by longshoremen three months ago that disrupted manufacturing timetables in the United States and Europe because their “just-in-time” supply chain had been slowed.
That manmade event also drew attention to the vulnerability of automated systems to cyber attack and the disruptions that could cause. “What is the likelihood of this happening? We have Sony, now OPM (Office of Personnel Management).”
By 2020 and with a widened Panama Canal, the United States is expected to be an exporter of liquefied natural gas to countries around the Pacific Rim and also to Europe, becoming a direct competitor with Russia for that market.
Hypothetically, that competition could escalate beyond market share.
But in any case, “determining who was the sender” of a cyber attack is “not necessarily a black and white” issue. In which case, “What do you do about it?” becomes a question of great importance.
He said that he has been working with American maritime businesses and other maritime nations in explaining the threat and steps they can take to protect themselves, disseminating best practices, setting standards, and sharing information with each other and government agencies yet remaining anonymous. Because speed is important in reaching agreements in these broad areas, “this [effort] will probably be led by industry,” because it needs to determine the need for cyber liability insurance to operate in the future.
Zukunft said, “This isn’t Chicken Little saying the sky is falling.”
As for the future impact of cyber on Coast Guard personnel, he said, “I’m in the recruit, retain business now,” and noted that he wants to make his cyber command a program of record. He said industry exchange programs “with tech-savvy companies” will keep the service current and answer “How do we develop the next generation?” of its cyber force.
For those men and women working in the Coast Guard’s cyber command, it also means that they will not be leaving those positions in three or four years and taking a totally different assignment. Their expertise needs to remain up-to-date because cyber’s uses and challenges change so rapidly, he said.