Category Archives: Cyber Security

“COAST GUARD Workforce Planning Actions Needed to Address Growing Cyberspace Mission Demands” –GAO

Posted on by
5

A team from the U.S. Coast Guard Academy participated in the National Security Agency’s 20th annual National Cyber Exercise (NCX), a three-day cyber competition that tests the offensive and defensive cybersecurity skills virtually, April 8-10, 2021. The Coast Guard Academy recently instituted a Cyber Systems degree to meet the needs of the services cyber security strategy of defending cyber space, enabling operations, and protecting infrastructure. (U.S. Coast Guard photo by Petty Officer 2nd Class Hunter Medley)

The GAO has issued a report that finds the Coast Guard is not doing all GAO thinks Coast Guard should be doing, to manage its cyber work force. You can see the one page summary here, it has a nice bar graph. I have reproduced most of the summary below. You can see the entire 40 page report here.

The most striking thing for me, was to see how many Coast Guard people are now employed in cyber. 4507 positions are authorized and 4095 are filled. That is a big chunk of the Coast Guard’s total manpower. It is totally justified considering they are protecting not just the Coast Guard, but the entire maritime transportation system.

A recent US Naval Institute Proceedings article, “Cyber Warfare Is a Navy Mission” discusses why cyber has become so important and also suggests that the Navy needs to take larger role in maritime economic cyber. Apparently the Navy has not been paying much attention to this, but the potential is there, that they may.

What GAO Found

The Coast Guard is increasingly dependent upon its cyberspace workforce to
maintain and protect its information systems and data from threats. As of
September 2021, the Coast Guard determined it had 4,507 authorized
cyberspace workforce positions (i.e., funded positions that could be vacant or
filled), consisting of military and civilian personnel.

Coast Guard guidance calls for the service to use its Manpower Requirements
Determination process to assess and determine necessary staffing levels and
skills to meet mission needs. However, GAO found that the service had not used
this process for a large portion of its cyberspace workforce. For example, as of
February 2022, the Coast Guard had not used this process for three
headquarters units that collectively represent 55 percent of its cyberspace
workforce positions. Until such analysis is completed, the Coast Guard will not
fully understand the resources it requires, including those to protect its
information systems and data from threats.

Of 12 selected recruitment, retention, and training leading practices, the Coast
Guard fully implemented seven, partially implemented three, and did not
implement two. By fully implementing these leading practices, the Coast Guard
could better manage its cyberspace workforce. For example, it has not
developed a strategic workforce plan for its cyberspace workforce. According to
leading recruitment practices, such a plan should include three elements: (1)
strategic direction, (2) supply, demand, and gap analyses, and (3) solution
implementation, along with monitoring the plan’s progress to address all
cyberspace competency and staffing needs. Without having such a plan, the
Coast Guard will likely miss opportunities to recruit for difficult to fill cyberspace
positions.

“Coast Guard Academy Cadets Prepare to Join the Fleet” –Seapower

Posted on by
Reply

A team from the U.S. Coast Guard Academy participated in the National Security Agency’s 20th annual National Cyber Exercise (NCX), a three-day cyber competition that tests the offensive and defensive cybersecurity skills virtually, April 8-10, 2021. The Coast Guard Academy recently instituted a Cyber Systems degree to meet the needs of the services cyber security strategy of defending cyber space, enabling operations, and protecting infrastructure. (U.S. Coast Guard photo by Petty Officer 2nd Class Hunter Medley)

The Navy League’s on-line magazine “Seapower” reports on “Billet Night” at the Coast Guard Academy, when cadets learn where they will be going after graduation.

The significant news in the report is that while over 200 will go to afloat units and 20 will go directly to flight school,

The remaining graduates will report to various shore units, including the first graduates of the Academy’s Cyber Systems program. The newly established Cyber Systems degree provides graduates with the skills and ability to defend cyberspace, enable operations, and protect critical maritime infrastructure.

Indo-Pacific Strategy of the United States

Posted on by
4

U.S. Coast Guard Cutter Munro and Japan Coast Guard Patrol Vessel Large Aso, transit together in formation during a maritime engagement in the East China Sea Aug. 25, 2021. U.S. Coast Guard members aboard the Munro deployed to the Western Pacific Ocean to strengthen alliances and partnerships and improve maritime governance and security in the region. (Photo courtesy of Japan Coast Guard)

The Whitehouse has issued a new Indo-Pacific Strategy, and it specifically mentions the US Coast Guard.

