Coast Guard Needs Fresh IT, People to Keep Networks Secure


The service’s head of Cyber Command outlines his strategy for updating old systems and getting personnel to rethink cybersecurity.

With cyberattacks growing more frequent and sophisticated than ever before, a small Coast Guard office is busy updating the service’s old IT systems to stay one-step ahead of the latest online threats.

As head of the branch’s Cyber Command, Rear Adm. Kevin Lunday is tasked with defending the IT networks, telecommunications, and command and control systems for the service’s global fleet. In a conversation with Nextgov, he outlined his plans for keeping the service safe and stressed the need for agencies to change the way they view security in the years ahead.

“If we think about cyberspace as an operational domain … it means investing in [technology] as a strategic asset,” he said. “You can’t paint a racing stripe on it … like we do with our cutters and our aircraft, but it’s just as important to getting the mission done as the traditional assets that are very visible.”

Since taking the helm of CGCYBER in 2015, Lunday has overseen the service’s efforts to build agile IT systems that can be constantly updated against the latest threats.

The Coast Guard is on track to complete the first phase of its IT modernization plan, which entails updating the hodgepodge of outdated operating systems in the branch’s IT infrastructure to Windows 10, by the end of March, he said.

The initiative would not only equip officers with a more secure operating system but has also required upgrading most of the branch’s computer hardware and network infrastructure, he said. It also marks a big step toward the Pentagon’s proposed Joint Information Environment.

CGCYBER is also responsible for supporting the Coast Guard’s recent investments in the biometric and unmanned aircraft technologies that help intercept international traffickers and criminals before they enter the country, he said.

But while the agency needs the right tools to accomplish its mission, the “people, not technology, are most important,” Lunday said.

Like other federal agencies, the Coast Guard has found it difficult to hire talented IT and cybersecurity personnel, Lunday said. As the government’s overall IT workforce rapidly ages, Lunday said it’s essential to enlist active-duty members, reserve officers and contractors to strengthen the agency’s stance in cyberspace.

As a military branch housed within the Homeland Security Department, the Coast Guard has relied on both the Defense and Homeland Security departments’ training programs get personnel up-to-speed on much-needed cyber skills, Lunday said. His office is also assembling a tactical cyber team that will ultimately include 39 experts capable of rapidly responding to attacks on the country’s ports and maritime infrastructure.

Lunday also stressed the need to build relationships with cyber experts in the private sector, and get government employees to rethink how they interact with technology. Rapidly evolving risks means compliance guidelines won’t always cover the newest threats, and Lunday said it’s crucial his team and federal employees generally play an active role in their own online protection.

“If we get every user to think of [cyberspace] as an operational domain, and to approach it with an operational readiness mindset, than that’s a much more productive approach in terms of network security,” he said. “Every time you log onto your computer, you’re in the operational domain of cyberspace—most people don’t think that way yet, but we’re learning.”