Quantcast
4S Ranch Allied Gardens Alpine Baja Balboa Park Bankers Hill Barrio Logan Bay Ho Bay Park Black Mountain Ranch Blossom Valley Bonita Bonsall Borrego Springs Boulevard Campo Cardiff-by-the-Sea Carlsbad Carmel Mountain Carmel Valley Chollas View Chula Vista City College City Heights Clairemont College Area Coronado CSU San Marcos Cuyamaca College Del Cerro Del Mar Descanso Downtown San Diego Eastlake East Village El Cajon Emerald Hills Encanto Encinitas Escondido Fallbrook Fletcher Hills Golden Hill Grant Hill Grantville Grossmont College Guatay Harbor Island Hillcrest Imperial Beach Imperial Valley Jacumba Jamacha-Lomita Jamul Julian Kearny Mesa Kensington La Jolla Lakeside La Mesa Lemon Grove Leucadia Liberty Station Lincoln Acres Lincoln Park Linda Vista Little Italy Logan Heights Mesa College Midway District MiraCosta College Miramar Miramar College Mira Mesa Mission Beach Mission Hills Mission Valley Mountain View Mount Hope Mount Laguna National City Nestor Normal Heights North Park Oak Park Ocean Beach Oceanside Old Town Otay Mesa Pacific Beach Pala Palomar College Palomar Mountain Paradise Hills Pauma Valley Pine Valley Point Loma Point Loma Nazarene Potrero Poway Rainbow Ramona Rancho Bernardo Rancho Penasquitos Rancho San Diego Rancho Santa Fe Rolando San Carlos San Marcos San Onofre Santa Ysabel Santee San Ysidro Scripps Ranch SDSU Serra Mesa Shelltown Shelter Island Sherman Heights Skyline Solana Beach Sorrento Valley Southcrest South Park Southwestern College Spring Valley Stockton Talmadge Temecula Tierrasanta Tijuana UCSD University City University Heights USD Valencia Park Valley Center Vista Warner Springs

Insider hacking and the Coast Guard

Potential threats from trusted employees multiply, federal audit says

Coast Guard Cutter EDISTO operates from Southern California to Central America.
Coast Guard Cutter EDISTO operates from Southern California to Central America.

Is the United States Coast Guard, a key San Diego player in the battle against drug smuggling and human trafficking from Mexico, setting itself up for computer attacks mounted by its own most trusted employees?

So concludes a March 27 audit of the service's gaping information system vulnerabilities by the Inspector General's office of the Department of Homeland Security.

With billions of dollars tied up in illicit border traffic, it is well known among the feds that substantial bribes can be had from major smugglers for politicos and law-enforcement types with the ability to penetrate data networks.

"Trusted insiders could be given elevated access to mission-critical assets, including personnel, facilities, information, equipment, networks, or systems. Potential threats can include damage to the United States through espionage, terrorism, and unauthorized disclosure of national security information," says the audit document.

"Trusted insiders may also be aware of weaknesses in organizational policies and procedures, as well as physical and technical vulnerabilities in computer networks and information systems."

According to the audit, "In the wrong hands, insiders use this knowledge to facilitate malicious attacks on their own or collude with external attackers to carry out such attacks."

The situation has grown worrisome enough, the report says, that a formal charter was signed in February 2012 to set up the "Coast Guard Insider Threat Working Group to serve as a focal point for addressing insider threat issues."

As a result, some security holes, discovered during a review at Coast Guard headquarters in Washington DC and the air station at Ronald Reagan National Airport, have been plugged, but serious problems remain, the investigation found.

"Our technical testing demonstrated that unauthorized removable media devices can be connected to [Coast Guard computer] assets and used to remove simulated sensitive information," the auditors said. "Using login accounts supplied by USCG, we were able to transfer simulated sensitive information to and from [computer] assets using unauthorized removable media devices at multiple [Coast Guard] locations."

In addition, the audit showed "that simulated sensitive information could be sent from a USCG issued email account to an external personal email account. The failure to prevent the unauthorized removal or transfer of sensitive information through email provides a malicious insider the opportunity to carry out such an attack, making it difficult for an organization to protect itself."

The auditors added that they had "found external hard drives that were unattended and not properly locked and secured."

"When external hard drives are not properly secured, the risk of unauthorized access or theft from insiders increases." Besides that, wireless routers and laptops were found to be lying loose around the offices, according to the report.

