Vice Adm. Chuck Michel Unveils US Coast Guard Cyber Strategy, Saying His Agency Can Be “Napoleon on a White Horse” in Countering Threats
Read related articles:
For most of human history, military defense strategy has been built around a higher castle wall, a deeper moat, or a taller fence.
But today, invisible attacks can come from anywhere in the world at close to light speed, swiftly disabling large ships and cargo ports. Such is the speed and unpredictability of online cyber attacks that even up-to-date “firewalls” can be breached.
“This is not about building an 11-foot fence so they (our adversaries) can build a 13-foot ladder,” Vice Admiral Chuck Michel, US Coast Guard Deputy Commandant for Operations, told an audience of maritime transportation and cyber security experts at the March 3, 2015, Maritime Cyber Security Symposium held at Rutgers University. “This is a world that moves at (cyber-) machine speed. This is the world of the quick and the dead.”
For the first time in its history, Vice Adm. Michel said, the US Coast Guard finds itself operating in a totally new domain. The last new domain in military history was the advent of aircraft bombers and fighter planes in WW II.
Michel surprised many in the audience with a sneak preview of the Coast Guard’s draft Cyber Security Strategy, designed to protect the nation’s vast and interconnected maritime transportation system. This system comprises giant swaths of land and sea, not to mention ports, ships, and thousands of cyber-dependent, “just-in-time-delivery” commercial enterprises.
“Today, I have the pleasure of sharing the first public preview of the Coast Guard’s Cyber Strategy. The strategy has not yet been signed but is very near completion and will be the Coast Guard’s first cyber strategy ever,” Michel said in his keynote address.
He said the new cyber strategy can be “organizing principle” tying together the Coast Guard’s many roles, including law enforcement, regulation, and intelligence. Once approved, the strategy can provide a road map for all groups with a stake in protecting the maritime domain from cyber threats. Michel said he believes the US Coast Guard can and should lead the way in this endeavor.
“If we can get this right in the maritime realm, we can get it right in a whole bunch of other realms,” Michel said, noting that his agency has an opportunity to be “Napoleon on the white horse,” leading the nation’s maritime cyber-security enterprise. He added: “I want us to be the exemplar, the template.”
The March 3 symposium and an earlier learning seminar were the nation’s first such gathering on the topic of maritime cyber security. The organizers, the homeland-security research group CCICADA and the American Military University, hoped to start a robust national dialogue on how to identify maritime cyber threats and develop strategies to mitigate them. Symposium speakers agreed that government and industry at all levels are ill-prepared to deal with this threat.
“Many participants said the symposium was a landmark event in the development of maritime cyber-security awareness,” said CCICADA Director Dr. Fred Roberts. “Vice Admiral Michel’s decision to unveil the Coast Guard’s new cyber strategy underscored the importance of this event.”
A trend that makes attacks on digital networks of critical infrastructures especially worrisome is the entrance of adversarial nation states as cyber-terror sponsors. Michel cited the recent example of Iran’s cyber attack on the Sands Casino.
Deputy Commandant Michel outlined three cyber-strategy priorities for the US Coast Guard: 1) defending cyberspace, 2) enabling operations, and 3) protecting infrastructure.
A critical lynchpin of these priorities, he said, is US Coast Guard approval of cyber space as an operational domain.
Michel listed goals for the each of the three proposed cyber-security strategies.
To defend cyber space, he said, it is necessary to 1) identify and harden systems and networks vulnerable to attack, 2) understand and counter cyber threats, and 3) increase operational resilience in the event of successful attacks.
To enable operations, Michel said, the new policy must incorporate cyber space operations into the planning and execution of all US Coast Guard missions. In addition, the Coast Guard must deliver cyber capabilities to enhance these missions.
To protect the nation’s maritime infrastructure, he said, all potential risks must be assessed. The first step is to promote cyber-risk awareness and management at all levels of Coast Guard operations. The final step is prevention— reducing cybersecurity vulnerabilities throughout the maritime transportation system.
To accomplish its goals, the Coast Guard must look beyond equipment and computer architecture to the human element. Michel said developing a well-trained, cyber-security workforce is the single greatest challenge facing the Coast Guard – making cyber security a viable career path within agency and keeping trained Coast Guard cyber security experts from moving to the private sector where they can earn a larger salary.
Private Industry on Board
In its role as the regulator of the nation’s maritime domain, Michel cautioned, the Coast Guard must be careful not to impose too heavy a burden on the people and businesses it regulates, from mom-and-pop fishing operations all the way up to massive ports and container ships.
However, he said, private industry representatives have told him they “absolutely want cyber security standards,” if only to protect against legal liabilities stemming from a lack of standards.
Michel urged everyone in the room to work closely with the Coast Guard on this project, and he listed a number of areas ripe for research, including:
- Analysis to identify greatest vulnerabilities in maritime domain
- Identify best options for operational and system cyber resilience
- Analysis and tools to map and predict dynamic maritime cyber threats
- Impact analysis for MTS and cascading consequences to nation and economy
- Nodal and system analysis to identify single-points of failure in the maritime transportation system
- Networking analysis solutions to support optimal information sharing with partners
Concluded Michel: “The US Coast Guard cannot do this on its own, period.”