The United States Coast Guard has recently been making moves to improve its cybersecurity practices. Because the military branch falls under the purview of the Department of Homeland Security, this makes sense. The DHS is looked at in a post-9/11 society as the first line of defense for national security issues. Specifically, the U.S. Coast Guard is restructuring its prior approach, putting its blue team into a new Cyber Operational Assessments Branch. Another change is that, for the first time, the U.S. Coast Guard will have a cybersecurity red team.
In the cybersecurity world, there tends to be two broad camps that most active security teams fall into. The first is the blue team and the second is the red team. Both have a similar goal, namely, hardening their organization’s defenses against potential threats. This includes (but is not limited to) vulnerability assessments, stress testing networks, and designing the infrastructure to be most beneficial in case of an attack. Where they differ, however, is the actual function. Red teams simulate the role of an attacker via penetration testing, whereas blue teams seek to identify the attackers’ actions on the red team. In short, one causes an incident and the other responds.
Both are necessary. However, both are not always used. This is a mistake, as red and blue teams are symbiotic in nature.
According to a report by the Federal News Network, the Coast Guard now recognizes this. The following is an excerpt that specifically shows how authorities in the Coast Guard are reacting to the new Cyber Operational Assessments Branch:
Lt. Kenneth Miltenberger, the cyber blue team branch chief, said the blue team will continue to provide endpoint scanning, cooperative vulnerability assessments and security consulting for its acquisition operations. ”We’re excited to see that kind of fusion — of cooperative assessments, plus [the] red team for some kind of holistic assessments,” Miltenberger said last week in a webinar hosted by ATARC.
The red team will seek to “serve as a cyber adversary emulation and penetration testing organization” for the Coast Guard. The hope is that this may turn the tide in what has been a sore spot for the U.S. military in the past. Cybersecurity protocols have been ineffective, showing that clearly, a change was needed. By not just focusing on guessing but rather seeing active attacks in real-time, perhaps this program can serve as a jumping-off point for the rest of the U.S. military.
Featured image: Flickr/UNC - CFC - USFK