Detection of possible on-staff miscreants has also been neglected, the document says, with a serious time lag in conducting "insider threat based security awareness training."

The Coast Guard's Counterintelligence Service is taking until September 30 of this year to finish the job, the audit notes.

"Until such training is fully implemented, USCG employees may not be aware of or have the knowledge to recognize insider threat behavior, or the appropriate process to report potential insider threats or actual attacks."

Here's something you might be interested in.
Submit a free classified
or view all

Previous article

Nature joins antifa, burns large swaths of California in protest

Fiery and Not at All Peaceful
Next Article

The controversy behind Maïmouna Doucouré’s Cuties

Netflix is guilty of many things, but pandering to child molesters is not one of them.
Coast Guard Cutter EDISTO operates from Southern California to Central America.
Coast Guard Cutter EDISTO operates from Southern California to Central America.

Is the United States Coast Guard, a key San Diego player in the battle against drug smuggling and human trafficking from Mexico, setting itself up for computer attacks mounted by its own most trusted employees?

So concludes a March 27 audit of the service's gaping information system vulnerabilities by the Inspector General's office of the Department of Homeland Security.

With billions of dollars tied up in illicit border traffic, it is well known among the feds that substantial bribes can be had from major smugglers for politicos and law-enforcement types with the ability to penetrate data networks.

"Trusted insiders could be given elevated access to mission-critical assets, including personnel, facilities, information, equipment, networks, or systems. Potential threats can include damage to the United States through espionage, terrorism, and unauthorized disclosure of national security information," says the audit document.

"Trusted insiders may also be aware of weaknesses in organizational policies and procedures, as well as physical and technical vulnerabilities in computer networks and information systems."

According to the audit, "In the wrong hands, insiders use this knowledge to facilitate malicious attacks on their own or collude with external attackers to carry out such attacks."

The situation has grown worrisome enough, the report says, that a formal charter was signed in February 2012 to set up the "Coast Guard Insider Threat Working Group to serve as a focal point for addressing insider threat issues."

As a result, some security holes, discovered during a review at Coast Guard headquarters in Washington DC and the air station at Ronald Reagan National Airport, have been plugged, but serious problems remain, the investigation found.

"Our technical testing demonstrated that unauthorized removable media devices can be connected to [Coast Guard computer] assets and used to remove simulated sensitive information," the auditors said. "Using login accounts supplied by USCG, we were able to transfer simulated sensitive information to and from [computer] assets using unauthorized removable media devices at multiple [Coast Guard] locations."

In addition, the audit showed "that simulated sensitive information could be sent from a USCG issued email account to an external personal email account. The failure to prevent the unauthorized removal or transfer of sensitive information through email provides a malicious insider the opportunity to carry out such an attack, making it difficult for an organization to protect itself."

The auditors added that they had "found external hard drives that were unattended and not properly locked and secured."

"When external hard drives are not properly secured, the risk of unauthorized access or theft from insiders increases." Besides that, wireless routers and laptops were found to be lying loose around the offices, according to the report.

Detection of possible on-staff miscreants has also been neglected, the document says, with a serious time lag in conducting "insider threat based security awareness training."

The Coast Guard's Counterintelligence Service is taking until September 30 of this year to finish the job, the audit notes.

"Until such training is fully implemented, USCG employees may not be aware of or have the knowledge to recognize insider threat behavior, or the appropriate process to report potential insider threats or actual attacks."

Sponsored
Here's something you might be interested in.
Submit a free classified
or view all
Previous article

Protestors accuse Trump Boat Parade of trading in racist stereotypes

White Suprema-sea?
Next Article

Nature joins antifa, burns large swaths of California in protest

Fiery and Not at All Peaceful
Comments
6

I'm not sure the CG is in a true mode of self-examination. It is hard to know just what the CG is, let alone what it stands for. Not long ago we had a truly tragic case of a CG patrol boat running down a civilian craft, killing an eight-year old boy, as I recall. After a lengthy "investigation" the CG charged one of its petty officers with manslaughter in the case of "hot dogging" an overpowered boat into a pack of civilian watercraft that were out for recreation. The result was that a CG court martial acquitted the perp all the serious charges, and also exonerated a group of others who were also culpable. In short, the U S Coast Guard utterly failed to "man up" to some really bad decisions and failures of leadership. After that episode, I lost any confidence I might have ever had about the professionalism and honesty of the CG. It was a disgrace to the service and to the USA!

So, what's new?

