Commercial Vessel Compliance

4/22/2015: Coast Guard Commandant on Cybersecurity

Last week, the American Waterway Operators held their 2015 spring convention in Washington, D.C.

Coast Guard Commandant, Adm. Paul Zukunft was the keynote speaker. Zukunft remarks focused on Transnational Criminal Networks, developments in the Arctic, cybersecurity and the American energy renaissance.

For those of you who were unable to attend, Maritime Commons is providing a condensed version of the Commandant’s remarks from the convention in a four-part series.

Subscribe and stay tuned!

Delivered by Adm. Paul Zukunft


The Coast Guard has a statutory role to ensure that vessels and facilities are secure and resilient. This requires a close working relationship with industry to protect maritime operators and facilities from cyber-related threats.

Cyber has become a critically important growth area for the Coast Guard.

The Coast Guard is the Sector Specific Agency, or SSA, for the maritime critical infrastructure transportation sector and, as such, we are charged with protecting all maritime critical infrastructure from attacks, accidents and disasters.

When I visit maritime facilities – which I do with frequency – I always make note of the high fences, cameras and physical security measures that have been in place since 2002. However, that is a small part of any security plan in 2015.

The 1’s and 0’s launched in a cyber attack aren’t deterred by fences. I worry about supervisory control and data acquisition, or SCADA, systems, ship control systems, cranes and the automated technology upon which our entire economic system is now based.

Bad actors don’t need to blow up a ship…in fact, if they can seize control of its operating system, they don’t ever need to step foot on it. I am not trying to cast undue fear but, if we are not thinking about this, we can be certain that someone else is.

I think about this issue from two viewpoints. As I just detailed, there is clearly a security angle to consider. But, I am also concerned about the safety of our maritime transportation system and those who ply its waters. It’s not just hackers who can shut down a control system.

How many of you have gone home at night with a perfectly good computer on your desk only to return the next morning and find the “blue screen of death” awaiting you, thanks to an IT patch uploaded overnight? While it’s an annoyance in an office environment, it could be far more serious in a ship’s control system.

How are we managing that vulnerability? It’s among the kind of things we need to consider with today’s fleet.
In concert with the Department of Homeland Security, I will soon be signing and implementing a cyber strategy that will chart our way forward in this critical domain.

In addition to this post, be sure to read the other three posts from the American Waterway Operators spring convention.

Part 1: Transnational Criminal Organizations
Part 2: American Energy Renaissance
Part 3: Cybersecurity
Part 4: Developments in the Arctic

This blog is not a replacement or substitute for the formal posting of regulations and updates or existing processes for receiving formal feedback of the same. Links provided on this blog will direct the reader to official source documents, such as the Federal Register, Homeport and the Code of Federal Regulations. These documents remain the official source for regulatory information published by the Coast Guard.

Leave a Reply