Cybersecurity

Are our ports protected from cyber pirates?

Shutterstock image (by Sarah Marchant): Jolly Roger, pirate flag.

(Sarah Marchant / Shutterstock)

When Edward Teach blockaded Charleston, South Carolina, in 1718, he had an easy go of it as the port lacked guard ships – but word spread among colonial governors, and the pirate known as Blackbeard would be hunted down and killed within the year.

Today, cyber pirates have the potential to take control of ships' navigations systems, industrial control  systems at ports, or steal financial information from shipping firms. And while there are guard ships on watch, technically speaking, they may never find out what pirates are up to.

The Coast Guard, unsurprisingly, would like to fix that.

Since 2002, the Coast Guard has been tasked with addressing cyber threats to American ports. "We don't view this as a new mission, said RADM Paul Thomas, the Coast Guard's Assistant Commandant for Prevention Policy, at an Oct. 8 hearing of the Subcommittee on Border and Maritime Security of the House Homeland Security Committee. "We view this as a natural extension of our mission."

The Coast Guard is "perfectly positioned" to handle port cybersecurity, agreed Randy Parsons, who heads security at the Port of Long Beach in California.

Port pros are sharing information, but there isn't a formal platform for ports to share specific threats among one another

Jonathan Sawicki, who leads security at the Texas ports of Brownsville and Harlingen, said that reporting transportation security incidents to the Coast Guard currently is kind of a muddle.

"We have not reported any cybersecurity incidents because we have not had any that are significant enough to report," Sawicki told the subcommittee. Most reporting criteria are based on physical breaches instead of cyber-specific threats.

Loss of access control, cargo control or perimeter control are all reportable cyber issues, Thomas noted, while a cyber breach of a port's financial information isn't.

“The confusion comes because cyber touches all aspects of a port['s operations],” he noted. “It's very confusing to figure out which type of incident gets reported.”

What's next?

In the interest of furthering its cyber expertise, Thomas said the Coast Guard has a permanent presence in the Homeland Security Department's National Cybersecurity and Communications Integration Center.

But he also said he wouldn't rush to impose "hard" cyber standards on ports until other, related industries develop standards, since the infrastructure systems (rail, trucking, etc.) are so interrelated.

In these early stages of laying out concerns, building information sharing networks and establishing the rules of the road, Thomas said, the Coast Guard doesn't really need additional funding for cyber. But funding needs will grow in the compliance stage of the game.

The Coast Guard should look to break down barriers to info sharing, develop a secure mechanism for companies to share threat information with the government and perhaps anonymize information shared, so shipping companies don't suffer reputational damage when they disclose breaches, said Gregory Wilshusen, Information Security Issues Director at the Government Accountability Office.While praising voluntary info sharing and risk-based assessments, Long Beach's Parsons also noted issues, such as a lack of backup systems, plaguing national ports.

"I think there's gotta be some regulation," he said. "Left to our own devices, we don't seem to have done very well."

About the Author

Zach Noble is a former FCW staff writer.

Featured

  • People
    Federal CIO Suzette Kent

    Federal CIO Kent to exit in July

    During her tenure, Suzette Kent pushed on policies including Trusted Internet Connection, identity management and the creation of the Chief Data Officers Council

  • Defense
    Essye Miller, Director at Defense Information Management, speaks during the Breaking the Gender Barrier panel at the Air Space, Cyber Conference in National Harbor, Md., Sept. 19, 2017. (U.S. Air Force photo/Staff Sgt. Chad Trujillo)

    Essye Miller: The exit interview

    Essye Miller, DOD's outgoing principal deputy CIO, talks about COVID, the state of the tech workforce and the hard conversations DOD has to have to prepare personnel for the future.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.