Waterways Journal Editorial
WJ Editorial

Initiative Addresses Cybersecurity On And Off Waterways

Few people know that the Coast Guard has a long and storied history in codebreaking and counter-espionage. The 2017 book The Woman Who Smashed Codes, by journalist Jason Fagone, tells the story of Elizebeth Freidman and her husband, William. Together they founded most of the code-breaking institutions and teams in the United States, including what would later become the National Security Agency. Elizebeth worked for the Coast Guard throughout the 1930s, managing the only sophisticated code-breaking operation in the entire federal government. It was necessary because rum runners, whom the Coast Guard was charged with interdicting, used elaborate radio coding systems. 

Because she was a woman, disliked publicity and worked in secret, Elizebeth’s contributions were long overlooked. While at the Coast Guard, Elizebeth broke several versions of the German Enigma machine using pencil and paper alone to figure out its wiring—completely independently of the British whose Bletchley Park efforts are better known, and without the benefit of having a physical machine as the British did. She and her team also broke the Japanese diplomatic ciphers that enabled the U.S. to read Japanese coded traffic during World War II. Her unit provided all of the radio intercepts used to infiltrate and round up Nazi spy rings in South America, which J. Edgar Hoover’s FBI later took credit for. 

In our wired world, cybersecurity isn’t “just cyber” anymore. It’s entwined with everything else. Massive database hacks are routine occurrences. For every publicized ransomware attack like the one on the Colonial Pipeline earlier this spring (which also compromised the personal information of 5,810 people, it was recently revealed), there are dozens that never make the news because their victims quietly pay. Hackers operating out of rogue states often know the precise “pain points” at which victims figure it is cheaper and less of a hassle to pay rather than refer the matter to law enforcement, whose efforts can have uncertain outcomes. 

The Coast Guard’s Cyber Readiness Institute, founded in July 2017, develops free resources to improve cyber readiness for small and medium-sized businesses (WJ, February 5). Most of its resources focus on human behavior, which still provides most open windows for hackers to exploit. 

Sign up for Waterway Journal's weekly newsletter.Our weekly newsletter delivers the latest inland marine news straight to your inbox including breaking news, our exclusive columns and much more.

A relatively new federal agency is helping to coordinate cybersecurity efforts. The Cybersecurity and Infrastructure Security Agency (CISA) was created by the Cybersecurity and Infrastructure Security Act, which President Donald Trump signed into law in 2018 in response to the stepped-up threat levels. CISA calls itself “the nation’s risk advisor” and is a successor agency within the Department of Homeland Security to the National Protection and Programs Directorate (NPPD). Its remit is broad, including not just cybersecurity but all aspects of physical infrastructure security. It partners with many other private and public entities, including maritime agencies, offering many free resources that can be useful to the maritime community. 

On August 6, CISA announced it was standing up a new collaborative initiative, the Joint Cyber Defense Collaborative (JCDC), which develops cybersecurity plans in collaboration with public and private partners. Part of the fruits of the partnership is the recent alert sent out by the Coast Guard to members of the maritime community regarding possible malware installed in BlackBerry QNX versions 6.5 or below that is mentioned in this issue’s Washington Waves.

At a time when cyber and physical security are on our minds, it is good to take note of these agencies and their resources and do what we can as an industry to protect our businesses and employees.