The economic vitality and national security of the United States depends on a vast array of interdependent and critical networks, systems, services, and resources that constitute, in part, cyber space. It’s far too easy to take for granted how we communicate, travel, power our homes, bank, run our economy, and manage our integration into the larger “cyber ecosystem.” To better understand future implications and challenges for the Coast Guard and the marine transportation system (MTS), writ large, Sector New York developed a cyber program with three main goals:
- Increase corporate knowledge of cyber security efforts within the Port of New York and vessels calling on the port complex.
- Partner with world-class entities to look for the “best-in-class” cyber practices, then evaluate and harvest those concepts that show promise for applicability to the broader MTS.
- Develop an exercise system that tests and evaluates cyber resiliency, just as we would prepare to respond to any other reasonably likely scenario with the potential to produce severe consequences.
As an operational commander considering where and how best to invest effort, the calculus of risk management makes it essential to consider both the impacts and return on investment in the allocation of scarce resources. It would be relatively easy and benign to wait for somebody else to frame the cyber issues. As U.S. Coast Guard Commandant Admiral Paul Zukunft pointed out at a Center for Strategic and International Studies (CSIS) forum in Washington, D.C., on June 17, 2015, if government agencies can share best practices and establish voluntary standards in cyber security, then enlightened self-interest will prompt private companies to adopt them.1 Discussing cyber vulnerabilities and how a cooperative cyber engagement strategy may mitigate them and allow for a quicker response has been deemed a worthwhile investment.
Yogi Berra once famously opined that “The future ain’t what it used to be.” So, too, the future of cyber security won’t be what it is today. The only foreseeable constant is that it will likely remain difficult to accurately define; it will potentially be unbounded, as cyber intersects across virtually all aspects of politics, society, and the economy, among other aspects of everyday life.
We urge each of you reading this article to consider what resources you have available and how you might con- tribute to the larger dialogue as we think about the future. The cyber issue is not going away—if anything, the challenges will follow an exponential curve as technologies and threats evolve. That makes it an imperative for each of us to continue to understand the threats and mitigate their impacts so we can learn how to better operate within the cyber ecosystem.
High Stakes, High Regard
According to the Lloyd’s (of Lon-don) City Risk Index, cyber attacks outweigh physical terrorism in the amount of gross domestic product (GDP) at risk: $294.15 billion, compared to $98.2 billion. Of the 301 cities analyzed world- wide, New York ranked number one at risk for loss of GDP by way of cyber attack, with a potential vulnerability of $14.08 billion.