UNITED STATES COAST GUARD - CYBER STRATEGIC OUTLOOKThe U.S. Coast Guard will hold accountable those who use cyberspace to undermine the security of our nation and the Marine Transportation System. Since the earliest days of our nation, the U.S. Coast Guard has protected our security and prosperity by promoting and enforcing lawful activity on our nation’s waters, in our ports, and in the air. As illicit activity and Great Power Competition between nation states shifts to cyberspace, the U.S. Coast Guard – working with DHS, DOD, and the interagency – will hold accountable those who use cyberspace to exploit our networks and attack the MTS to undermine our national and economic security.U.S. Coast Guard actions in response to this Outlook are organized into three lines of effort: (1) Defend and Operate the Enterprise Mission Platform; (2) Protect the Marine Transportation System; and (3) Operate In and Through Cyberspace. These efforts will be underpinned by development and sustainment of a skilled workforce, intelligence driven operations, and domestic and international partnerships to achieve unity of effort. U.S. Coast GuardUSCG_67ab9e35-b44a-45c5-a83c-72fe37640ad5The U.S. Coast Guard is the nation’s lead federal agency for securing and safeguarding the MTS. The U.S. Coast Guard executes responsibilities at the local, national, and international levels to manage risk in the maritime domain. Karl L. SchultzAdmiralMarine Transportation SystemThreats from cybersecurity continue to evolve rapidly. Since the 2015 strategy, evolving technology has empowered users with sophisticated tools to increase productivity; meanwhile, cyber attacks on the same technology have continued to evolve in tandem. As the backbone of the United States’ economy, the Marine Transportation System (MTS) is a prime target for malicious cyber actors who seek to disrupt our supply chain.U.S. Coast Guard Cyber CommandU.S. Coast Guard Cyber Command (CGCYBER) executes cyberspace operations in accordance with DOD and U.S. Coast Guard policy and procedures. CGCYBER operates, maintains, secures, defends, preserves, and protects the U.S. Coast Guard Enterprise Mission Platform (EMP) and delivers a timely and operationally focused response, relieving Area, District, and Sector commanders from managing technological risk, and has become an invaluable addition to our service’s missions.CGCYBER CommanderUSCYBERCOM DetachmentCGCYBER U.S. Cyber Command (USCYBERCOM) Detachment CISA DetachmentCGCYBER Cybersecurity & Infrastructure Security Agency (CISA) Detachment CGCYBER Intelligence DepartmentCGCYBER Assessment & Authorization DepartmentCGCYBER Operations Support DepartmentCGCYBER Operations DepartmentCurrent Operations Division• Cybersecurity Operations Center • Network Operations & Security Center Future Operations Division• Compliance & Orders Branch • Cyber Operational Assessments Branch • Readiness and Security Inspections BranchDODIN Operations Division• Centralized Service Desk Branch • Field Management Branch • Technical Management BranchCyber Effects & Protection Division• 1790 Cyber Protection Team • 1915 Cyber Mission Team • 2013 Cyber Protection Team • Maritime Cyber Readiness BranchCyber Reserve DivisionUSCG Area CommandersUSCG District CommandersUSCG Sector CommandersCaptains of PortsLocally, the COTP, and associated titles and authorities, is the focal point for prevention and response activities.Federal Maritime Security CoordinatorsActing as the Federal Maritime Security Coordinator (FMSC), the COTP is charged with establishing an Area Maritime Security Committee (AMSC) and maintaining an Area Maritime Security Plan (AMSP), in close coordination with law enforcement, regulatory, and industry partners.Area Maritime Security CommitteesMTS Cyber SpecialistsLeveraging the expertise of the U.S. Coast Guard’s newly established MTS cyber specialists, the COTP will fully leverage the U.S. Coast Guard’s intelligence authorities and responsibility to identify the intent and capability of threat actors to the port community. COTPs will then coordinate across the port to identify and manage cyber risks to the MTS.USCG Cyber Protection TeamsWhen additional cyberspace