Developing guidance for commercial vessels and port terminal operators on identifying cyber-attack risks is one of the objectives of the US Coast Guard’s cyber-security plan.
The agency’s Cyber Strategy, unveiled by USCG Commandant Paul Zukunft on 16 June, will guide the coastguard’s cyber efforts over the next decade.
“Cyber is a new risk factor, but it does not interrupt long-standing and successful regimes for dealing with prevention and response to incidents,” Zukunft said. “This isn’t about looking for new authorities or missions. We’re doing as we’ve done for 225 years. We’re applying our existing authorities and skills to meet demand in emerging domains.”
The plan outlines three priorities: defending cyberspace, enabling operations, and protecting infrastructure.
Managing risk was listed as the first objective of the cyberspace defence strategy. It called for the agency to “make the best possible use of scarce resources by conducting risk assessments that prioritise internal security measures where they are necessary, and continually evaluate best mitigation options in the context of effectiveness and cost”.
The coastguard said it will incorporate risk information into existing vessel and facility security assessments conducted by private industry and port authorities.
The plan also stipulates that the USCG will co-ordinate with the IMO to include cyber security into required training for vessel and facility security officers. It noted that the agency will work with the US Coast Guard Academy, merchant marine academies, and training programs to incorporate cyber security into course work.