Why the Coast Guard treats cybersecurity like hazardous cargo

The Coast Guard is building a culture of cybersecurity along the lines of current physical safety protocols, said Rear Adm. Kevin Lunday.

USCG Real Admiral Kevin Lunday
 

Coast Guard Real Admiral Kevin Lunday, shown here in 2015 at U.S. Cyber Command headquarters.

The Coast Guard is looking to manage cybersecurity risk in much the same way it handles physical danger, according to U.S. Coast Guard Cyber Commander Rear Adm. Kevin Lunday. In 2016, the service merged cybersecurity into its safety plans and issued guidelines with industry on the maritime bulk liquid transfer of hazardous cargo, regarding the control systems involved with those transfers.

Speaking at an Oct. 18 conference hosted by CyberScoop, Lunday said there must be a basic culture of compliance to promote safety.

"People not technology are the most important element when we talk about cybersecurity. Often times the individual user will either be the strongest or the weakest link," he said.

Lunday said building and reinforcing that culture is a "critical element" to a successful cybersecurity strategy. The key is to treat a cyberattack as if it were a physical threat.

"If you have a significant cyber event, there will be physical consequences where you need to be managing the potential risks across a range of threats and hazards," Lunday said. "We sought to manage that risk in the same manner we would with any physical hazard of accident through that safety system," Lunday said.

Challenges persist, however. Lunday said the Coast Guard's biggest barrier is using information strategically.

"One of our challenges continues to be how to treat information as a strategic asset of the organization," he said.

NEXT STORY: DOJ sees a path to legal hacking