expertise is required, the COTP will request deployment of U.S. Coast Guard’s Cyber Protection Teams (CPT) to conduct prevention and response actions under the umbrella of COTP authorities. Exercising AMSPs with our MTS cyber specialists alongside our port partners will improve planning and preparedness efforts across all COTP zones.Senior Risk Management AgenciesPer law and policy, the U.S. Coast Guard is designated as the SRMA for the maritime mode of the Transportation Sector.Transportation Sector Cybersecurity and Infrastructure Security AgencyIn coordination with the Cybersecurity and Infrastructure Security Agency (CISA) and other sector SRMA leads, the U.S. Coast Guard will align efforts to manage common cyber risks; share incident reporting, threat, and vulnerability information; and unify efforts to protect the nation’s critical infrastructure.USCG PartnersInternationally, the U.S. Coast Guard engages with partners, allies, international regulatory and standards organizations , and the private sector to identify and manage risks to the global maritime transportation system. International Regulatory OrganizationsInternational Standards OrganizationsPrivate SectorThose who use cyberspace to undermine the security of our nation and the Marine Transportation System will be held accountable_d1c50148-f627-11eb-af1b-b862f982ea00To Protect and Operate in Cyberspace_d1c50378-f627-11eb-af1b-b862f982ea00TransportationSecurityAccountabilityLeverageKey Enablers ~ The U.S. Coast Guard must continue to leverage and invest in key enablers to achieve enduring success in cyberspace. We will be resolute and focused on ensuring that these enablers underpin our efforts across all strategic priorities as we continue to mature our cyberspace capabilities.InvestmentPartnershipThe U. S. Coast Guard will build and strengthen partnerships to capitalize on our existing authorities, responsibilities, and expertise within cyberspace. This includes improving communication and coordination with partners at the federal, state, local, tribal, and territorial levels. Domestically, we will leverage U.S. Coast Guard cyber subject matter experts deployed across Areas, Districts, and Sectors to improve information sharing and unity of action with MTS stakeholders at the tactical and operational levels. Internationally, we will build upon our existing engagements alongside partner nations to defend our common goals, reinforce established international norms of behavior in cyberspace, and counter misbehavior of those operating outside those norms.IntelligenceTimely and actionable intelligence is the foundation of successful U.S. Coast Guard operations and is crucial in driving the most effective employment of assets. As an integral enabler to cyberspace operations and cyber domain awareness, it is critical that the U.S. Coast Guard produces intelligence on pace with the growing complexity and number of threats that characterize this dynamic operating environment. Operating in close coordination and alignment with the interagency, combined, and joint partners, we must deliver prompt and relevant intelligence on threats, adversary capabilities, and adversary intent to ensure information advantage for field commanders and senior leaders. Malicious cyber activity is also on the rise within the global supply chains and the MTS. The cascading nature of cyber attacks together with the central role the MTS holds within every supply chain, can quickly result in catastrophic costs that threaten economic stability and national security. The U.S. Coast Guard will forge new – and strengthen existing – partnerships, to build robust assessments of MTS-related threats and equip stakeholders with actionable information to protect the MTS. Mission PlatformDefend and operate the enterprise mission platform_d1c504d6-f627-11eb-af1b-b862f982ea00Line of Effort 1Secure, resilient information technology and operational technology networks support all missions. In today’s contested cyberspace, the U.S. Coast Guard must defend and operate the U.S. Coast Guard Enterprise Mission Platform (EMP), our portion of the Department of Defense Information Network (DODIN), including all