Cybersecurity

Are our ports protected from cyber pirates?

Shutterstock image (by Sarah Marchant): Jolly Roger, pirate flag.

(Sarah Marchant / Shutterstock)

When Edward Teach blockaded Charleston, South Carolina, in 1718, he had an easy go of it as the port lacked guard ships – but word spread among colonial governors, and the pirate known as Blackbeard would be hunted down and killed within the year.

Today, cyber pirates have the potential to take control of ships' navigations systems, industrial control  systems at ports, or steal financial information from shipping firms. And while there are guard ships on watch, technically speaking, they may never find out what pirates are up to.

The Coast Guard, unsurprisingly, would like to fix that.

Since 2002, the Coast Guard has been tasked with addressing cyber threats to American ports. "We don't view this as a new mission, said RADM Paul Thomas, the Coast Guard's Assistant Commandant for Prevention Policy, at an Oct. 8 hearing of the Subcommittee on Border and Maritime Security of the House Homeland Security Committee. "We view this as a natural extension of our mission."

The Coast Guard is "perfectly positioned" to handle port cybersecurity, agreed Randy Parsons, who heads security at the Port of Long Beach in California.

Port pros are sharing information, but there isn't a formal platform for ports to share specific threats among one another

Jonathan Sawicki, who leads security at the Texas ports of Brownsville and Harlingen, said that reporting transportation security incidents to the Coast Guard currently is kind of a muddle.

"We have not reported any cybersecurity incidents because we have not had any that are significant enough to report," Sawicki told the subcommittee. Most reporting criteria are based on physical breaches instead of cyber-specific threats.

Loss of access control, cargo control or perimeter control are all reportable cyber issues, Thomas noted, while a cyber breach of a port's financial information isn't.

“The confusion comes because cyber touches all aspects of a port['s operations],” he noted. “It's very confusing to figure out which type of incident gets reported.”

What's next?

In the interest of furthering its cyber expertise, Thomas said the Coast Guard has a permanent presence in the Homeland Security Department's National Cybersecurity and Communications Integration Center.

But he also said he wouldn't rush to impose "hard" cyber standards on ports until other, related industries develop standards, since the infrastructure systems (rail, trucking, etc.) are so interrelated.

In these early stages of laying out concerns, building information sharing networks and establishing the rules of the road, Thomas said, the Coast Guard doesn't really need additional funding for cyber. But funding needs will grow in the compliance stage of the game.

The Coast Guard should look to break down barriers to info sharing, develop a secure mechanism for companies to share threat information with the government and perhaps anonymize information shared, so shipping companies don't suffer reputational damage when they disclose breaches, said Gregory Wilshusen, Information Security Issues Director at the Government Accountability Office.While praising voluntary info sharing and risk-based assessments, Long Beach's Parsons also noted issues, such as a lack of backup systems, plaguing national ports.

"I think there's gotta be some regulation," he said. "Left to our own devices, we don't seem to have done very well."

About the Author

Zach Noble is a former FCW staff writer.

Featured

  • Comment
    Pilot Class. The author and Barbie Flowers are first row third and second from right, respectively.

    How VA is disrupting tech delivery

    A former Digital Service specialist at the Department of Veterans Affairs explains efforts to transition government from a legacy "project" approach to a more user-centered "product" method.

  • Cloud
    cloud migration

    DHS cloud push comes with complications

    A pressing data center closure schedule and an ensuing scramble to move applications means that some Homeland Security components might need more than one hop to get to the cloud.

  • Comment
    Blue Signage and logo of the U.S. Department of Veterans Affairs

    Doing digital differently at VA

    The Department of Veterans Affairs CIO explains why digital transformation is not optional.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.