Coast Guard Embarks on Cyber Offense
The service blends its traditional maritime roles with expanded digital strengths to thwart adversaries.
As the 231-year-old U.S. Coast Guard guards the nation’s waterways and ports, more and more it is finding the need to increase its capabilities in the cyber domain, given the rising digital threats to the $5.4 trillion of waterway-based trade. This fall, the maritime service is adding new cyber offensive capabilities and is growing its existing cyber defense, reports Rear Adm. Michael Ryan, USCG, commander of the Coast Guard’s Cyber Command.
“We are going to focus our teams in support of protecting and defending the maritime transportation system,” says Adm. Ryan. “We’re going to really leverage those capabilities to protect that economic interest of the nation. It’s a huge economic engine for our nation, and the 30 million people that are employed in some connection to the maritime transportation system. That gives me a bullseye of focus for what Coast Guard Cyber is committed to.”
The maritime service’s first cyber offense team was billeted this summer, the commander notes. And the command is in the process of training those personnel for their cyber roles. “We are still growing into that offensive capability,” he says. “Our Cyber Mission Team, we are just starting that journey right now, [with] the people that have reported in.”
The Coast Guard Cyber Command is leaning on the other Defense Department offensive cyber-service components and the U.S. Cyber Command and its leader, Gen. Paul Nakasone, USA, as it stands up its cyber offense. “We’re looking to the other military services and their cyber components, taking tempo from U.S. Cyber Command and just envisioning how can we leverage those types of tactics. [It is about] how we operate in cyberspace with impact and effect. So, we’re going to continue to evolve in that space.”
Stood up in 2013, the service’s Cyber Command now has 500 personnel. It has especially found its footing the last several years, the admiral says. “The last couple of years have just been so tremendous in really forming our roots and having impact and connection across the service,” says the commander, who began his role two years ago. “So while we just celebrated our eighth anniversary, we really do look at probably from 2017 on, as the last four years have really been impactful in setting some strong foundations. And I’m very fortunate to have a third year leading the command, as there are so many exciting things happening.”
The new offensive cyber capabilities complement the command’s existing cyber defense. The Coast Guard Cyber Command has three defensive cyber protection teams (CPTs): the 1790 CPT, named for the year that the maritime service began; the 2013 CPT, named for the first year of the command; and a third, yet to be named team, which was requested as part of the Coast Guard’s fiscal year 2022 budget request.
Like the other services, the Coast Guard is responsible for defending its portion of the Department of Defense Information Network (DODIN)—a role carried out by the CPTs. “We live in that special space of the DODIN, and a lot of our capabilities are integrated into that broad, technology universe,” the admiral says. “And that means that we have a commitment to do our part to defend our portion. We can’t be the weak link that would allow an adversary to really jeopardize that capability the nation relies on. So, we are fully focused on that protective scheme. We have a battle watch that sits here on our [headquarters] campus that really is taking the pulse of our technology environment around the clock. We are fully connected to U.S. Cyber Command’s and Joint Force Headquarters DODIN’s direction.”
The Coast Guard Cyber Command helped inform the service’s latest Cyber Strategic Outlook, issued in August by the service’s commandant, Adm. Karl Schultz, USCG.
“Cyber attacks are one of the most significant risk propositions for our nation that has emerged since World War II,” Adm. Ryan states. “It is an area that we have to be fully dialed in on. And so, this strategic outlook helps to reinforce our commitment in that operational domain. Nation-state actors, those with malicious intent, and criminal organizations that really want to inflict harm on our country, we need as a Coast Guard to be prepared to defend against that and conceptually to impose costs and hold accountable those that are wielding their adverse actions against what we’re all about as a nation. [Our ability to impose costs] has improved over that time, and it will continue to get better.”
The policy sets the Coast Guard’s cyber goals and structure for the next several years and is an update of the service’s 2015 policy, he says. “When you look at the Strategic Outlook, it sends clear signals about what is important to the organization and where our value proposition is to the nation,” Adm. Ryan explains. “If you focus in on the marine transportation system, this is going to be the hallmark of where we are using cyberspace as an operational domain to support the maritime industry, the critical infrastructure sector in maritime and the Coast Guard’s objectives as a steward of the Department of Homeland Security.”
The service has to adroitly navigate its unique authorities under law enforcement, maritime security, search and rescue, intelligence, war and national defense, operating normally under the Department of Homeland Security but under the Department of Navy in times of war. The bolstered cyber capabilities that the service needs come at a time when the Coast Guard is facing a complex operating environment, both domestically and internationally.
Domestically, the command’s cyber defense and offense capabilities will be applied to protect U.S. ports, terminals and waterways. “That very real cyber threat on a daily basis has the potential to disrupt the lifeblood of our nation, that economic engine that keeps our store shelves stocked,” the commander suggests. “Ninety percent of the trade and commodities that our nation uses and exports come by maritime conveyance. The Coast Guard lives in that port community each and every day. It is why we are so dialed in, from the commandant’s commitment to the maritime transportation system to the field-level commanders that work alongside the port community who understand their challenges.”
