Why the Coast Guard treats cybersecurity like hazardous cargo

The Coast Guard is looking to manage cybersecurity risk in much the same way it handles physical danger, according to U.S. Coast Guard Cyber Commander Rear Adm. Kevin Lunday. In 2016, the service merged cybersecurity into its safety plans and issued guidelines with industry on the maritime bulk liquid transfer of hazardous cargo, regarding the control systems involved with those transfers.

Speaking at an Oct. 18 conference hosted by CyberScoop, Lunday said there must be a basic culture of compliance to promote safety.

"People not technology are the most important element when we talk about cybersecurity. Often times the individual user will either be the strongest or the weakest link," he said.

Lunday said building and reinforcing that culture is a "critical element" to a successful cybersecurity strategy. The key is to treat a cyberattack as if it were a physical threat.

"If you have a significant cyber event, there will be physical consequences where you need to be managing the potential risks across a range of threats and hazards," Lunday said. "We sought to manage that risk in the same manner we would with any physical hazard of accident through that safety system," Lunday said.

Challenges persist, however. Lunday said the Coast Guard's biggest barrier is using information strategically.

"One of our challenges continues to be how to treat information as a strategic asset of the organization," he said.