{"id":23090,"date":"2017-11-15T00:25:26","date_gmt":"2017-11-15T05:25:26","guid":{"rendered":"https:\/\/digital.hbs.edu\/platform-rctom\/submission\/can-the-coast-guard-prevent-cyberattacks-from-sinking-our-connections-to-global-supply-chains\/"},"modified":"2017-11-15T00:25:26","modified_gmt":"2017-11-15T05:25:26","slug":"can-the-united-states-coast-guard-prevent-cyberattacks-from-sinking-our-connections-to-global-supply-chains","status":"publish","type":"hck-submission","link":"https:\/\/d3.harvard.edu\/platform-rctom\/submission\/can-the-united-states-coast-guard-prevent-cyberattacks-from-sinking-our-connections-to-global-supply-chains\/","title":{"rendered":"Can the United States Coast Guard prevent cyberattacks from sinking our connections to global supply chains?"},"content":{"rendered":"

On 24 October 2017 the United States House of Representatives passed H.R. 3101 Strengthening Cybersecurity Information Sharing and Coordination in Our Ports Act of 2017<\/em> [1]<\/a>. The bill was introduced in response to the June 2017 global cyberattack that shut down the Port of Los Angeles\u2019 largest terminal [2]<\/a> via infection of shipping company Maersk (who leases the terminal) by the NotPetya worm [3]<\/a>. The attack stalled 76 of Maersk\u2019s global port terminals in total [4]<\/a>. Parent corporation A.P. Moeller-Maersk estimated that the cyberattack would cost the company $200m – $300m [5]<\/a>.<\/p>\n

The United States Coast Guard (USCG) is charged to protect the maritime transportation system (MTS) from both physical and cyber- attacks. The MTS handles over $1.3 trillion in cargo through approximately 360 ports annually and links the United States to global supply chains. Figure 1 shows the top 25 water ports by cargo container volume. Digitalization of the maritime sector (from ship navigation to port operations) has increased efficiency but introduced the crippling threat of cyberattacks [6]<\/a>. As shown just by the impact of the cyberattack on Maersk, failure of the MTS due to cyberattack could be catastrophic for the United States.<\/p>\n

\"\"<\/a>
Figure 1. Top 25 Ports by Cargo Container Volume
Source: U.S. Department of Transportation, Maritime Administration, 2000-2015 U.S. Waterborne Container Trade by U.S. Customs Port<\/em>, derived from IHS Maritime, Port Import\/Export Reporting Service (PIERS), available at https:\/\/www.marad.dot.gov\/resources\/data-statistics\/ as of October 2017. (accessed November 2017 from https:\/\/www.bts.gov\/topics\/maritime-and-inland-waterways)<\/figcaption><\/figure>\n

The U.S government is aware of these risks. In 2015 the USCG released a 10-year cyber strategy that includes a strategic priority to protect infrastructure (e.g., the MTS) through two goals: 1) \u201crisk assessment \u2013 promote cyber risk awareness and management\u201d and 2) \u201cprevention \u2013 reduce cybersecurity vulnerabilities in the MTS.\u201d Goal 1 revolves around improving risk assessment tools and information sharing with the maritime industry and government stakeholders. Goal 2 is based on establishing vessel\/facility cybersecurity standards and personnel training requirements [6]<\/a>. Essentially, the USCG strategy to protect the MTS is about raising awareness and understanding of the cyber threat for both participants and stakeholders. USCG seeks to build a culture of cyber risk management that is analogous to safety culture [7]<\/a>.<\/p>\n

Although the 2015 cyber strategy does not provide details on execution timing, recent USCG actions and communications appear to be in line with achieving the stated goals. For example, in line with goal 1, the USCG published a cybersecurity series in the Coast Guard Maritime Commons <\/em>(their blog for maritime professionals) for national cybersecurity awareness month (October) that discusses cyber incidents, poses questions, and provides links to important guidelines, standards, and frameworks [8]<\/a>. In line with goal 2, the USCG collaborated with the International Maritime Organization (IMO) to write Guidelines on Maritime Cyber Risk Management <\/em>[7]<\/a> and released a draft of NVIC 05-17 Guidelines for Addressing Cyber Risks at Maritime Transportation Security Act (MTSA) Regulated Facilities <\/em>for comments [9]<\/a>.<\/p>\n