The command’s Maritime Cyber Readiness Branch provides cyber support designed to fit the unique nature of the maritime transportation system. “Our team recognized that we would benefit from having members of the Coast Guard that truly understand how the industry operates in the maritime transportation system, what their concerns are,” Adm. Ryan states. “And so, we’ve staffed that Cyber Readiness Branch with people that have worked in that segment of the Coast Guard, who have been at the port level, dealing with the oil industry, the gas industry or other commodities, and container shipping companies. They know how the industry operates. What we really needed was somebody that could help with the translation of how you bring that operational focus and overlay the cyber environment so that you’re not missing [protection] opportunities.”
The admiral does see the U.S. port community progressing in its understanding of the potential risks from cyber attacks. “We’ve seen a number of notable attacks over the last 12 months, things that disrupt that tenuous equilibrium and have huge impacts and consequences,” he says. “And we are seeing the industry responding to those signals, whether it’s ransomware or just the disruption to their information technology environment. I think similarly it is a growing awareness into the operational technology arena, those industrial control systems that are making their machines work, that are ensuring that automation is effective because they’ve made those investments. They don’t have the people or maybe those manual processes to rely on. They are coming to grips with that new reality, and they’re looking to the Coast Guard for us to help them understand where are some of those threats emerging from.”
In addition, the Coast Guard Cyber Command is extending its reach as the service circumvents the globe and extends its operations in the Indo-Pacific region and the Arctic. “We are looking at the priorities that are coming out of the COCOMS [U.S. Combatant Commands], understanding how can the Coast Guard as a military service be supportive of those priorities and those intended outcomes,” the admiral clarifies. “We have deployed our national security cutters into the Indo-Pacific Command’s theater of operations. We need to be prepared to operate and interoperate with the other military services and contribute the special sauce that the Coast Guard brings into that equation as well. Cyberspace gives us another opportunity to do that. It is why we are using the blueprints and really the frameworks that Gen. Nakasone has established for operational forces in the cyber domain, the cyber protection team constructs and the cyber mission teams. That gives me the template to follow and then employ those forces to effect.”
And naturally, the command is providing cyber protections to the Coast Guard’s operations and assets—its cutters, ships, aircraft and other systems. “It is the [protection] of our Enterprise Mission Platform that is called for in our outlook,” Adm. Ryan clarifies. “It is that fabric of technology and the capabilities that we need to be able to operate and to be able to maneuver around the globe--the maritime communications, the assets, all of those things in an integrated fashion. And when we detect any type of mission degraders, we are ensuring that we’re taking swift action to restore full capability. It is a 24/7 focus ensuring that our operational forces, whether they are in the air, at sea or operating on land, that they can be effective. Coast Guard Cyber is providing overwatch.”
Within the command, the Cyber Intelligence Department provides the unique intelligence link to maritime operations, the cyber domain and the broader intelligence community (IC). “The operational planning functions for the Coast Guard always start with the intelligence picture,” the admiral emphasizes. “Do you understand what type of environment you’re going to be operating in, what do you know about the adversaries that you’re expecting to encounter, what outcomes do you want to achieve? The IC, and particularly my intelligence department at Cyber Command, they’re looking across that whole IC for the supporting insights that allow us to move into that arena. It is not just ‘what do you see in cyberspace,’ but what are those same trends in the physical domains. It is what do we know about our adversaries because of our interdictions at sea, or against transnational criminal organizations, or what do we understand about marine environmental pollution.”
For its technology needs, the Cyber Command depends on Rear Adm. David Dermanelian, USCG, the service’s assistant commandant for Command, Control, Communications, Computers and Information Technology (C4IT), who is implementing the Coast Guard’s technology revolution road map, its information technology modernization effort.
“The commandant [Adm. Schultz] has mapped out a technology revolution, and Dave’s function really is to bring new capability to our organization,” Adm. Ryan shares. “He does the hard work of ingesting that into our organization as soon as it is ready to be delivered. I’m looking forward to receiving those capabilities, whether it’s in making a more mobile workforce or shoring up our network infrastructure or really adapting and integrating the new technology that commercial sector is making available.”
Armed with updated technologies, cyber offense and broadened defenses, the Coast Guard Cyber Commander is optimistic about its operations. “We need the Coast Guard to be able to operate effectively in cyberspace in complement of everything else that we’ve done in the physical domains for generations, and our teams are up to the challenge,” he says. “In the cyberspace domain, it really is about if can you move swiftly enough, are you agile and can you maneuver your forces so that you can pace with the adversaries’ tempo. You have got to stay ahead. You don’t have the luxury of having a vessel that is going to travel hundreds of miles. In cyberspace, the threats are on your doorstep immediately. That’s why I think the cyberspace operational domain is really exciting. It’s dynamic, but you have to be on your game.”