A little sea story: I was on the Ohio River this past winter, and I was with a line boat captain. A line boat is a tug that’s pushing basically an aircraft carrier’s worth of barges in front of it. He’s been doing this for over 40 years. And I said, “See that buoy up there? What if I put in an electronic dot on your chart instead, and we took away that fixed visual aid to navigation?” He said: “You know, I’ve been doing this for so many years, I don’t think I would like that, because that buoy in particular tells me, once it’s on my beam, that this is where I need to start my turn.”
Well, one of the big challenges is domain awareness. What else is going on up there [in the Arctic]? This last year, you had over 200,000 tourists on cruise ships on the Atlantic side of the Arctic – and an Arctic that had traditionally been covered with sea ice, which means what’s below that ice has not been charted. What is the depth? Are there pinnacles or hazards to navigation? Less than 5 percent of that entire domain is charted to 21st century standards.
So our end users are still very dependent upon old technology, but we’re looking at new technology applications that would make our work easier. We want to make sure it doesn’t cause that same aircraft carrier’s worth of barges carrying crude oil to run aground. We need to make sure we’re responsible to the end users of this maritime system.
You also mentioned in your address that one of the tools for helping manage demand on the maritime transportation system would be the Coast Guard’s first “Cyber Strategy,” which was released this past summer.
Right, and there are three components to that. The first is that we need to defend our cyber domain. Following the cyber attacks on the OPM [United States Office of Personnel Management] this summer, there was another rather sophisticated attack that compromised files among the Joint Chiefs of Staff. So we looked at all of our systems within the Coast Guard. I have a team of about 60 folks right now looking at every application that we operate in the cyber domain in the Coast Guard to make sure every one of those are inside a firewall. What we discovered is that all of them were not, and would be vulnerable to a similar attack, which would compromise our ability to operate in the cyber domain. So that’s the first piece, protecting our cyber footprint.
The second is: How do I use cyber offensively? Well, one way we do it is if a vessel is in distress out on the high seas, a distress beacon goes off. In near real time, we get the name of the vessel, its latitude, its position. And it’s all sent in a digital format so we can come to the rescue. It takes the search out of rescue. We do that in law enforcement as well. About six weeks ago, we had six go-fast boats, each of them loaded with nearly a ton of cocaine but dispersed over an area about the size of North America. That includes Canada, the U.S., Mexico, and Central America. And we were able to vector planes and ships, and we were able to nab all six of these – not because I had an armada of ships out there; I had about as many ships as there were go-fasts. But we were able to leverage cyber at a very high end, when it comes to security clearance, and it enabled us to intercept all six of those events.
The third piece of this is our role in protecting the maritime transportation system. And it’s not widely publicized, but over the last seven years, there have been at least six occasions where mobile offshore drilling units drove off their drilling sites. When that happens, there is a blowout preventer, and hopefully that shuts down the well end when that mobile offshore drilling unit drives off. Now why did those drilling units drive off? Because there was a compromise in the control systems that control the thrusters that position them over a well head. They can only move within a very tight radius. Well, in this case, malware was introduced into that control system, and as they were trying to adjust their position over the top of the well, this drilling unit just decided it was going to drive off on its own. These were not cyber-attacks; they were attributed to poor cyber hygiene by the operators of these particular drilling units. But any one of those, had that blowout preventer failed, would have been another Deepwater Horizon type of event. And then it would have received great publicity.
A Coast Guard information systems technician adjusts cables inside a server room at the Telecommunication and Information Systems Command. The Coast Guard’s “Cyber Strategy,” which was released in June 2015, discusses three primary objectives: defending the service’s cyberspace, enabling operations, and protecting infrastructure. U.S. Coast Guard photo by Petty Officer 1st Class Luke Pinneo
But what did happen is that when those drilling units drove off, and those wells were shut in by the blowout preventers, it cost the industry millions of dollars to re-establish operations. So the maritime industry is highly incentivized to prevent acts like that from happening. And the same applies to our container terminals, where much of our maritime commerce goes. About 95 percent of those operations are fully automated.
We saw what happened when an ILWU [International Longshore and Warehouse Union] labor slowdown gridlocked the Port of LA/Long Beach [California] earlier this year. If you had a cyber event, it could do the exact same thing. And we live in a just-in-time inventory environment.
The Coast Guard has identified the Western Hemisphere as its primary operating area, and in your State of the Coast Guard Address and elsewhere, you’ve made the case for stepping up efforts to disrupt the maritime traffic of transnational criminal networks. Since releasing its “Western Hemisphere Strategy” last fall, the Coast Guard and its partners have made 2015 a record-setting year for drug interdictions in the transit zone. How did you pull that off?
Our focus on the Western Hemisphere is a risk position for us, a look at the threat it poses to American national security and our communities. Just over a year ago, we had more Americans dying through drug-related activity, violence, and addiction than die in highway fatalities. We still have a roughly 400-metric-ton-a-year addiction to cocaine alone in the United States, and now heroin is making a resurgence as well. And that’s just on the drug side. The ill-gotten gains of the drug trade have come home to roost in many countries in Central America: Honduras, Guatemala, and El Salvador in particular now have some of the highest violent crime rates in the world. Honduras ranks No. 1 – not because they have ISIL [Islamic State of Iraq and the Levant], but because they have drug trafficking organizations that have come home to roost.
So much of our recent success there I attribute to the tremendous support we get from the national intelligence community. I was involved in many of these counter-drug patrols back in my seagoing days, and back then we would pick an arbitrary point in the water, and we’d steam 20 miles east and 20 miles west of that – a trip wire, if you will – and hope that someone northbound would trip that wire laden with drugs. Last week, one of our national security cutters, on seven consecutive days, was vectored to vessels that were loaded with drugs. So there’s no longer a trip wire. It’s vectoring and directing air and ship assets where we know where this flow is. A lot of that guesswork has been taken out of it. So you may have heard me say in the State of the Coast Guard Address that little over a year ago we had 90 percent awareness of the flow, but our capacity was constrained such that we could only intercept 20 percent. We have made great strides in closing some of those gaps, despite the fact that the Perry-class frigates, which did the Navy’s lion share of that work with Coast Guard law enforcement teams, have now been taken out of service.