U.S. Coast Guard technology, to thwart adversary interference and posture our forces to achieve mission success. Detection, Prevention, Response & ResiliencyInvest, develop, and acquire capabilities to detect, prevent, respond, and be resilient against adversaries who seek to disrupt U.S. Coast Guard operational assets._d1c506a2-f627-11eb-af1b-b862f982ea001.1CapabilitiesInvest in capabilities – sensors, automation, artificial intelligence, cloud architecture and mobility – to provide a persistently monitored, secure, and resilient environment for U.S. Coast Guard operations._d1c507f6-f627-11eb-af1b-b862f982ea001.2AttacksProactively assess and strengthen the cybersecurity of our supply chains, major systems, and information dependent assets to anticipate and remove attack vectors._d1c50954-f627-11eb-af1b-b862f982ea001.3InteroperabilitySeek further interoperability with U.S. Cyber Command and the Joint Force, and continue to leverage DOD architecture, intelligence, and information capabilities as a member of the DODIN enterprise._d1c50aa8-f627-11eb-af1b-b862f982ea001.4WorkforceCreate a capable workforce to detect and defend against adversaries who seek to disrupt U.S. Coast Guard land, sea, air, and space command and control systems._d1c50bf2-f627-11eb-af1b-b862f982ea001.5USCG Cybersecurity WorkforceCyberspace ForcesDevelop and employ cyberspace operational forces trained, ready, postured, and organized to project national and U.S. Coast Guard power in the defense and operation of our networks, systems, and information._d1c50d50-f627-11eb-af1b-b862f982ea001.6USGC Cyberspace ForcesDoctrine, Tactics, Techniques & ProceduresDevelop and implement doctrine and tactics, techniques, and procedures to protect U.S. Coast Guard information and sustain mission outcomes in a contested cyberspace environment._d1c50eb8-f627-11eb-af1b-b862f982ea001.7Marine TransportationProtect the marine transportation system_d1c51016-f627-11eb-af1b-b862f982ea00Line of Effort 2Marine Transportation SystemMaritime Cyber Readiness BranchCGCYBER’s Maritime Cyber Readiness Branch (MCRB) investigates incidents and directly supports the U.S. Coast Guard’s Sectors and Marine Safety Units. By combining data collected from new investigations with available historical data, MCRB maintains the “big picture” for MTS cybersecurity. With the increasing prevalence of ransomware attacks at maritime facilities, MCRB support is more important than ever. The U.S. Coast Guard will employ frameworks, standards, and best practices in prevention and response activities to identify and manage cyber risks to the MTS. Within ports, the U.S. Coast Guard’s Captains of the Port (COTP) will lead governance by promoting cyber risk management, accountability, and the development and implementation of unified response plans. U.S. Coast Guard Intelligence will provide characterization and awareness of cyber actors and their capabilities that hold the MTS at risk. Deployable cyber forces will stand ready to augment field commanders with subject matter expertise, assessment, and incident response capabilities, as well as critical infrastructure support in the identification and mitigation of cyber risk.Prevention & ResponseApply the prevention and response framework for industry to manage cyber risks to maritime critical infrastructure in alignment with national and DHS cyber strategies._d1c51160-f627-11eb-af1b-b862f982ea002.1IncidentsRefine cybersecurity incident reporting requirements and promote information sharing to improve the ability of owners and operators to prepare for, mitigate, and respond to threats to maritime critical infrastructure._d1c512dc-f627-11eb-af1b-b862f982ea002.2ThreatsCharacterize threats through adversary intent and capability and promulgate threat advisories to the maritime community to reduce the unpredictability of cyber incidents._d1c5143a-f627-11eb-af1b-b862f982ea002.3Compliance & AssessmentImplement a risk based regulatory, compliance and assessment regime, incorporating international and industry recognized industry cybersecurity standards, to manage cybersecurity threat risks to maritime critical infrastructure and promote the lawful exchange of goods and