United States Coast Guard Cyber Strategy NMSAC September 2015 LCDR Josh Rose

Agenda Threat Actors Policies, Directives, and Mandates Coast Guard Cyber Strategy Three Strategic Priorities Ensuring Long-Term Success Future Actions Research Opportunities I’m pleased to be here today to talk about the Coast Guard and our soon to be published Cyber Strategy. Our agenda includes discussion of the evolving threat, a brief look at policies, directives and mandates that have informed our strategy, the current draft Coast Guard Cyber Strategy, Future Actions, and Possible Research Opportunities.

Threat Actors Criminal Nation-states Insiders Self-inflicted Hacktivists Criminal Insiders These growing threats also pose significant risk to our Nation’s Maritime Transportation System.

Presidential / National Executive Branch Policy and Directives Presidential / National Policy DHS Policies / Directives DOD Policies / Directives There are several Policies, Directives, and Mandates, that you may be familiar with that have informed our upcoming Cyber Strategy. I’m here to today to talk to you about our draft Cyber Strategy, represented by this “in progress” yellow arrow. To fully ensure the Coast Guard is able to perform our essential missions in the 21st Century, we must fully embrace Cyberspace as an Operational Domain. To this end, the Coast Guard will focus on three specific strategic priorities in the cyber domain over the next ten years. CG Policies / Directives In Progress NVIC

Cyber Strategy Three Strategic Priorities 1. Defending Cyberspace 2. Enabling Operations 1. Defending Cyberspace, 2. Enabling Operations, and 3. Protecting Infrastructure [These are our draft priorities, there is a possibilities the titles might change, however the meaning will remain fairly consistent] The Coast Guard is committed to ensuring the safety, security, and stewardship of our Nation’s waters. This commitment requires a comprehensive cyber strategy that provides a clear framework for our overall mission success. Protecting Infrastructure has two Goals: Risk Assessment – Promote Cyber Risk Awareness and Management and 2. Prevention – Reduce Cybersecurity Vulnerabilities in the MTS. 3. Protecting Infrastructure

3. Protecting Infrastructure Goal 1. Risk Assessment – Promote Cyber Risk Awareness and Management 1. Defending Cyberspace 2. Enabling Operations 3. Protecting Infrastructure Maritime critical infrastructure and the MTS is vital to our economy, national security, and national defense. The MTS includes ocean carriers, coastwise shipping along our shores, the Western Rivers and Great Lakes, and the Nations Ports and Terminals. As the Maritime Transportation Sector Specific Agency (SSA), the Coast Guard is responsible for protecting all maritime critical infrastructure from attacks, accidents, and disasters. Risk Management is very much part of this priority, and includes the improvement of risk assessment tools and methodologies. Information sharing and partnerships is also key. The Coast Guard must lead the effort to protect our maritime critical infrastructure from a broadening array of cyber threats to our national security and economic prosperity. 2 Objectives: Improve Port-Wide Cybersecurity Risk Assessment Tools and Methodologies and Improve Cybersecurity Information Sharing

3. Protecting Infrastructure Goal 2. Prevention – Reduce Cybersecurity Vulnerabilities in the MTS. 1. Defending Cyberspace 2. Enabling Operations 3. Protecting Infrastructure Maritime critical infrastructure and the MTS is vital to our economy, national security, and national defense. The MTS includes ocean carriers, coastwise shipping along our shores, the Western Rivers and Great Lakes, and the Nations Ports and Terminals. As the Maritime Transportation Sector Specific Agency (SSA), the Coast Guard is responsible for protecting all maritime critical infrastructure from attacks, accidents, and disasters. Objective 1. Reduce Cyber Vulnerability for Vessels and FacilitiesThe Coast Guard will identify and incorporate appropriate standards to reduce the vulnerability of cyberdependent systems to attack, exploitation, failure, or misuse that could cause or contribute to a Transportation Security Incident,* or other adverse impacts subject to Coast Guard authority. Objective 2. Incorporate Cybersecurity into Training and Education Requirements: Educated crewmembers, facility workers, and the Coast Guard personnel who operate alongside them, are vital to reducing the vulnerability of cyber systems within the MTS. The Coast Guard will ensure that mariners and facility personnel who operate vital cyber systems are properly trained to use the systems safely, understand the risks, and can detect anomalous activities.