The document calls out China for its aggressive behavior,

This intensifying American focus is due in part to the fact that the Indo-Pacific faces mounting challenges, particularly from the PRC. The PRC is combining its economic, diplomatic, military, and technological might as it pursues a sphere of influence in the Indo-Pacific and seeks to become the world’s most influential power. The PRC’s coercion and aggression spans the globe, but it is most acute in the Indo-Pacific. From the economic coercion of Australia to the conflict along the Line of Actual Control with India to the growing pressure on Taiwan and bullying of neighbors in the East and South China Seas, our allies and partners in the region bear much of the cost of the PRC’s harmful behavior. In the process, the PRC is also undermining human rights and international law, including freedom of navigation, as well as other principles that have brought stability and prosperity to the Indo-Pacific.

It recognizes the value and values of our allies and partners,

For centuries, the United States and much of the world have viewed Asia too narrowly—as an arena of geopolitical competition. Today, Indo-Pacific nations are helping to define the very nature of the international order, and U.S. allies and partners around the world have a stake in its outcomes. Our approach, therefore, draws from and aligns with those of our closest friends. Like Japan, we believe that a successful Indo-Pacific vision must advance freedom and openness and offer “autonomy and options.” We support a strong India as a partner in this positive regional vision. Like Australia, we seek to maintain stability and reject coercive exercises of power. Like the ROK, we aim to promote regional security through capacity-building. Like ASEAN, we see Southeast Asia as central to the regional architecture. Like New Zealand and the United Kingdom, we seek to build resilience in the regional rules-based order. Like France, we recognize the strategic value of an increasing regional role for the European Union (EU). Much like the approach the EU has announced in its Strategy for Cooperation in the Indo-Pacific, American strategy will be principled, long-term, and anchored in democratic resilience.

It calls for action in five areas:

  1. ADVANCE A FREE AND OPEN INDO-PACIFIC
  2. BUILD CONNECTIONS WITHIN AND BEYOND THE REGION
  3. DRIVE REGIONAL PROSPERITY
  4. BOLSTER INDO-PACIFIC SECURITY
  5. BUILD REGIONAL RESILIENCE TO TRANSNATIONAL THREATS

There is mention of the Coast Guard is in the section “BOLSTER INDO-PACIFIC SECURITY” on page 13.

We will also innovate to meet civilian security challenges, expanding U.S. Coast Guard presence, training, and advising to bolster our partners’ capabilities. We will cooperate to address and prevent terrorism and violent extremism, including by identifying and monitoring foreign fighters traveling to the region, formulating options to mitigate online radicalization, and encouraging counterterrorism cooperation within the Indo-Pacific. And we will strengthen collective regional capabilities to prepare for and respond to environmental and natural disasters; natural, accidental, or deliberate biological threats; and the trafficking of weapons, drugs, and people. We will improve cybersecurity in the region, including the ability of our partners to protect against, recover from, and respond to cybersecurity incidents.

Coast Guard roles presumably extend beyond interdiction and fisheries to include assistance with intelligence, port security, and maritime industry cybersecurity.

The strategy refers to ten lines of effort that are to be pursued in the next 12 to 24 months. The first is “Drive New Resources to the Indo-Pacific” (p.15),

Building shared capacity requires the United States to make new regional investments. We will open new embassies and consulates, particularly in Southeast Asia and the Pacific Islands, and increase our strength in existing ones, intensifying our climate, health, security, and development work. We will expand U.S. Coast Guard presence and cooperation in Southeast and South Asia and the Pacific Islands, with a focus on advising, training, deployment, and capacity-building. We will refocus security assistance on the Indo-Pacific, including to build maritime capacity and maritime-domain awareness.

Sounds like this may include Coast Guard attachés attached to diplomatic staffs and possibly some new basing.

There is a second line of effort that will undoubtably involve the Coast Guard, “Partner to Build Resilience in the Pacific Islands” (p.17),

The United States will work with partners to establish a multilateral strategic grouping that supports Pacific Island countries as they build their capacity and resilience as secure, independent actors. Together, we will build climate resilience through the Pacific Region Infrastructure Facility; coordinate to meet the Pacific’s infrastructure gaps, especially on information and communications technology; facilitate transportation; and cooperate to improve maritime security to safeguard fisheries, build maritime-domain awareness, and improve training and advising. We will also prioritize finalization of the Compact of Free Association agreements with the Freely Associated States.