services in the global marketplace._d1c515ac-f627-11eb-af1b-b862f982ea002.4Disincentives & RetaliationImpose cost to those who act to undermine the security of this vital resource._d1c5171e-f627-11eb-af1b-b862f982ea002.5ExpertiseDevelop expertise in cybersecurity of maritime IT/OT within the U.S. Coast Guard workforce in support of prevention and response activities._d1c5189a-f627-11eb-af1b-b862f982ea002.6Cyber Protection TeamsField deployable Cyber Protection Teams, interoperable with the DOD Joint Force and DHS, to augment COTPs in the execution of time critical or nationally significant prevention and response activities._d1c51a16-f627-11eb-af1b-b862f982ea002.7Cyber Protection TeamsDOD Joint ForceDHSCOTPsOversight, Advice & SupportDeploy CGCYBER forces to oversee, advise, and support a coordinated response in the event of a cybersecurity incident._d1c51b9c-f627-11eb-af1b-b862f982ea002.8CGCYBER ForcesIncident Response PlansUse the COTP (serving as the Federal Maritime Security Coordinator) to coordinate with federal, state, local, territorial, tribal, and industry partnerships to develop and exercise nested maritime cybersecurity incident response plans under the guidance from AMSCs and other relevant authorities._d1c51cfa-f627-11eb-af1b-b862f982ea002.9COTPsFederal PartnersState PartnersLocal PartnersTerritorial PartnersTribal PartnersIndustry PartnersTraining & Risk ManagementCoordinate with DHS, interagency partners, and partner nations to support maritime cybersecurity capacity building, training, and port security risk management._d1c51e62-f627-11eb-af1b-b862f982ea002.10DHSInteragency PartnersPartner NationsCyberspaceOperate in and through cyberspace_d1c52286-f627-11eb-af1b-b862f982ea00Line of Effort 3USCG CommandersCommanders conduct operations in cyberspace to obtain or retain freedom of maneuver, defend military advantage, deny freedom of action to threats and adversaries, and to enable additional operational activities. Operations through cyberspace are employed to deliver effects where modification or destruction of computers that control physical processes can lead to cascading effects (including collateral effects) in the physical domains.Projecting advanced cyberspace capabilities in and through the operating environment, alongside traditional U.S. Coast Guard capabilities, enables the service to fight and win across all domains. The U.S. Coast Guard will embed cyber planning in our traditional missions and execute cyberspace operations that combine the service’s unique authorities, capabilities, and workforce to deliver mission success. Through our role in DHS and the DOD’s Joint Force, we will execute operations through the law enforcement and military spectrums to impose costs on criminal actors or nation state adversaries. Intelligence, Surveillance & ReconnaissanceLeverage relationships with the Intelligence Community, DOD, Federal Law Enforcement, and foreign allies to employ intelligence, surveillance, and reconnaissance to illuminate adversaries in cyberspace._d1c5240c-f627-11eb-af1b-b862f982ea003.1Intelligence CommunityDODFederal Law Enforcement AgenciesForeign AlliesPlans & OperationsEquip operational commanders with requisite doctrine and innovative capability to plan, use, and integrate cyberspace and enabling activities into U.S. Coast Guard plans and operations across all missions._d1c5257e-f627-11eb-af1b-b862f982ea003.2Operational CommandersTeamsField Cyber Mission Teams and Cyber Support Teams, interoperable with the Joint Force and DHS, to conduct full spectrum cyberspace operations._d1c527ae-f627-11eb-af1b-b862f982ea003.3Cyber Mission TeamsCyber Support TeamsJoint ForceDHSOperational PlanningEnsure cyber enabling activities and cyberspace operations are embedded into the operational planning cycle at the Area and District levels._d1c52934-f627-11eb-af1b-b862f982ea003.4USCG AreasUSCG DistrictsElectromagnetic SpectrumExtend cyber operations through the electromagnetic spectrum in support of operational commanders._d1c52ab0-f627-11eb-af1b-b862f982ea003.5USCG Operational Commanders2021-08-05https://www.uscg.mil/Portals/0/Images/cyber/2021-Cyber-Strategic-Outlook.pdfOwenAmburOwen.Ambur@verizon.net