Cybersecurity Can Learn From Maritime Security

Uploaded on 2017-06-21 in BUSINESS-Services-IT & Telecoms, BUSINESS-Services-Transport & Travel, FREE TO VIEW, NEWS-Cybersecurity News

There may be an answer to the long-running debate about whether to split US Cyber Command from the National Security Agency and where does the civilian sector fit in to the offensive side of the cyber equation. 

Senator John McCain  chairman of the Armed Services Committee, offered an idea at a recent hearing with Adm. Mike Rogers, commander of US Cyber Command and director of NSA, that seems to have real legs.

McCain suggested that the Coast Guard could be a model for how cybersecurity is organised in the federal government.

“That Coast Guard has an interesting mix of authorities that may be just as applicable in cyber-space as they are in territorial waters. They’re both an agency within the Department of Homeland Security as well as a branch of the armed services.

They can operate both within the United States and internationally and can seamlessly transition from law enforcement to military authorities,” McCain said at the May 9 hearing.

“A cyber analog to the Coast Guard could be a powerful tool for addressing gaps that impede our existing organisational structure. It could also serve as a much-needed cyber first response team responsible for immediate triage and handoff to the appropriate federal entity for further response, remediation, or law enforcement action.”

Cybersecurity crosses boundaries similar to drug smuggling and pirating. The Internet is similar to the oceans and seas.

If the Navy had to hand off to the Coast Guard every time a speed boat carrying drugs crossed into US territorial waters, imagine the inconvenience and hassle that would cause.

How is cyber any different? When an attack emanates from a foreign country on a military base or a critical infrastructure provider, is it a law enforcement or military responsibility to respond? So far it’s been the FBI taking the lead with investigations, and the Homeland Security Department performing clean up duties.

McCain and other legislators are concerned about the increasingly distributed roles and responses to cyber-attacks.

“Achieving a credible deterrent requires integration of capabilities and focus policy development across the Department of Defense. As well as through the whole of government involving DOD, the State Department, the intelligence community, DHS and the Justice Department. We had not seen evidence yet that the new administration appreciates these urgent problems and intends to address them. The cyber command, specifically,” said Sen. Jack Reed (D-R.I.), ranking member of the committee.

“The committee has heard concerns that our military cyber forces are almost exclusively focused on the technical aspects of cyber-space operations such as detecting network intrusions, expelling intruders and figuring out how to penetrate a network of adversaries. The concern is that this focus misses the crucial cognitive element of information operations conducted through cyber-space.”

The Coast Guard, on the other hand, protects the nation’s waterways in a multi-dimensional way.

Retired Adm. James Loy, who served as the Coast Guard’s commandant for four years and DHS deputy secretary for two years in the 1990s to the mid-2000s, said the service is a blend of military tactics and law enforcement authorities.

“The picture Sen. McCain is painting is the ability to have constructed means by which they can fly back and forth between law enforcement and military tactics, and have the policy to get done what they have to by law,” said Loy, who now is a senior counselor with the Cohen Group.

“On the law enforcement side, the service has led efforts to provoke bilateral arrangements with Caribbean countries so they are acting on behalf of the country. They have the flexibilities and are designed with the intent to move between regulatory and military tactics that the senator is describing as a model. That is enormously effective for the Coast Guard.”

Loy said while he’s not an expert on cybersecurity, the analogy is a good one because the point McCain is making is all about flexibility to meet the mission.

“Is there a version of that in the cyber world that would be valuable?” he said. “There is a similar degree of those kinds of policy aspects, tactical utilization of resources and an end game of efficiency and effectiveness so the model may have application.”

McCain’s concern seems to be about the long-term sustainability of the current set up. While a spokesman for his office offered nothing further about this idea of a Coast Guard model, the senator did press Rogers on this question during the hearing.

Rogers said it was sustainable, but questioned whether it was the most effective way to address cybersecurity concerns.