A Maritime Executive post, New U.S. Indo-Pacific Strategy Singles Out China’s “Coercion”, notes,

In the security arena, the new strategy reiterates that the United States has maintained “a strong and consistent defence presence necessary to support regional peace, security, stability, and prosperity”, pointing to the South China Sea and the East China Sea as a priority. However, it is interesting that while the document underscores the importance of freedom of navigation in the Indo-Pacific, not a single paragraph mentions the US Freedom of Navigation Operations Program (FONOPS) carried out by the US Navy, which has stirred controversy. Conversely, the strategy emphasises the importance of the Coast Guard to lead maritime security cooperation in the region, in “advising, training, deployment, and capacity-building … including to build maritime capacity and maritime-domain awareness”. Indeed, in 2021, the US Coast Guard announced a joint maritime training centre with the Indonesian Coast Guard in Batam.

The emphasis on coast guard cooperation can be seen as a positive gesture since it will be less provocative and sensitive compared to a military presence in the region. And more importantly, coast guard operations in Southeast Asia are very much required to tackle maritime security threats such as illegal fishing.

Thanks to Paul for bringing this to my attention. 

At CGA, 20 Jan., General Paul M. Nakasone, USA Commander, US Cyber Command, Director, NSA/Chief, Central Security Service

Posted on by
Reply

The US Naval Institute has announced a special event to be held at the US Coast Guard Academy on 20 January.

General Paul M. Nakasone, U.S. Army, Commander, U.S. Cyber Command and Director, National Security Agency/Chief, Central Security Service will be the featured speaker at an annual event hosted by the Naval Institute and the Loy Institute for Leadership at the U.S. Coast Guard Academy on Thursday, 20 January, in New London, CT. Admiral Charles W. Ray, U.S. Coast Guard (Retired),former Vice Commandant and current Tyler Chair in Leadership Studies at the U.S. Coast Guard Academy, will lead this engaging discussion with General Nakasone on all things cyber. This special event is made possible through support from the William M. Wood Foundation.

The link in the quote above notes:

Please contact conferences@usni.org with questions about this event.

“PORT CYBERSECURITY: INCORPORATING THE IAPH’S NEW GUIDELINES INTO THE ISPS CODE” –CIMSEC

Posted on by
1

A team from the U.S. Coast Guard Academy participated in the National Security Agency’s 20th annual National Cyber Exercise (NCX), a three-day cyber competition that tests the offensive and defensive cybersecurity skills virtually, April 8-10, 2021. The Coast Guard Academy recently instituted a Cyber Systems degree to meet the needs of the services cyber security strategy of defending cyber space, enabling operations, and protecting infrastructure. (U.S. Coast Guard photo by Petty Officer 2nd Class Hunter Medley)

I can’t even spell cyber, but it is obviously important. This post is about a different kind of Port Security, and it is written by a serving Coast Guard officer, “Commander Michael C. Petta, USCG, is the Deputy Chair, the Director for Maritime Operations, and a professor of international law at the Stockton Center for International Law at the U.S. Naval War College.”

I found this statement particularly interesting,

Within the past few weeks, subversive actors backed by a foreign nation, according to the testimony of the Director of the U.S. Cybersecurity and Infrastructure Agency, breached servers and planted malicious code at a port facility in Houston, Texas.

“The Coast Guard and American Maritime: A Vital Post-9/11 Partnership” –Seapower

Posted on by
Reply

NEW YORK, New York (Sept. 11)–A Coast Guard rescue team from Sandy Hook, NJ, races to the scene of the World Trade Center terrorist attack. USCG photo by PA2 Tom Sperduto

Seapower brings us a short post from Former Commandant James Loy and president and CEO of The American Waterways Operators, Jennifer Carpenter.

It is a reminder of the response to 9/11, a different justification for the Jones Act, and a warning about the potential of cyber attack.

“The Value of an Extra C – The New C5ISC” –MyCG

Posted on by
2

An old Deepwater Concept illustration, but you get the idea

Passing this along, because it looks like an important reorganization. It appeared on the MyCG website that I recently added to the “Recommended Blogs” list. This seems to be putting a greater emphasis on cyber. The “Brochure” linked at the bottom of the story gives a nice breakdown of the organization and responsibilities.

