Report: Lax cybersecurity at U.S. ports
The nation’s ports are vulnerable to cyberattack due to a lax cybersecurity culture, according to Cmdr. Joseph Kramek, who worked as a fellow at the Brookings Institution and is a Coast Guard judge advocate. He issued the report in early July.
For more on the report read here
Coast Guard Cyber Command stands up officially Aug. 2 in Alexandria, Va., but it’s been slowly expanding its mission over the past four years.
On the eve of this latest milestone, its top officer is planning ways to strengthen the service against impending cyber threats, better educate Coasties and grow his force.
“We started with five of us,” said Rear Adm. Robert Day.
Now they are a 23-person core team tasked with safeguarding a network serving about 45,000 Coasties, plus 20 or so Coast Guardsmen serving in joint billets at U.S. Cyber Command and several within the Department of Homeland Security.
There also are 50 to 60 other Coasties scattered in other units across the service who have cyber-related tasks, but they aren’t part of Day’s command.
He hopes to change that, adding half of those billets to Cyber within the next year. Eventually, he wants all to fall under the command.
So what do members of Coast Guard Cyber Command do?
If you’ve tried charging your smartphone in a USB port at work, odds are you’ve already found out.
The command, within the last year, rolled out a host-based security system that raises an alert any time a rogue device attempts to connect with the Coast Guard network.
A fair share of alarm triggers are due to bad habits, Day said.
“We’ve known for almost five years now that you shouldn’t stick a USB drive into your computer,” Day said, “yet day in and day out, we still see it.”
These personal devices could introduce potential threats or viruses to the Coast Guard network.
If the alarm is sounded, members of Day’s Cyber Security Operations Center can immediately respond, turning off the computer and catching the Coastie. He or she can expect a call from Cyber Command within 10 minutes, Day said, instructing them to stop that practice.
Cyber Command encounters as many as 300 people per month using their work computers’ USB ports to charge their smartphones, and people also try to connect their personal laptops to the Coast Guard network, Day said.
Cyber is stepping up awareness efforts in the service to change the culture and better educate Coasties about the risks. It has made cybersecurity lessons engaging, by including a game as part of the training. Day also has contracted with companies to improve cyber awareness.
As part of its mission, Cyber Command is in charge of upholding cybersecurity standards for the service and sharing the information with the nation’s ports.
“We’ve got to treat this stuff extremely seriously because it is such a mission enabler,” Day said. “The C4IT [command, control, communications, computers and information technology] systems that are out there are absolutely critical to operations. You turn them off or they are degraded and missions don’t get done.”
Key to this will be more detailed training that goes beyond the basic lessons already provided, Day said. He hopes further training can roll out within two to five years.
Boarding officers, for example, will learn to better assess the cyber value of computers, GPS units and other devices carried by drug smugglers or pirates in interdictions, he said. Coasties can recover valuable information from those devices that will help them understand the criminal operations.