“The Coast Guard seeks to make sure maritime transportation operations continue safely. Those operations can impact commerce and national security – where the military may rely on the commercial sector and an operational Marine Transportation System to get military materiel to the ports.” The Coast Guard’s 11 congressionally mandated missions were challenging before cyber emerged as a risk, he added, “but technology changes the operating environment and cyber has impacted our missions.

“Cyber is the evolution of how ports and ships operate, and the Coast Guard, industry, and other agencies – local and state government, first responders, etc. – will have to adjust to that. The Coast Guard has been dealing with risk for decades – cyber is just a new element in that. And as industry and technology evolve, so will the Coast Guard,” Wong said. “We have been working to clarify what industry is to report, similar to how they report marine casualties, pollution, and safety issues. We realize the cyber realm is still a bit mysterious to some, so our new guidance is intended to clarify that. The Coast Guard is unique among the uniformed services because we are also regulators, which is the linkage to protecting infrastructure.”

Every government agency has been under constant, daily cyberattacks for years. At the Coast Guard, cybersecurity incidents average from two to four a week – 97 percent related to user behavior. The main types of incidents caused by users are plugging unauthorized USB devices into Coast Guard workstations and unauthorized release of information outside Coast Guard networks. Lt. Cmdr. H. Lars McCarter, director of current operations and the Cybersecurity Operations Center (CSOC), CGCYBER Operations Department, said the “Cyber Strategy” was released because cyberspace needed to be codified within the Coast Guard as a warfighting domain, similar to what the DOD services had done. CGCYBER also is partnered with DHS’ National Cybersecurity and Communications Integration Center (NCCIC), which is tasked with fusing the critical infrastructure problem across the government.

“The Coast Guard understands all of its operations in the air, land, and sea are wholly dependent on IT systems,” McCarter said. Ensuring these systems are available to support operations is in alignment with the defending cyberspace priority of the strategy and the primary mission area of CGCYBER. “CGCYBER’s role is focused on Coast Guard specific systems and networks. We are also looking at ways to support external efforts in alignment with the protecting infrastructure priority,” he explained.

One critical area where the Coast Guard closely aligns to DOD rather than DHS is its information environment, a subcomponent of the DOD information network (DODIN) and connected through it to the internet, making it subject to the same cybersecurity problems facing DOD. Those range from low-level hackers to high-level nation-state actors.

“The vast majority of those are mitigated; the bulk of what makes it through is commodity type malware from external threats,” McCarter said. “We’ve been collecting trend data for a year on cybersecurity incidents and their sources and in excess of 97 percent of all incidents are caused by poor cyber hygiene by Coast Guard users. That ranges from plugging unauthorized devices into the network to using personal email addresses to transmit critical, but not classified, information, which is strictly prohibited.

Because the Coast Guard’s missions include counterterrorism, anti-piracy, national security, and law enforcement against criminal organizations, it and its stakeholders potentially face greater danger of cyber-attack than other potential U.S. targets.

“But our No. 1 technical risk is someone within the Coast Guard clicking on phishing emails, which is currently the easiest way for hackers to get in. At first, we saw that activity at all levels, from the flag level down. But now we see it mostly at the junior or newly joined level, many of whom have not yet received training on basic cyber hygiene. The vast majority of our cybersecurity problems have been routine, although we have had some critical activity, which is dealt with much more aggressively.”

Because the Coast Guard’s missions include counterterrorism, anti-piracy, national security, and law enforcement against criminal organizations, it and its stakeholders potentially face greater danger of cyber-attack than other potential U.S. targets.

“Those certainly are threats that concern us, from nation-states to criminal organizations to individual and small group actors. The Coast Guard poses a threat to them, so we have to recognize that as we plan for future dealings with them, and understand the future potential of a critical threat there,” McCarter said.