Is the USCG culture-based approach to cybersecurity (and hence MTS protection) valid? I think so. First, given that an organization can be exposed to malware by one person clicking one link in an email, it seems clear that enforcing safe cyber behavior at all levels is paramount. Experience in the oil and gas sector taught me the importance of strong safety cultures for enforcing safe behaviors. Hence, if cybersecurity is analogous to safety, which it seems to be, then this approach will be effective. Second, frequent communication via the Coast Guard Maritime Commons<\/em> should help industry users digest the vast array of guidelines, standards, and cyber security practices scattered across various groups and agencies. Third, development of guidelines, especially through international organizations like IMO should help ensure compliance by international shipping companies (e.g., Maersk is Danish) in utilizing the MTS securely.<\/p>\n

Still, the USCG approach to protect the MTS from new digital threats could be improved by two additional actions. First, USCG should consolidate critical information in one location and simplify the message. 性视界ing for maritime cybersecurity guidance was a journey through lengthy manuals and regulatory documents across various agency sites. Clear and more easily accessible information should help to improve awareness and education. Prominent display of cyberattack statistics would also help to enforce the message. Second, USCG should require mandatory rapid reporting of cyber incidents to enhance information sharing and damage mitigation. Even new legislation such as H.R. 3101 only requires voluntary reporting of maritime cybersecurity incidents [1]<\/a>. Unreported attacks are missed learning opportunities.<\/p>\n

In conclusion, digitalization of maritime supply chains (and the MTS) has created new cyber threats for the USCG, the nation, and the shipping industry to battle. Discussion of how the USCG can best protect the MTS (and the nation\u2019s maritime supply chains) from cyberattacks raises many questions. Should the USCG go on the cyber offensive? Would mandatory cyberattack reporting requirements sacrifice the right to privacy?<\/p>\n

(742 words)<\/p>\n

References<\/p>\n

<\/a> [1] Summary of H.R. 3101 \u201cStrengthening Cybersecurity Information Sharing and Coordination in Our Ports Act of 2017,\u201d Congressional Research Service<\/em>, 24 October 2017
\nhttps:\/\/www.congress.gov\/bill\/115th-congress\/house-bill\/3101<\/a><\/p>\n

<\/a> [2] \u201cHouse Passes Torres Bill to Address Port Cybersecurity Threats\u201d, 24 October 2017
\nhttps:\/\/torres.house.gov\/media-center\/press-releases\/house-passes-torres-bill-address-port-cybersecurity-threats<\/a><\/p>\n

<\/a> [3] J. Leovy and A. D\u2019Angelo, \u201cMaersk\u2019s L.A. port terminal remains closed after global cyberattack,\u201d LA Times<\/em>, 29 June 2017
\nhttp:\/\/beta.latimes.com\/business\/technology\/la-fi-maersk-cyber-attack-20170629-story.html<\/a><\/p>\n

<\/a> [4] R. Milne, \u201cMaersk CEO Soren Skou on surviving cyber attack,\u201d Financial Times, <\/em>13 August 2017
\nhttps:\/\/www.ft.com\/content\/785711bc-7c1b-11e7-9108-edda0bcbc928<\/a><\/p>\n

<\/a> [5] R. Milne, \u201cMoler-Maersk puts cost of cyber attack at up to $300m,\u201d Financial Times, <\/em>16 August 2017
\nhttps:\/\/www.ft.com\/content\/a44ede7c-825f-11e7-a4ce-15b2513cb3ff<\/a><\/p>\n

<\/a> [6] United States Coast Guard Cyber Strategy, United States Coast Guard<\/em>, June 2015, accessed November 2017. http:\/\/www.overview.uscg.mil\/Portals\/6\/Documents\/PDF\/CG_Cyber_Strategy.pdf?ver=2016-10-13-122915-863<\/a><\/p>\n

