49 Spring 2025 Proceedings approach above—to only allow known and expected communications. The last group of recommendations falls under inci- dent response, or how to limit the impact of intrusions and recover affected systems. This can involve redun- dant controls on a separate network, forced disconnec- tion or isolation in response to identified threats, or even just training for system owners and operators on effec- tive response measures. Leveraging a Joint Capability There are multiple approaches toward implementation of cybersecurity strategies, and the RDC is currently exploring one such path in partnership with the Naval Sea Systems Command (NAVSEA). The Situational Awareness, Boundary Enforcement, and Response (SABER) program is a Navy cyber resiliency program of record focusing on afloat platforms. As such, the partner- ship offers an opportunity for the Coast Guard to syn- chronize elements of fleet cyber defense with its routine Defense partner. Understandably, Coast Guard and Navy require- ments do not always align. The RDC is focused on iden- tifying SABER elements that appropriately support the Coast Guard mission set and assets as defined under the Department of Homeland Security, while also exploring opportunities to adapt, improve, and further develop existing Coast Guard requirements. Building cyber resil- iency into platforms at the design stage is understand- ably more efficient than retrofitting solutions to existing systems. The age of the Coast Guard fleet is well-documented, however, and it is imperative to ensure that both new software and new hardware are fully interoperable with existing control systems. Availability and reliability are the top priorities for OT, so potential security benefits must be weighed against potential performance impacts. The RDC has been able to mitigate this risk in part by testing initial SABER capabilities on a simulator typically used for maintenance training. While not all networks are physically represented, enough devices are present on the existing networks to gauge the potential impact of operating the cybersecurity system during normal operations, even if the traffic is not fully equivalent. This conservative approach also provides an opportunity to demonstrate potential solutions to subject matter experts in a controlled and accessible environment, guiding future development. Testing on operational systems is clearly important, and the RDC leverages its connections with the fleet for proof-of-concept, verification, and validation testing to better account for the wide range of requirements across the afloat community. Testing cyber resiliency on cutters gives the RDC the opportunity to engage with potential end users of the system and incorporate additional design requirements that may not be immediately evident in a lab environment. By including crewmembers in testing, the RDC has been better able to identify which tools are essential for mission cyber defense and understand how they can be implemented in a manner that is effective and unobtrusive. This also applies to the physical ele- ments. Size, weight, and power are more of a concern for mobile platforms than fixed sites and understanding interferences and limits for hardware is essential. This has also provided value for NAVSEA, as the Coast Guard fleet, being designed and operated for a different mission set, operates at a different scale and a different level of flexibility. The joint cyber resiliency collaboration between the RDC and NAVSEA continues to provide valuable opportunities for both partners, and the center intends to continue leveraging this relationship for the Coast Guard’s benefit. OT cybersecurity is becoming increas- ingly critical to safeguarding an increasingly intercon- nected nation, and the Coast Guard aims to keep pace with developments in this field for the benefit of all. About the author: Robert Coburn has worked at the Coast Guard Research and Develop- ment Center for four years with a general focus on improving mobile data-collection capabilities. He also has four years of private-sector expe- rience supporting maintenance analysis. Endnotes: 1. CEO of Dozens of Companies and Entities in Florida and New Jersey Admits Role in Massive Scheme to Traffic in Fraudulent and Counterfeit Cisco Networking Equipment, Press Release 23-164, U.S. Attorney’s Office, District of New Jersey, 2023 2. Ibid 3. Ibid 4. The Internet of Everything, Global Private Sector Economic Analysis, Frequently Asked Questions, Cisco, 2013 5. Naval Dome: Cyberattacks on OT Systems on the Rise, The Maritime Executive, 2020 6. Cyber Strategic Outlook, United States Coast Guard, 2021 7. Ibid 8. Ibid 9. ICS Recommended Practices, CISA. https://www.cisa.gov/resources-tools/ resources/ics-recommended-practices 10. Mitigations for Security Vulnerabilities Found in Control System Networks, Instrumentation, Systems and Automation Society (ISA), 2006 11. Where Did All My Bandwidth Go?, SANS Institute Reading Room, Todd Thompson, 2001 More details on these strategies can be found on CISA’s ICS Recommended Practices page at https://bit.ly/ICSPractices. For more information
