The U.S. Coast Guard has released a new cyber strategy that comes with three lines of effort: defend and operate the service’s Enterprise Mission Platform; safeguard the Marine Transportation System; and operate in and through cyberspace.

The service said the Cyber Strategic Outlook updates its 2015 Cyber Strategy to ensure its readiness to perform all missions in a contested cyber domain, protect the maritime transportation sector through a rule-based international order and counter adversaries in cyberspace.

The Coast Guard outlined measures to defend EMP. These include investing in artificial intelligence, cloud, automation, sensors, mobility and other capabilities to provide a resilient and secure environment for operations, strengthening the cybersecurity posture of supply chains and advancing interoperability with U.S. Cyber Command the Joint Force.

For the second line of effort, the service has proposed to apply the prevention and response framework to help industry manage cyber risks to maritime critical infrastructure, promote information sharing and refine cyber incident reporting requirements and field deployable cyber protection teams, among others.

The Coast Guard will extend cyber operations via the electromagnetic spectrum in support of operational commanders, deploy cyber mission and support teams and leverage relationships with the Department of Defense, intelligence community, federal law enforcement and foreign allies to advance use of intelligence, surveillance and reconnaissance to identify cyberthreat actors, among other steps, to execute the third line of effort.

Rear Adm. Michael Ryan, commander of the Coast Guard’s Cyber Command, said the release of the new strategy comes amid recent cyberattacks on critical infrastructure, according to a report by FedScoop.

“It really is about revitalizing the focus of our organization,” he said of the Cyber Strategic Outlook.

ExecutiveBiz, sister site of GovConDaily and part of the Executive Mosaic digital media umbrella, will host a virtual event about securing the supply chain on Oct. 26. Visit ExecutiveBiz.com to sign up for the “Supply Chain Cybersecurity: Revelations and Innovations” event.

The Senate Homeland Security and Governmental Affairs Committee has issued a 47-page report outlining a list of recommendations to improve the cybersecurity posture of federal agencies. 

The Senate panel’s Federal Cybersecurity report recommends that the Office of Management and Budget (OMB) direct agencies to adopt a risk-based budgeting framework for information technology investments.

The Senate committee called for the U.S. government to take a “centrally coordinated approach” to cybersecurity to ensure accountability and urged the Department of Homeland Security (DHS) to give Congress a plan to update the EINSTEIN system.

The panel has recommended that the Cybersecurity and Infrastructure Security Agency (CISA) expand shared services offerings to agencies.

Congress should amend the Federal Information Security Modernization Act of 2014 to reflect cyber best practices, direct federal agencies and contractors to inform CISA of cyber incidents and formalize the role of CISA as the operational federal cybersecurity lead, according to the report.

The Senate panel also listed some of its findings. The average information security maturity letter grade assigned by inspectors general to federal agencies was a C-.

The committee found that of the eight agencies reviewed, DHS was the only agency to adopt an “effective cybersecurity regime” in 2020. The panel also identified cyber weaknesses among agencies, including the use of systems without authorization to operate, failure to immediately roll out security patches and other vulnerability remediation controls and inability to protect personally identifiable information.

ExecutiveBiz, sister site of GovConDaily and part of the Executive Mosaic digital media umbrella, will host a virtual event about securing the supply chain on Oct. 26. Visit ExecutiveBiz.com to sign up for the “Supply Chain Cybersecurity: Revelations and Innovations” event.

The National Security Agency (NSA) partnered with the Cybersecurity and Infrastructure Security Agency (CISA) to provide guidance on Kubernetes, an open-source automation system used for containerized applications. 

The agencies' Kubernetes Hardening Guidance report tackles threats to Kubernetes and offers risk reduction practices, NSA said Tuesday. Cyber attackers target Kubernetes environments to steal data and computational power or disrupt applications.

The report advises organizations to scan containers for vulnerabilities, separate networks and apply defensive measures such as strong authentication and firewalls.

The agencies also recommend that system administrators periodically review Kubernetes settings and inspect for vulnerabilities. The new guidance aligns with NSA's mission to protect national security systems and the defense industrial base.