<\/a> [7] K. Kuhn, \u201cNat\u2019l Cybersecurity Awareness Month \u2013 Shipboard cyber risk management,\u201d Coast Guard Maritime Commons<\/em>, 9 October 2017
\nhttp:\/\/mariners.coastguard.dodlive.mil\/2017\/10\/09\/1092017-natl-cybersecurity-awareness-month-shipboard-cyber-risk-management\/<\/a><\/p>\n

<\/a> [8] B. Link, \u201cNat\u2019l Cybersecurity Awareness Month \u2013 Five key cyber questions and challenges facing the maritime industry,\u201d Coast Guard Maritime Commons<\/em>, 30 October 2017
\nhttp:\/\/mariners.coastguard.dodlive.mil\/2017\/10\/30\/10302017-natl-cybersecurity-awareness-month-five-key-cyber-questions-and-challenges-facing-the-maritime-industry\/<\/a><\/p>\n

<\/a> [9] Y. Barril, \u201cNat\u2019l Cybersecurity Awareness Month \u2013 October is National Cyber Security Awareness Month,\u201d Coast Guard Maritime Commons<\/em>, 2 October 2017
\nhttp:\/\/mariners.coastguard.dodlive.mil\/2017\/10\/02\/1022017-october-national-cyber-security-awareness-month\/<\/a><\/p>\n

USCG Cyber Command Logo: http:\/\/allhands.coastguard.dodlive.mil\/2013\/10\/30\/how-does-coast-guard-cyber-security-keep-our-everyday-systems-operating-safely\/uscg-cyber-command\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