Ensuring Long-Term Success Seven Cross-Cutting Factors Recognize Cyberspace as an Operational Domain Develop Operational Cyber Guidance/Define Mission Space Leverage Partnerships Communicate in Real-Time Organize for Success Build a Cyber Workforce Invest in the Future We also identified seven cross-cutting enabling factors to ensure operational success. [Photo: The photograph is an image of an Interagency Operations Center that brings together federal, state, local, international, public and private stakeholders in a multi-agency cooperative environment.]

Task Statement Work with the maritime industry, Area Maritime Security Committees, DHS, and other stakeholders, evaluating the feasibility of establishing an Information Sharing and Analysis Center (ISAC) to share cybersecurity related information with the maritime industry. Additionally, there are a number of future decision-making actions, and some logistics, as listed on this slide.

Questions and Comments [Photo: New York CGC Campbell - leads parade during Fleetweek 2010]

Backup Slides

1. Defending Cyberspace Goal 1. Identify and Harden Systems and Networks 1. Defending Cyberspace 2. Enabling Operations 3. Protecting Infrastructure Secure and resilient Coast Guard IT systems and networks are essential for mission success. The Coast Guard must serve as a model agency in protecting information infrastructure and building a more resilient Coast Guard network. Critical Coast Guard systems are under constant threat from both foreign and domestic actors intent on stealing data or disrupting networks and systems. We must reduce the risk we face from malicious cyber activity by improving our situational awareness of network operations, and appropriately hardening our systems against cyber threat.

1. Defending Cyberspace Goal 2. Understand and Counter Cyber Threats 2. Enabling Operations 3. Protecting Infrastructure Defensive cyberspace operations must be informed by timely intelligence and threat indicators, and by vulnerability information. Cyber defensive actions are prioritized and focused through on-time, and on-target intelligence. Partnering with DOD, DHS, and Academia to ensure cross-cutting training and education that stays informed of new technological developments. The Coast Guard must make the best possible use of scarce resources by leveraging partnerships and joint capabilities wherever possible and conducting risk assessments to prioritize internal security measures and hardening efforts where they are necessary. Photo 1 [ IT2 Sundeen instructs IT3 Stubblefield on the destruction of hard drives and other forms of media] Photo 2 [IT1 Waldrop doing network security]

1. Defending Cyberspace Goal 3. Increase Operational Resilience 2. Enabling Operations 3. Protecting Infrastructure Operational resilience requires that our information resources are trustworthy; operational commanders are prepared for degradation or loss of information resources; and network operators and defenders have the means to prevail in the face of adverse events. Managing risk is an important objective of this priority. [Photo 1] IT3 Bagwell removing privileges and access for a departing employee. [Photo 3] ITC Bettencourt applies best management security practices and develops his team of information technology specialists to meet the demands of today and of the future.

2. Enabling Operations 1. Defending Cyberspace Goal 1. Incorporate Cyberspace Operations into Mission Planning and Execution 2. Enabling Operations 3. Defending Cyberspace To operate effectively within the cyber domain, the Coast Guard must develop and fully leverage a diverse set of cyber capabilities and authorities. Cyberspace operations, inside and outside Coast Guard information and communications networks and systems, can help detect, deter, disable and defeat adversaries. Robust intelligence, law enforcement, maritime, and military cyber programs are essential to understanding and managing threats to our cyberspace, while enhancing the effectiveness of Coast Guard operations and deterring, preventing, and responding to malicious activity targeting critical maritime infrastructure. Coast Guard leaders must recognize that cyber capabilities are critical enablers of success across all missions, and ensure that these capabilities are leveraged by commanders and decision-makers at all levels. Cyber awareness must be integrated into our activities, as well as with our partners in a seamless, efficient and effective manner. Cyber capabilities must be a fundamental consideration in our policy, plans, and strategy.

2. Enabling Operations Goal 2. Deliver Cyber Capabilities to Enhance All Missions 1. Defending Cyberspace 2. Enabling Operations 3. Defending Cyberspace Coast Guard operators must understand the fundamentals of cybersecurity and cyberspace operations. This is critical to enhancing the Coast Guard’s ability to guard against cyber adversaries, counter – and when appropriate, defeat – those adversaries in cyberspace, and support the cybersecurity of the Maritime Transportation Sector. Cyber education and training must be a major component of our core workforce skills and competencies. The Coast Guard needs to build a force of cyberspace operations specialists capable of ensuring freedom of action in this complicated operational domain.