The Value of an Extra C – The New C5ISC

By Shana Brouder, MyCG Writer

Oct. 7, 2020 —

The Coast Guard has completed the single largest organizational restructuring of a unit in the past decade. In June, the Command, Control, Communications, Computers, Cyber, and Intelligence Service Center (C5ISC) was established. It replaced its counterpart, the Command, Control, Communications, Computers, and Information Technology Service Center (C4ITSC) as well as assimilated the three centers of excellence: the Command, Control, and Communications Engineering Center (C3CEN), Telecommunication and Information Systems Command (TISCOM), and the Operations Systems Center (OSC).

The reorganization encompasses over 800 military and civilian personnel. The alignment promises to improve the Coast Guard’s ability to deliver technology solutions at the “speed of need” for mission success. The functional structure of this new unit will underpin and enable the Coast Guard’s Technology Revolution’s five lines of effort: Cutter Connectivity; Modernizing C5I Infrastructure; Cyber Readiness; Software, Mobility and Cloud; and Data for Decisions.

“The commissioning of the new C5I Service Center represents the culmination of over six years of effort from personnel across the Coast Guard to transform the C4ITSC into an organization that will more effectively and efficiently deliver technology solutions for mission success,” explained Capt. Russell Dash, the new C5ISC commander. “Our new structure supports the Coast Guard directly through our six Product Lines, which serve as the focal point and center of gravity for our service delivery. Our robust Shared Service Divisions are designed to make our Product Line Managers successful by providing consistent, standard support including business operations, engineering and infrastructure services, workforce and facilities management, budget and finance, and asset and logistics services. The new organization is now poised to make the Commandant’s Tech Revolution a reality and deliver C5I mission support at the speed of need.”

By standardizing processes and creating intentional mission alignment with other Coast Guard units who also work in the informational technology space (e.g. Surface Forces Logistics Center [SFLC], Aviation Logistics Center [ALC], Shore Infrastructure Logistics Center [SILC], Health, Safety and Work-Life Service Center [HSWL], and Coast Guard Cyber Command [CGCYBER]), the new C5ISC structure enables faster, more nimble responses to technology-related problems.

This fundamental shift in how the Coast Guard delivers C5I capabilities, unifies efforts under a single leadership structure and follows industry-proven standard processes, which will drive efficiency and consistency in every action moving forward.

The few months since the C5I Service Center’s establishment have already reaped successes. For example, the Fleet Logistics System Mobile Asset Manager (FLS-MAM), the supply management tool used by cutter maintenance and supply personnel, was rewritten to ensure this vital program would stay safe and secure from outside threats, such as spyware or other malicious software. Another example includes the delivery of essential satellite communications equipment to the medium endurance Coast Guard Cutter Bear. Members of the C5ISC worked with other offices to provide the Bear, the important backup Military Satellite Communications (MILSATCOM) system it needed to deploy on-time, despite tight time constraints.

Additionally, the C5ISC shared services divisions and product lines partnered with cyber operations and the Eighth District to provide a unified C5I response, which supported contingency operations for Hurricanes Isaias, Laura, Sally, and Tropical Storm Beta.

The C5ISC workforce has been aggressively working to improve the Coast Guard’s information technology infrastructure. More specifically, they have been working to identify the constraints within our external network connections that impact our capacity in the information technology arena and overall cyber resiliency. This became even more apparent during the COVID-19 pandemic and the subsequent increase the Coast Guard workforce’s teleworking. This dramatic increase in using the Coast Guard’s external network highlighted gaps that the C5ISC is now better placed to resolve, thanks to a more streamlined and cohesive set up. Through various partnerships, including Cyber and the Defense Information Systems Agency (DISA), the C5ISC has made significant headway improving the Coast Guard’s ability to meet missions and strategic goals as outlined in the Technology Revolution Roadmap.

If you have access to the Portal, more information on the C5I Service Center can be found here.

Resources:

“MTR100: #2 Admiral Karl Schultz, Commandant, USCG” –Marine Technology Reporter

Posted on by
Reply

Coast Guard Commandant Adm. Karl Schultz visits with Coast Guard crews stationed in New York City. U.S. Coast Guard photo illustration by Petty Officer 1st Class Jetta Disco.

The Marine Technology Reporter has a short article about Admiral Schultz, largely based on an interview. It is primarily concerned with the Coast Guard’s relationship to the larger Maritime Industry and Infrastructure.

Keeping the commercial maritime waterways humming means business for the subsea community, and a quick ‘by the numbers’ look at the U.S. maritime industry is enlightening and puts the Commandant’s mission in perspective: 95,000 miles of shoreline, 25,000 miles of navigable channels, 361 ports, 50,000 federal aids to navigation, cumulatively support more than 30 million jobs and $5.4 trillion in economic activity.