New threats emerge with the digitalization of the maritime supply chain. Can the United States Coast Guard stop the rising tide of cyberattacks?<\/p>\n","protected":false},"author":10369,"featured_media":23172,"comment_status":"open","ping_status":"closed","template":"","categories":[845,788,3594,2029,3595,1062,17,3593],"class_list":["post-23090","hck-submission","type-hck-submission","status-publish","has-post-thumbnail","hentry","category-cybersecurity","category-digital","category-digitilization","category-digitization","category-maritime","category-shipping","category-supply-chain","category-united-states-coast-guard","hck-taxonomy-organization-united-states-coast-guard","hck-taxonomy-industry-shipping","hck-taxonomy-country-united-states"],"connected_submission_link":"https:\/\/d3.harvard.edu\/platform-rctom\/assignment\/rc-tom-challenge-2017\/","yoast_head":"\nCan the United States Coast Guard prevent cyberattacks from sinking our connections to global supply chains? - Technology and Operations Management<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/d3.harvard.edu\/platform-rctom\/submission\/can-the-united-states-coast-guard-prevent-cyberattacks-from-sinking-our-connections-to-global-supply-chains\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Can the United States Coast Guard prevent cyberattacks from sinking our connections to global supply chains? - Technology and Operations Management\" \/>\n<meta property=\"og:description\" content=\"New threats emerge with the digitalization of the maritime supply chain. Can the United States Coast Guard stop the rising tide of cyberattacks?\" \/>\n<meta property=\"og:url\" content=\"https:\/\/d3.harvard.edu\/platform-rctom\/submission\/can-the-united-states-coast-guard-prevent-cyberattacks-from-sinking-our-connections-to-global-supply-chains\/\" \/>\n<meta property=\"og:site_name\" content=\"Technology and Operations Management\" \/>\n<meta property=\"og:image\" content=\"https:\/\/d3.harvard.edu\/platform-rctom\/wp-content\/uploads\/sites\/4\/2017\/11\/USCG-Cyber-Command-300x150.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"300\" \/>\n\t<meta property=\"og:image:height\" content=\"150\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/d3.harvard.edu\\\/platform-rctom\\\/submission\\\/can-the-united-states-coast-guard-prevent-cyberattacks-from-sinking-our-connections-to-global-supply-chains\\\/\",\"url\":\"https:\\\/\\\/d3.harvard.edu\\\/platform-rctom\\\/submission\\\/can-the-united-states-coast-guard-prevent-cyberattacks-from-sinking-our-connections-to-global-supply-chains\\\/\",\"name\":\"Can the United States Coast Guard prevent cyberattacks from sinking our connections to global supply chains? - Technology and Operations Management\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/d3.harvard.edu\\\/platform-rctom\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/d3.harvard.edu\\\/platform-rctom\\\/submission\\\/can-the-united-states-coast-guard-prevent-cyberattacks-from-sinking-our-connections-to-global-supply-chains\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/d3.harvard.edu\\\/platform-rctom\\\/submission\\\/can-the-united-states-coast-guard-prevent-cyberattacks-from-sinking-our-connections-to-global-supply-chains\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/d3.harvard.edu\\\/platform-rctom\\\/wp-content\\\/uploads\\\/sites\\\/4\\\/2017\\\/11\\\/USCG-Cyber-Command-300x150.jpg\",\"datePublished\":\"2017-11-15T05:25:26+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/d3.harvard.edu\\\/platform-rctom\\\/submission\\\/can-the-united-states-coast-guard-prevent-cyberattacks-from-sinking-our-connections-to-global-supply-chains\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/d3.harvard.edu\\\/platform-rctom\\\/submission\\\/can-the-united-states-coast-guard-prevent-cyberattacks-from-sinking-our-connections-to-global-supply-chains\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/d3.harvard.edu\\\/platform-rctom\\\/submission\\\/can-the-united-states-coast-guard-prevent-cyberattacks-from-sinking-our-connections-to-global-supply-chains\\\/#primaryimage\",\"url\":\"https:\\\/\\\/d3.harvard.edu\\\/platform-rctom\\\/wp-content\\\/uploads\\\/sites\\\/4\\\/2017\\\/11\\\/USCG-Cyber-Command-300x150.jpg\",\"contentUrl\":\"https:\\\/\\\/d3.harvard.edu\\\/platform-rctom\\\/wp-content\\\/uploads\\\/sites\\\/4\\\/2017\\\/11\\\/USCG-Cyber-Command-300x150.jpg\",\"width\":300,\"height\":150},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/d3.harvard.edu\\\/platform-rctom\\\/submission\\\/can-the-united-states-coast-guard-prevent-cyberattacks-from-sinking-our-connections-to-global-supply-chains\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/d3.harvard.edu\\\/platform-rctom\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Submissions\",\"item\":\"https:\\\/\\\/d3.harvard.edu\\\/platform-rctom\\\/submission\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Can the United States Coast Guard prevent cyberattacks from sinking our connections to global supply chains?