“My recommendation, my input to the process has been, our challenge is, so we built a foundation with a series of very specialised and distinct responsibilities and yet I think what experience has taught us over the last few years is it’s our ability to respond in a much more integrated focused way is really the key to success here,” Rogers said. “And I think that’s the challenge, how do we more formally integrated these capabilities across the government.”

The Defense Department has a report due to the committee on or about June 23 on military/non-military options available to deterring and responding to imminent cyber threats. Congress asked for the report in the 2016 National Defense Authorization Act.

Rogers said he knew DoD is working on the report.

Loy said the Coast Guard adapted its mission space and response over the last 25 years or more. DoD, DHS, the FBI and others don’t have that luxury with cybersecurity.

“If you just look at gradual emergence of this challenge, DoD has been concentrating on things in space and cyber related from the offensive and defensive perspective for a long time, but it’s the maturation of both the threat and the vulnerabilities and capabilities that causes some more direct thinking to be considered for organisational mashups,” he said.

“To the degree the rose was pinned on DHS to be responsible for areas not related to DoD, think about what that did and the enormous complexity has caused over the last decade or more of thinking about how to do that.

“I can see that morphing with ultimate responsibility with some sort of cyber organisation, every bit as responsible for cyber as the Coast Guard is for the maritime domain. Whoever gets the rose pinned on them will serve the nation better based on this preparation.”

Federal News Radio:

You Might Also Read:

Will NSA & CyberCom Split?:

US Must Project Cyber Warfare Capabilities to Deter Attacks:

 

« Binky: An Anti-Social Media Simulator
Power Companies Cyber ‘Nightmare’ »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Council on Foreign Relations (CFR)

Council on Foreign Relations (CFR)

CFR is dedicated to better understanding the world and the foreign policy choices facing the USA and other countries. Cyber security is covered within the CFR topic areas.

Synology

Synology

Synology provides high-performance, reliable, and secure Network Attached Storage (NAS) products.

ASIS International

ASIS International

ASIS International is a global community of security practitioners with a role in the protection of assets - people, property, and/or information.

Kent Interdisciplinary Research Centre in Cyber Security (KirCCS) - University of Kent

Kent Interdisciplinary Research Centre in Cyber Security (KirCCS) - University of Kent

KirCCS harnesses expertise across Kent University to address current and potential cyber security challenges.

US Cyber Command (USCYBERCOM)

US Cyber Command (USCYBERCOM)

USCYBERCOM conducts activities to ensure US/Allied freedom of action in cyberspace and deny the same to our adversaries.

National Defense Industry Association (NDIA) - USA

National Defense Industry Association (NDIA) - USA

The National Defense Industrial Association Cyber Division contributes to US national security by promoting interaction between the cyber defense industry, government and military.

Securicon

Securicon

Securicon provides expert consulting for application, system and network security.

Hub One

Hub One

Hub One is a leading player in digital transformation with expertise in broadband connectivity, business solutions for traceability and mobility, IOT in industrial environments and cybersecurity.

Periculus

Periculus

Periculus makes managing digital risk simple. Its integrated platform offers access to purchase cyber insurance and cyber security solutions uniquely tailored to fit the needs of every business.

Clarabot Nano

Clarabot Nano

Nano is the secure file sharing tool to improve content search, data access and collaboration between multiple parties.

Difenda

Difenda

Difenda Shield is a fully integrated and modular cybersecurity suite that gives your organization the agility it needs to implement a world-class cybersecurity system.

AirDroid Business

AirDroid Business

AirDroid Business is an efficient mobile device management solution for Android devices, helping businesses to remotely control and access devices in large quantities using a centralized approach.

Stacklok

Stacklok

Stacklok are an Open Source first security company enabling safe Open Source Software consumption.

Resonance Security

Resonance Security

Resonance offers powerful cybersecurity aggregation software that makes protecting against full spectrum cybersecurity threats effortless no matter what your technical level, budget, or scope.

Cakewalk

Cakewalk

Cakewalk is the new standard in easy Access Control. Trusted by IT & Security teams. Loved by employees.

VAST Data

VAST Data

The VAST Data Platform delivers scalable performance, radically simple data management and enhanced productivity for the AI-powered world.