Admiral Paul Zukunft became the 25th Commandant of the U.S. Coast Guard in May 2014, overseeing 88,000 active duty, reserve, civilian and volunteer auxiliary personnel. Shortly, Zukunft will issue the Coast Guard's first cybersecurity strategy, which he discussed recently in an interview with Federal Times Editor Steve Watkins and other Gannett Government Media editors and reporters.
How does today's budget uncertainty affect your ability to work?
Now that we have an appropriation, my FY15 appropriation actually takes me a level below what our budget was post-sequestration in 2013. A big chunk of that comes out of our acquisition portfolio, not in our ability to do frontline operations. But it does stymie our ability to recapitalize at a rate that's more cost-effective, especially at a point in time [when] the next major acquisition for the Coast Guard will be our offshore patrol cutter to replace what today are 50-year-old ships that are still doing frontline operations. So, the acquisition slice of our appropriation and our budgets going forward is an area of concern, which is why we've identified areas of emphasis where our authorities are resident and why you need these platforms in the 21stcentury.
We understand there was about a 40 percent drop in the acquisitions budget for fiscal '16. How are you balancing that with the need to recapitalize the force?
Where that's coming from is, it goes from a high-water mark that we had several years ago of $1.5 billion to a level that puts us just over $1 billion in our major acquisition portfolio. It comes at the same time where we'll finish building out our eighth national security cutter. And so now that we have a full appropriation for 2015 we can let the contract for the final national security cutter. So it completes that program of record. It buys us a little bit of trade space. It allows me to continue to build six fast-response cutters per year. The main piece that isn't in that budget right now is my ability to go forward fully funded for the offshore patrol cutter. And that's an area that we need to rectify.
What is your cyber focus and who are the personnel both civilian and military who are uniformed who are going to do it?
So, we've created a Cyber Command within the Coast Guard. We work very closely with Cyber Command and Adm. [Mike] Rogers. Our cyber strategy has three lines of effort. The first is we need to be able to protect our cyber equities. And at the same time, if you're protecting them, you need to be aware of who's trying to penetrate your system. And if they are, you better have resiliency. And even something as fundamental, as I said earlier, if you're launching a boat, launching a helicopter, whatever, what is the cyber environment that you find yourself entering? Did you just replace a module on one of your key components? And do you have assurance that's not infected with a virus? So that's one line of effort.
The other is to be able to sustain operations in a cyber threat environment. But as you gain awareness, then who do you share that information with? We have a component within the Department of Homeland Security. How do you assign attribution to a cyber event that's taking place? And then, what are the counter measures, if you will, that were to take place? A third line of effort is protecting infrastructure. And this really builds upon a broad suite of authorities that the Coast Guard has under the Maritime Transportation Security Act of 2002. It allows us to enforce internationally renowned security standards on facilities. We got about 3,600 of those that do international trade in the United States, and also ships that call on those facilities. Initially those standards were you need fencing, you need lighting, cameras, credentials to access the facility. Well, now, it's really what are you doing about cyber?
And if you have a cyber event taking place — we have what's called Area Maritime Security Committees in all of our ports — and so if a facility operator says, 'The gantry's not working today.' About 95 percent of it is automated. It can't find that container. And then another facility operator says, 'Well, I've got the same thing going on.' Well, we can push this up to a national level. So, it's a whole new domain,; there's rules of engagement. When you think cyber, think electronic warfare. But it's not against competing militaries. Every private sector, public sector, military, everything is fair game when it comes to cyber. So that's the role of the Coast Guard because we operate in the dot-gov, dot-com and dot-mil domains when it comes to protecting infrastructure. We're working, cross-walking the strategy right now with a number of stakeholders. And again, I hope to have this signed out in about another month or so.
I'd imagine inside the area of your jurisdiction you've got quite a number of vulnerabilities and a dependence on a lot of civilian entities. When you talk about building your strategy, how does it impact or factor in those civilian entities?
