Are you the weakest cybersecurity link at your agency?

An agency can build the strongest barriers to keep intruders out of its IT systems, but one slip by a single employee can inadvertently put the whole system at risk.

When it comes to protecting the cyber domain at his command, Adm. Paul F. Zukunft, Commandant of the Coast Guard, said that the weakest link can be the human capital resource component.

“It comes down to what I call ‘cyber hygiene,'” he said. “We see that not just with the Coast Guard, but we see that throughout every organization.”

“Who do you have protecting your facility internally and externally against zeros and ones that may threaten to take down your facility?” he said. “It is a daily occurrence in the U.S. Coast Guard where we have an internal patch that we need to apply because somebody took a shortcut. They are smarter than the guidance that we provide them that say ‘You shall not do this.’ Folks go ahead and do that and then they compromise our entire system.”

To tackle such incidents, the Coast Guard recently stood up a 70-person cyber command to oversee its IT systems.

“It may not seem like a lot, but they can have awareness across our full operating domain cyber within the Coast Guard,” Zukunft said. “So, daily they can look at where those potential leaks are, malware that may be introduced and then go out and fix it.”

In establishing the cyber command, Zukunft told the 70 experts that they needed to specialize in this discipline into perpetuity. Rather than cycling out of the command ever two or three years, they needed to be cyber specialists.

“You really need to be specialized,” he said. “Especially in this field of work, because it changes so rapidly that you need to have folks keeping pace with the changes that take place around us.”

The Coast Guard’s cyber strategy focuses on three areas:

• Defending its internal systems from attack;
• Enabling Coast Guard operations within its cyber systems;
• Protecting the nation’s critical infrastructure.

Good cyber hygiene across these three areas is crucial to preventing cyber intrusions.

“We need it to protect our cyber domain, we need to enable our operations and we need it to protect our critical infrastructure,” Zukunft said. “So this template, if you will, for a strategy, yes it applies, if you’re private/public sector. Unfortunately, it also applies if you’re one of our adversaries as well, who we do not want to be found in the cyber domain.”

The challenge, he said, is that no matter how diligent one is about training and screening individuals and building a secure infrastructure, there will always be single points of failure.

“You could have 99.9 percent compliance and then one individual,” Zukunft said. “Look what a Snowden did to our credibility and the level that compromised. One individual and this is malicious. So, those are the real challenges that you face. Part of that is in the screening process of who you bring into your organization. Who do you issue a CAT card to that provides them with unfettered access to our domain. So, we need to think a little bit longer and smarter about how we do that.”

RELATED STORIES:

Coast Guard Commandant lays out budget, acquisition challenges for year ahead

U.S. Cyber Command wants DISA to take greater role in DoD cyber defense

Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.