Complex, interconnected industries like the Marine Transportation System are particularly susceptible to the potentially devastating effects of a cyber attack. The U.S. Coast Guard manages and mitigates risk in the maritime environment everyday along the nation’s coastline and around the globe.
When the Colonial Pipeline was compromised by a ransomware attack, Capt. Zeita Merchant and her team at Sector New York initiated a coordinated emergency response to assess possible impacts to the Port of New York and New Jersey. Working with a network of federal and local authorities, Sector New York personnel aimed to mitigate any potential that the pipeline attack could spread to other port infrastructure and operations.
As the backbone of the United States’ economy, the Marine Transportation System (MTS) is a prime target for malicious cyber actors who wish to disrupt our supply chain. As evident by the Colonial Pipeline incident even a brief interruption can cause shortages of critical goods or impact the ability to surge military forces in times of crisis.
“Cyber threats are changing prevention and response missions drastically in the MTS, where a disruption can have devastating impacts to the supply chain,” Merchant said. “Our primary goal is to live out the Semper Paratus motto no matter what unexpected events occur.”
As the service best known for protecting the nation’s waterways through operational missions – such as search and rescue (SAR), drug interdiction, and aids to navigation (ATON) – the Coast Guard’s always-ready posture also rests squarely on its cyber capabilities: detection, safeguarding, and threat mitigation.
“Cyber threats will soon outpace the physical threats we manage on a daily basis,” explained Capt. Merchant. “Cyber attacks, like the one targeting the Colonial Pipeline, have far-reaching impacts, and our collaborative approach to cyber readiness relies on MTS field experts, quick inter-agency collaboration, and deployable resources that deliver a strong and effective response,.” Merchant explained.
For the Coast Guard, that response includes the Cyber Protection Teams (CPT), who runs point on prevention and response against bad actors and adversaries in cyberspace. The CPT are responsible for clearing systems and networks, hardening defenses, assisting in implementing best practices, and assessing vulnerabilities and readiness. Prior to the Colonial Pipeline incident, an early deployment to the Sector New York area of responsibility showcased the value of this capability. When the CPT responded to a large container ship with suspected malware on their shipboard network, the team played a critical role to acquire further details about the event, and provided the Captain of the Port with recommendations for response. The CPT was able to determine that the ship was not a threat, minimizing disruptions to the supply chain while ensuring the security of the port’s networks. As a group also aimed at preventing incidents before they occur, the teams have been invited by port partners to assess recent enhancements made to port cybersecurity systems.
In tandem with recently resourced MTS Cyber Subject Matter Experts at Sector field units and CGCYBER’s Maritime Cyber Readiness Branch, the CPTs provide an invaluable deployable capability to both respond to cyber incidents and helps MTS stakeholders recognize the value of reporting cyber attacks and acting on lessons learned. “The CPT is the epitome of embodying the Commandant’s guiding principle of ready, relevant, and responsive; that’s exactly what they doing for cyber.” Merchant said.
To read the Coast Guard Cyber Strategic Outlook visit here.