Cyber Command: 2021 Outlook Just Released

Since the USCG Cyber Command last issued their strategy on cybersecurity, there have been 50 named Atlantic hurricanes, two presidential elections and one global pandemic. And there have also been at least two cyberattacks on the US Coast Guard itself – threatening the critical maritime infrastructure the branch seeks to protect.

In a major effort to improve its security, the Coast Guard has released its newest cybersecurity strategy, titled “The 2021 Cyber Strategic Outlook.” It was developed in tandem with the Department of Homeland Security, and seeks to meet three key goals that ensure the Coast Guard:

(1) is mission ready in cyberspace,

(2) protects the Marine Transportation System (MTS) in cyberspace,

(3) and identifies and combats adversaries throughout cyberspace.

Roughly 99% of all goods coming to and from overseas come in via our waterways and ports, representing some $5.4 trillion in the nation’s gross domestic product. Thus, the vitality and security of the MTS is of critical national importance, as it comprises all the waterways, ports and land-side connections, moving people and goods to and from the water, according to the US Department of Transportation Maritime Administration. 

“The threats we face from the cyber domain have outpaced threats from the physical domain,” the August 2021 guidance states. “As a military service, federal law enforcement agency, and federal regulator, the US Coast Guard will use its broad authorities and unique capabilities to protect the MTS from all threats, to respond to attacks on maritime critical infrastructure, and to incorporate cyber effects to achieve all mission outcomes.”

In a statement issued by the Coast Guard, these changes will provide fundamental changes to the daily cybersecurity operations of the branch.

“The Coast Guard is taking important and necessary steps to increase safety and security where physical and cyber threats converge,” said Adm. Karl L. Schultz, commandant of the Coast Guard. “We maintain strong relationships with our U.S. port partners; we hold leadership roles on Area Maritime Security and Harbor Safety Committees; and we have the technological expertise to integrate cyber awareness and resilience within the Marine Transportation System.”

These updates come on the heels of more than 500 cyberattacks on US maritime interests in 2020. According to the updated strategy, the Coast Guard will have more teams focused on cybersecurity (dubbed CGCYBER), as well as a security-first mindset when it comes to protecting the Enterprise Mission Platform (EMP), ensuring that this critical component has effortless connectivity.

PAST THREATS AND ATTACKS

In late 2019, a maritime facility was hit with a ransomware attack from Ryuk, which resulted from a phishing email, as reported by ZDNet at the time. This resulted in that facility — which was believed to be a port authority — to shut down operations for 30 hours.

“Once the embedded malicious link in the email was clicked by an employee, the ransomware allowed for a threat actor to access significant enterprise Information Technology (IT) network files, and encrypt them, preventing the facility’s access to critical files,” the Marine Safety Information Bulletin stated at the time. “The virus further burrowed into the industrial control systems that monitor and control cargo transfer and encrypted files critical to process operations.”

This nightmare scenario wasn’t the first breach on the Coast Guard’s maritime domain, either. Earlier in 2019, a commercial vessel entering the Port of New York and New Jersey notified the Coast Guard of an incident that impacted their shipboard network. While the Coast Guard was able to intervene and ensure that essential vessel control operations were not compromised, through the response, it was clear that the ship’s critical infrastructure was not protected properly against cyberthreats.

The Coast Guard issues regular statements in the form of Marine Safety Information Bulletins, which offers general safety bulletins for mariners across the country. Since 2019, these have included any cybersecurity breaches or possible threats — such as notices about the SolarWinds exploit, warnings about malicious email spoofing, and calls to tighten the security on control systems.