April 9, 2015

I agree with you, Visduh. That was a shameful incident that remains a stain on the Coast Guard.

April 10, 2015

Thanks. The standard answer to all this would be to appropriate more money to the CG. The drug interdiction that sends CG vessels out onto the high seas, hundreds of miles from any US territory, has to be sapping their ability to perform their primary mission, which at least used to be, rescue of vessels in distress.

The CG was doing OK until 9/11. But the security mission got them into all sorts of things that didn't make us more secure. That patrol boat that rammed the civilian craft right in San Diego Bay was one of the things they got in the name of security. And so they put an immature bunch of youngsters into the boat, and they did just what you might expect, race around in it like hot-rodding teens and those just past that age could be expected to do.

April 10, 2015

Visduh: You are right about the boating accident. That was a terrible tragedy and the CG held those people accountable. It also caused a change in screening and qualification process to avoid things like that in the future.

You are however extremely wrong in your comments about 'security missions '. The CG has conducted security and law enforcement missions since 1790. Did you know that in WWI the CG had the highest percentage of casualties as a whole per US armed forces? In WWII the CG was responsible for escorting merchant ships across the Atlantic where they hunted hunted submarines. Thousands of coasties were killed. Right now specialized CG teams are conducting counter piracy missions off the coast of Africa because under international law if the navy engages pirates it's an act of war. Search and rescue is the 'bread and butter ' of CG missions alright, but it is because they are the best in the world at it. However it's not the CG's primary mission.

Have u ever been to the ports of Los Angeles or NY? The CG works 24/7 at these ports to keep terrorists from blowing them up. Not just by driving boats but also planning and intelligence. Everyday ships come to our ports from places like iraq and China. Coast Guard teams board these ships offshore and ensure they are safe and secure prior to entering our waters. And for shipping safety the CG is the lead federal agency for SOLAS, or safety of life at sea where they inspect and regulate the shipping industry ensuring that all ships both domestic and international that deal in US commerce are doing it to an industry standard. Oh and the CG is also the lead federal agency for protection of our marine ecosystem and precpreventing oil disasters. The CG enforces the laws that protect the oceanic environment and keep our seas from being over fished.

Like i said i agree with you on the boat accident, but please do research before making comments that may not be accurate

April 11, 2015

Hookay, you say the CG held those miscreants "accountable" for that boat crash. If you think that the light-to-almost-non-existent punishments meted out constitute accountability, you have a most generous definition of the term. The most egregious of the bunch was convicted of a minor offense and given a slap on the wrist with a ruler. He wasn't kicked out of the CG, and was still telling the public that he hoped to make it a career! Did they allow him or any of the others to re-enlist?

Other than that, I don't dispute what you say. In fact, your comments tend to illustrate my point, which was that the CG is spread thin, trying to do too many things without adequate resources. As to them being used to control Somali pirates, all I can say is that a mission half a world away is a job for the Navy. And what difference does it make if a pirate band or vessel engages or is engaged by our Navy? Let the bums go to war with the US! When all civilized nations decide to end the scourge of piracy as they did about two hundred years ago, it will stop. The rope and yardarm were a wonderful deterrent to would-be pirates then.

Mentioning the history of the service doesn't deal with today's shortcomings. Actually the CG was founded to stop smugglers from evading US tariff laws, and so its original purpose was revenue based. That also explains why the CG spent most of its existence as part of the Treasury Department.

April 11, 2015

Totally agree that the coast guard is underfunded, especially since they are so critical to US security. The CG has always been stretched thin and Congress is way to eager to trim the CG's budget whenever it can to appropriate more money to the DOD.

The operator of that boat was sentenced to 3 months in the brig with reduction in pay grade. That doesn't mean he gets reduced pay, it means that while he's locked up he's stripped of rank. Basically a kick in the balls. There was no chance of retention after a courts martial where one is found guilty; if you are going to serve time however in a military brig you still have to have a military rank. He was separated immediately following confinement. The CG then turned over its own investigation to the civil courts so the family could file their own suits against the operator with heavier consequences. The other members were all separated but one i believe, and my sources tell me that he wasn't allowed to re enlist. I agree it does seem like a bit of a slap on the wrist, but that is why the CG wanted to separate and turn the case over since it was a double jeapardy situation and they knew the civil court would be able to hand out a healthier punishment.

