Tiffin Tuesdays featuring U.S. Coast Guard Captain Andrew Tucci

Captain Andrew Tucci, you have been selected for #TiffinTuesdays for your involvement in the Maritime Risk Symposium.  Why is cyber security so important to the people of our country?

Andrew Tucci
Cyber security is important because a large and rapidly growing portion of our society uses cyber systems. Interconnected computer based systems – my definition of “cyber” - are truly ubiquitous.  Conservative estimates of the growing “Internet of Things” project well over 10 billion connected devices in the next few years. Cyber systems now enable everything from frivolous entertainment systems (another cat video anyone?) to traffic lights, power grids, farming and implanted medical devices. I can’t think of any other technology so completely integrated into society. While we are constantly amazed by the latest clever device, app, or new use of cyber, we are also just now beginning to suspect how cyber security shortfalls can put all of that at risk. By exploiting cyber vulnerabilities, various malicious parties have committed fraud on an immense scale, disabled power grids, taken control of industrial, public safety, and security systems, stolen the private information from hundreds of millions of individuals, smuggled contraband, and carried out disinformation campaigns to distort our very own democracy. I’m optimistic that we can address these risks, but we have much work to do.

How did you get involved with the Symposium?
As a Coast Guard officer I have long studied risk in the maritime domain – indeed, my job description could be described as “maritime risk manager.” I was fortunate to be part of the most recent Symposium at UNC Chapel Hill and I’m really looking forward to the upcoming event at Tiffin.

Who/what groups will be attending the Symposium and why?
The latest registration numbers show that we’ll have an overflowing house! We have representatives from all of the armed services, across DHS and government, academia, and of course the maritime and cyber industries. I think we can attribute this strong showing first to the Symposium’s organizers and the success of past events. I also think it is also fair to say that the maritime industry is somewhat behind others in addressing cyber security, but is now seeing this as a unique opportunity to make progress. Finally, the International Maritime Organization, the U.S. Coast Guard and various marine industry groups have all come out with preliminary cyber security standards in the last 18 months or so. These milestones, preliminary as they are, have helped raise awareness and build momentum.

What is your background in cyber security?
Let’s just say that I’ll be one of the least educated persons at this year’s symposium. I had virtually no training or exposure to this field before 2011, when I was assigned to an office at Coast Guard Headquarters with port security responsibilities. That position was traditionally associated with physical security threats to ports and commercial vessels, but people were starting to discuss the possibility of cyber threats as well. I started looking into that and soon realized that cyber was a rapidly growing portion of the total risk exposure, and if we were to do our job well, we’d have to figure this out. Since then I’ve had the good fortune to work with and learn from many experts in this field. That on the job training enabled me to contribute to the Coast Guard’s Cyber Strategy and several supporting standards, best practices, and tools. I learn more every day and the Symposium will be another step in my learning process.

Have you been involved in other Symposiums? Is there anything special/new/exciting coming to this year’s Symposium?
I have been involved in other Symposiums, and with a host of workshops, conferences, training events, and meetings at the international, national, and local level. Those hotel conference rooms all look the same, but this is such a growing field that there is always something to learn. The Maritime Risk Symposium is the gold standard of these events because of the caliber of the speakers and organizers.

Is there anything else you would like to share about the Symposium?
I’ll be actively encouraging the speakers and attendees to build on the event and help us all move forward. From an organizer’s perspective the two things that most define success are questions from the audience and the “hot wash” at the end where we take those issues and identify ways to make and sustain progress before the next event.

 

Undefined

Cyber security is important because a large and rapidly growing portion of our society uses cyber systems. Interconnected computer based systems - my definition of "cyber" - are truly ubiquitous.