The Commandant also discussed the cyber threat and what the Coast Guard is doing about it.

“Think about automated ships and facilities. With those automated ships and facilities comes risk, technical and cyber risk. With all of the technology comes increased vulnerability. We’re building out our cyber capability at the Coast Guard. I have about 300 positions today on cyber at the Coast Guard, and the 2020 budget has about another 60 bodies as we have to defend Coast Guard networks from attack and we have to bring a cyber regulatory face to the waterfront. We need to build our own technical experts in this area” and to that end there is a new cyber major at the Coast Guard Academy, with the class of 2022 being the first with graduates with a cyber degree.

Thanks to Lee for bringing this to my attention. 

U.S. Coast Guard: Priorities for the Future–CSIS/USNI

Posted on by
Reply

The video above records an recent event, a “Maritime Security dialogue” presented by the Center for Strategic and International Studies (CSIS) and the United States Naval Institute (USNI) featuring Admiral Paul F. Zukunft, Commandant of the U.S. Coast Guard, for a discussion on the “U.S. Coast Guard’s future priorities.”

Despite the title, don’t expect a recitation of Coast Guard priorities. Most of the material is familiar, but there were a few interesting comments, including some that might be surprising. A number of things the Commandant said here made news.

  • That the NSCs could be made into frigates.
  • That the Polar Icebreaker would cost less than $1B
  • His support of transgender CG personnel.

I’ll give a quick outline of what was talked about. At the end I will rant a bit about some of my pet peeves.

The Commandant’s prepared statement is relatively short beginning at time 2m45s and ending about 11m.

6m00 In our listing of missions, the Commandant said Defense Operations should be listed first. He noted that there are 20 ships chopped to Combatant Commanders including eleven  ships operating under SOUTHCOM.

Q&A begins at 11:00.

16m20s The Commandant noted there is a Chinese ship rider on a USCG cutter off Japan and that Coast Guard aircraft are flying out of Japan.

17m30s Boarder protection/drug interdiction

20m Called the OPCs “light frigates”

22m As for priorities the Commandant noted a need to invest in ISR and Cyber

23m Cyber threat.

24m Expect return to sea duty because of length of training.

26m30s “Demise of the cutterman”/Human Capital Plan–fewer moves–removed the stigma of geographic stability

29m25s Highest percentage of retention of all services–40% of enlisted and 50% of officers will still be in the service after 20 years

30m Law of the Sea. Extended continental shelf in the Arctic.

32m30s Need for presence in the Arctic.

36m ISR, 38m15s Firescout. An interesting side note was that the Commandant seemed to quash any possibility of using the MQ-8 Firescout. He noted when they deployed on a cutter 20 people came with the system.  He called it unoccupied but not unmanned.

40m Icebreakers

43m30s Comments on transgender members

45m15s Icebreakers–will drive the price down below $1B.

47m NSC as frigate–no conversations with the Navy about this. Performance of Hamilton.

49m50s Count the NSCs toward the 355 ship Navy.

50m30s Illegal migration and virulent infectious disease

53m35s CG training teams in the Philippines and Vietnam to provide competency to operate platforms to be provided by Japan. Two patrol boats going to Costa Rica. Other efforts to build capacity.

56m DHS is the right place for the CG.

The Commandant touched on a couple of my pet peeves, specifically

  • He called the OPCs “Light Frigates,” so why aren’t they designated that way? WMSM and WMSL are just wrong in too many ways.  Give our ships a designation our partners and politicians can understand. A WLB is a cutter and also a buoy tender. The OPC can be both a cutter and a light frigate. I have suggested WPF. Maybe WFF for the Bertholfs and WFL for the Offshore Patrol Cutters. If we want to be thought of as a military service, we need to start using designations that will be seen and understood as military.
  • He mentioned the possibility of including the Bertholfs in the 355 ship fleet total. Coast Guard combatants should be included when the country counts its fleet. No, the cutters are not aircraft carriers or destroyers, but the current fleet of about 275 ships includes about 70 ships that have no weapons larger than a .50 cal. These include eleven MCM ships and about 60 ships manned by civilian crews such as tugs, high speed transports, salvage ships, underway replenishment ships, and surveillance ships. Counting the Cutters as part of the National Fleet would raise  our profile as a military service. The Navy might not like it, but it does give a better idea of our actually available assets for wartime, which is the point of such a listing.