\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/d3.harvard.edu\\\/platform-rctom\\\/#website\",\"url\":\"https:\\\/\\\/d3.harvard.edu\\\/platform-rctom\\\/\",\"name\":\"Technology and Operations Management\",\"description\":\"MBA Student Perspectives\",\"potentialAction\":[{\"@type\":\"性视界Action\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/d3.harvard.edu\\\/platform-rctom\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Can the United States Coast Guard prevent cyberattacks from sinking our connections to global supply chains? - Technology and Operations Management","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/d3.harvard.edu\/platform-rctom\/submission\/can-the-united-states-coast-guard-prevent-cyberattacks-from-sinking-our-connections-to-global-supply-chains\/","og_locale":"en_US","og_type":"article","og_title":"Can the United States Coast Guard prevent cyberattacks from sinking our connections to global supply chains? - Technology and Operations Management","og_description":"New threats emerge with the digitalization of the maritime supply chain. Can the United States Coast Guard stop the rising tide of cyberattacks?","og_url":"https:\/\/d3.harvard.edu\/platform-rctom\/submission\/can-the-united-states-coast-guard-prevent-cyberattacks-from-sinking-our-connections-to-global-supply-chains\/","og_site_name":"Technology and Operations Management","og_image":[{"width":300,"height":150,"url":"https:\/\/d3.harvard.edu\/platform-rctom\/wp-content\/uploads\/sites\/4\/2017\/11\/USCG-Cyber-Command-300x150.jpg","type":"image\/jpeg"}],"twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/d3.harvard.edu\/platform-rctom\/submission\/can-the-united-states-coast-guard-prevent-cyberattacks-from-sinking-our-connections-to-global-supply-chains\/","url":"https:\/\/d3.harvard.edu\/platform-rctom\/submission\/can-the-united-states-coast-guard-prevent-cyberattacks-from-sinking-our-connections-to-global-supply-chains\/","name":"Can the United States Coast Guard prevent cyberattacks from sinking our connections to global supply chains? - Technology and Operations Management","isPartOf":{"@id":"https:\/\/d3.harvard.edu\/platform-rctom\/#website"},"primaryImageOfPage":{"@id":"https:\/\/d3.harvard.edu\/platform-rctom\/submission\/can-the-united-states-coast-guard-prevent-cyberattacks-from-sinking-our-connections-to-global-supply-chains\/#primaryimage"},"image":{"@id":"https:\/\/d3.harvard.edu\/platform-rctom\/submission\/can-the-united-states-coast-guard-prevent-cyberattacks-from-sinking-our-connections-to-global-supply-chains\/#primaryimage"},"thumbnailUrl":"https:\/\/d3.harvard.edu\/platform-rctom\/wp-content\/uploads\/sites\/4\/2017\/11\/USCG-Cyber-Command-300x150.jpg","datePublished":"2017-11-15T05:25:26+00:00","breadcrumb":{"@id":"https:\/\/d3.harvard.edu\/platform-rctom\/submission\/can-the-united-states-coast-guard-prevent-cyberattacks-from-sinking-our-connections-to-global-supply-chains\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/d3.harvard.edu\/platform-rctom\/submission\/can-the-united-states-coast-guard-prevent-cyberattacks-from-sinking-our-connections-to-global-supply-chains\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/d3.harvard.edu\/platform-rctom\/submission\/can-the-united-states-coast-guard-prevent-cyberattacks-from-sinking-our-connections-to-global-supply-chains\/#primaryimage","url":"https:\/\/d3.harvard.edu\/platform-rctom\/wp-content\/uploads\/sites\/4\/2017\/11\/USCG-Cyber-Command-300x150.jpg","contentUrl":"https:\/\/d3.harvard.edu\/platform-rctom\/wp-content\/uploads\/sites\/4\/2017\/11\/USCG-Cyber-Command-300x150.jpg","width":300,"height":150},{"@type":"BreadcrumbList","@id":"https:\/\/d3.harvard.edu\/platform-rctom\/submission\/can-the-united-states-coast-guard-prevent-cyberattacks-from-sinking-our-connections-to-global-supply-chains\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/d3.harvard.edu\/platform-rctom\/"},{"@type":"ListItem","position":2,"name":"Submissions","item":"https:\/\/d3.harvard.edu\/platform-rctom\/submission\/"},{"@type":"ListItem","position":3,"name":"Can the United States Coast Guard prevent cyberattacks from sinking our connections to global supply chains?"}]},{"@type":"WebSite","@id":"https:\/\/d3.harvard.edu\/platform-rctom\/#website","url":"https:\/\/d3.harvard.edu\/platform-rctom\/","name":"Technology and Operations Management","description":"MBA Student Perspectives","potentialAction":[{"@type":"性视界Action","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/d3.harvard.edu\/platform-rctom\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"}]}},"_links":{"self":[{"href":"https:\/\/d3.harvard.edu\/platform-rctom\/wp-json\/wp\/v2\/hck-submission\/23090","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/d3.harvard.edu\/platform-rctom\/wp-json\/wp\/v2\/hck-submission"}],"about":[{"href":"https:\/\/d3.harvard.edu\/platform-rctom\/wp-json\/wp\/v2\/types\/hck-submission"}],"author":[{"embeddable":true,"href":"https:\/\/d3.harvard.edu\/platform-rctom\/wp-json\/wp\/v2\/users\/10369"}],"replies":[{"embeddable":true,"href":"https:\/\/d3.harvard.edu\/platform-rctom\/wp-json\/wp\/v2\/comments?post=23090"}],"version-history":[{"count":0,"href":"https:\/\/d3.harvard.edu\/platform-rctom\/wp-json\/wp\/v2\/hck-submission\/23090\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/d3.harvard.edu\/platform-rctom\/wp-json\/wp\/v2\/media\/23172"}],"wp:attachment":[{"href":"https:\/\/d3.harvard.edu\/platform-rctom\/wp-json\/wp\/v2\/media?parent=23090"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/d3.harvard.edu\/platform-rctom\/wp-json\/wp\/v2\/categories?post=23090"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}