The nite of the accident the CG boat wasn't doing the 50 plus knots it's capable of (the media of course blew it out of proportion ) they were actually doing 19. They were responding to a non emergent grounded vessel. Because the vessel was not in danger the CG boat should have been traveling 8 knots. The vessel it ended up hitting was actually unlit which is a violation of inland navigation rules. I'm not trying to stick up for the crew here, but showing that from the facts that were present the CG prosecutor couldn't get a homicide charge verdict, so they went for the deriliction of duty charge since it was the most likely to stick. Like i said tho they handed the investigation over to the family's attorneys in order to prosecute the operator in civilian court.

Very unfortunate a little boy lost his life. But it was an isolated situation and it doesn't represent the professionalism of the CG as a whole.

April 12, 2015

Sign in to comment

Sign in

Art Reviews — W.S. Di Piero's eye on exhibits Ask a Hipster — Advice you didn't know you needed Best Buys — San Diego shopping Big Screen — Movie commentary Blurt — Music's inside track Booze News — San Diego spirits City Lights — News and politics Classical Music — Immortal beauty Classifieds — Free and easy Cover Stories — Front-page features Excerpts — Literary and spiritual excerpts Famous Former Neighbors — Next-door celebs Feast! — Food & drink reviews Feature Stories — Local news & stories From the Archives — Spotlight on the past Golden Dreams — Talk of the town Here's the Deal — Chad Deal's watering holes Just Announced — The scoop on shows Letters — Our inbox [email protected] — Local movie buffs share favorites Movie Reviews — Our critics' picks and pans Musician Interviews — Up close with local artists Neighborhood News from Stringers — Hyperlocal news News Ticker — News & politics Obermeyer — San Diego politics illustrated Of Note — Concert picks Out & About — What's Happening Overheard in San Diego — Eavesdropping illustrated Poetry — The old and the new Pour Over — Grab a cup Reader Travel — Travel section built by travelers Reading — The hunt for intellectuals Roam-O-Rama — SoCal's best hiking/biking trails San Diego Beer — Inside San Diego suds SD on the QT — Almost factual news Set 'em Up Joe — Bartenders' drink recipes Sheep and Goats — Places of worship Special Issues — The best of Sports — Athletics without gush Street Style — San Diego streets have style Suit Up — Fashion tips for dudes Theater Reviews — Local productions Theater antireviews — Narrow your search Tin Fork — Silver spoon alternative Under the Radar — Matt Potter's undercover work Unforgettable — Long-ago San Diego Unreal Estate — San Diego's priciest pads Waterfront — All things ocean Your Week — Daily event picks
4S Ranch Allied Gardens Alpine Baja Balboa Park Bankers Hill Barrio Logan Bay Ho Bay Park Black Mountain Ranch Blossom Valley Bonita Bonsall Borrego Springs Boulevard Campo Cardiff-by-the-Sea Carlsbad Carmel Mountain Carmel Valley Chollas View Chula Vista City College City Heights Clairemont College Area Coronado CSU San Marcos Cuyamaca College Del Cerro Del Mar Descanso Downtown San Diego Eastlake East Village El Cajon Emerald Hills Encanto Encinitas Escondido Fallbrook Fletcher Hills Golden Hill Grant Hill Grantville Grossmont College Guatay Harbor Island Hillcrest Imperial Beach Imperial Valley Jacumba Jamacha-Lomita Jamul Julian Kearny Mesa Kensington La Jolla Lakeside La Mesa Lemon Grove Leucadia Liberty Station Lincoln Acres Lincoln Park Linda Vista Little Italy Logan Heights Mesa College Midway District MiraCosta College Miramar Miramar College Mira Mesa Mission Beach Mission Hills Mission Valley Mountain View Mount Hope Mount Laguna National City Nestor Normal Heights North Park Oak Park Ocean Beach Oceanside Old Town Otay Mesa Pacific Beach Pala Palomar College Palomar Mountain Paradise Hills Pauma Valley Pine Valley Point Loma Point Loma Nazarene Potrero Poway Rainbow Ramona Rancho Bernardo Rancho Penasquitos Rancho San Diego Rancho Santa Fe Rolando San Carlos San Marcos San Onofre Santa Ysabel Santee San Ysidro Scripps Ranch SDSU Serra Mesa Shelltown Shelter Island Sherman Heights Skyline Solana Beach Sorrento Valley Southcrest South Park Southwestern College Spring Valley Stockton Talmadge Temecula Tierrasanta Tijuana UCSD University City University Heights USD Valencia Park Valley Center Vista Warner Springs
Close