Again, it comes with outreach with our stakeholders. So let's take a shipping firm, for example. A number of folks are not aware that the engines on those ships are typically monitored from ashore. So a ship could be thousands of miles away and they're looking at fuel consumption rates and so forth. And so you can remotely control the settings on that main control console from afar. Now, is that gateway kept completely open? Does that mean someone else might be able to manipulate that and ultimately shut down that console and prevent it from getting underway? The challenge right now is you've got some shipping companies that are fully invested in cyber and others perhaps a little bit complacent and who say, 'Well, why would anyone want to shut us down?' Well, I look at it from the standpoint that 90 percent of our commerce moves by sea. And if it's a state-sponsored activity — or it might be terrorist-related — and if they really want to put a crimp on our economy, look no further than the maritime sector. Just look what happened when we had a work slowdown on the West Coast [due to the dock workers' strike earlier this year], the number of ships that were cued up and in a just-in-time-inventory economy the delays that that caused. But the very same scenario could play out if it was a cyber event, as well. It's a whole new frontier for us, cyber, and it's one I'll make sure that we're ready to operate in, as well.
What are some of your top priority investments in the area of networks, business systems, and other IT infrastructure? And then, if you could discuss a little bit more investments in the workforce.
I mentioned the offshore patrol cutter. So that is going to turn out to be the largest acquisition project in Coast Guard history. And we got that right. We have three competitors. Going beyond that, when you have ships then you need ISR aircraft. And so we were able to acquire 14 C-27J aircraft. And we're missionizing those as I speak. And we'll soon have a squadron of four on the West Coast this time next year. So we're building that process up.
We're the only service that can say in back-to-back years we have a clean financial audit opinion. This is literally an 'all hands on deck' effort for us to be able to do that. It's very labor intensive. And so I need to recapitalize my core accounting system, and that's a major acquisition that we're moving into as well so I have total asset visibility and real-time awareness of what is in the checkbook today. And it takes too long for me to do that. And do I have the inventory? So that's another key piece for us as well.
We're finishing out our Rescue 21 acquisition program that takes a lot of the search out of rescue.
Among your budget priorities, you included maximizing investment with efficient business practices. Can you discuss some of your initiatives in that area?
Well, I look at our Coast Guard headquarters today and we have leased property within the National Capital Region to the tune of $7 million, $8 million that we're paying a lease for. So I am terminating those leases and I'm moving those Coast Guard personnel into our headquarters today. We've looked at where we have excess housing or housing that doesn't meet habitability standards. And so we're divesting those housing units as well. So we're squeezing every drop of efficiency where we can find it. At the same time when you identify efficiencies, I'm holding onto force structure. I cannot draw down the size of the force that we are today. Our active duty Coast Guard today is quite comparable to the same active duty Coast Guard we were just prior to 9/11. And oftentimes when you have budget woes, you start looking at your human resource capital and cashing that out. I can't surge leadership. I can't surge experience. And I can't hire it off the street. So that's one area that I'm holding pretty fast to,: our people.
Would you be open to producing more national security cutters in the future?
We went through a very extensive mission-needs statement. And I'm having our staff revalidate that once again. But each iteration that we've done, at the end of the day, our national requirements come out with eight national security cutters, 25 offshore patrol cutters, and then 58 fast-response cutters. So if we start deviating from what is very well researched and third-party validated numbers, then it invalidates the entire process. So eight is the right number.
You've also talked about the possibility of another polar icebreaker because as it stands you have one and if it gets stuck, no one can come rescue it. Where are those talks?
What I need is top-line relief in my acquisition budget to bring on a recapitalization or even a reactivation of our other heavy icebreaker, the Coast Guard Cutter Polar Sea. A concern of mine this year when we sent the Polar Star, a nearly 40-year-old ship, down into Antarctica — on the way out we had to deviate her and she had to rescue a vessel called the Fishing Vessel, Atlantic Challenger with 26 fisherman on board. They were 150 miles into the ice. Some of this ice was 15 – 18 feet thick, which only a heavy icebreaker can get into. If by chance, the Polar Star had suffered a major engineering casualty, which isn't inconceivable given the age of the ship, who's going to rescue the Polar Star? And the answer is nobody. So I have no buddy system, if you will, for self-rescue within the Coast Guard. So we really need to move that dialogue to an appropriation, whether we activate an older ship — and we're doing an assessment on that right now — or recapitalize. But eventually, we will have to recapitalize that particular fleet.