Skip to main content
USNI Logo USNI Logo USNI Logo
Donate
  • Cart
  • Join or Log In
  • Search

Main navigation

  • About Us
  • Membership
  • Books & Press
  • USNI News
  • Proceedings
  • Naval History
  • Archives
  • Events
  • Donate
USNI Logo USNI Logo USNI Logo
Donate
  • Cart
  • Join or Log In
  • Search

Main navigation (Sticky)

  • About Us
  • Membership
  • Books & Press
  • USNI News
  • Proceedings
  • Naval History
  • Archives
  • Events
  • Donate

Sub Menu

  • Essay Contests
    • About Essay Contests
    • Innovation for Sea Power
    • Marine Corps
    • Naval Intelligence
  • Current Issue
  • The Proceedings Podcast
  • American Sea Power Project
  • Contact Proceedings
    • Submission Guidelines
    • Media Inquiries
  • All Issues
Coast Guard HC-130 flies over the Sincerity Ace in December 2018.
Because the Coast Guard takes data from and provides data to civilian users, it cannot operate on military networks alone. Here a Coast Guard HC-130 participates in a search-and-rescue mission for the Sincerity Ace on 31 December 2018 in the north Pacific.
U.S. Coast Guard

Sub Menu

  • Essay Contests
    • About Essay Contests
    • Innovation for Sea Power
    • Marine Corps
    • Naval Intelligence
  • Current Issue
  • The Proceedings Podcast
  • American Sea Power Project
  • Contact Proceedings
    • Submission Guidelines
    • Media Inquiries
  • All Issues

The Coast Guard Needs a Second IT Network for Primary Missions

By Lieutenant Ian King, U.S. Coast Guard
August 2020
Proceedings
Vol. 146/8/1,410
Now Hear This
View Issue
Comments
Body

The Coast Guard has a distinct blend of military and civilian-like missions. The distinction is clear compared with other branches of the U.S. military, other government agencies, or even other countries’ respective maritime forces. Often, this blend is an asset to the service because of how it enables integration on a U.S. or allied naval vessel with law enforcement authority, or the ability to respond nimbly to natural disasters. The Coast Guard has limits, though, particularly in computers and networks. 

The Coast Guard’s dual role as a military service and a regulatory public safety agency means that it needs its own information technology (IT) governance, specifically on secondary networks to carry out missions that cannot take place on primary networks. Creating a secondary network would improve mission support while protecting the critical Department of Defense Information Network (DoDIN).

The choices to permit or deny network traffic technically are made at individual firewalls, servers, switches, and routers that make up a network, but most large-scale networks tend to operate on “default deny” or “default permit” premises—default settings that most network security equipment require. That underlying network philosophy determines how a network is structured and monitored, how applications are built on top of the network, and how users interact with data. A default deny stance requires explicitly deciding what sort of traffic is allowed in or out of the network. The safest network is one that allows no traffic in or out. Like a building with no doors or windows, however, it has limited utility and cannot serve broader mission needs. While the Defense Information Systems Agency (DISA), which controls the majority of policy on DoD information networks, does not declare or require a full default-deny policy, many of its requirements effectively impose such a posture, especially for interactions with external entities.

The Coast Guard’s main network, CGOne, exists as an enclave within the DoDIN, which has wide-ranging benefits of management, cost, interoperability, and security. The Coast Guard’s IT needs, however, often deviate substantially from that of DoD, particularly because a great deal of mission-essential Coast Guard communication involves non-DoD entities. DISA governance of CGOne causes occasional disconnects where an upstream network policy impacts Coast Guard or public end users trying to access a Coast Guard application or data. To play by DISA’s rules, the Coast Guard has to rework applications, apply for exceptions to DISA rules, or stop supporting applications or services.

There is distinct incongruence having a default-deny posture while the Coast Guard also maintains its role as a regulatory and public safety agency. The other military services generally lack the role of the Coast Guard as arbiters of information to the public. While all military services must comply with FOIA requests, the Coast Guard also gathers data from the private and public sectors and supplies data to them—important types of data, including commercial ship arrival and departure information, U.S.-flagged commercial ship locational data, voluntary ship position reports for search and rescue purposes, and secure communications with mariners. For all this information and more, the Coast Guard must maintain general web services to enable sharing with the public.

Search and rescue is one area where an alternative network solution would benefit the Coast Guard’s ability to receive and share information. In the middle of the ocean, there are few Coast Guard or Navy assets that can be diverted to respond to a distress call. There are, however, countless commercial vessels constantly transiting all shipping lanes. That is where the Automated Mutual-Assistance Vessel Rescue System (AMVER) comes in. A voluntary program, AMVER’s purpose is only to facilitate search and rescue, with hard limits against using the ship position data for any other purpose. There is no need to share the data on classified networks because it cannot be used for law enforcement or other purposes, so including it in military networks offers no additional benefits. Yet, currently the Coast Guard system that handles AMVER data is subject to DISA regulation, which costs extra money and places unnecessary restrictions on its use.  AMVER benefits from participation from as many ships as possible to increase the odds of a ship being able to respond to an emergency on another ship. Default-deny postures can result in accidental blocking of submission of position reports, particularly coming from commercial server or email domains as most submissions to the Coast Guard’s AMVER system do. IP address or domain whitelisting, or explicit allowance, can only go so far with new participants and seemingly endless new communication providers. 

AMVER traffic patterns and density
The U.S. Coast Guard participates in the world-wide Automated Mutual-Assistance Vessel
Rescue System (AMVER). This graphic depicts traffic patterns and density of AMVER reporting.

Another example that demonstrates the need for a secondary network is the Long-Range Identification and Tracking (LRIT) system, which shares a lot of characteristics with other information systems, namely ship positional data. The difference, however, is that LRIT is a system mandated by the International Maritime Organization (IMO) and, as member a state, the United States must comply with the IMO’s LRIT governance rules. One of the key features of the LRIT system is the requirement that countries share their own respective flag ship positions with other countries. For example, the U.S. LRIT system shares the position of a U.S. flag merchant ship with Italy when it approaches that country’s coast, and China must provide position data for its merchants to the United States when they approach the U.S. coast. Fortunately, the global LRIT system relies heavily on the International Data Exchange (IDE), which distributes data to the countries that are entitled to it. This alleviates some of the concerns about the classic networking problem by having a hub-and-spoke type model rather than hundreds of crisscrossing nodes. The primary site for the IDE is the European Maritime Safety Administration, and the backup site is the U.S. Coast Guard’s Operations Systems Center, in Martinsburg, West Virginia, where the majority of the service’s other business IT applications are housed, including the U.S. version of LRIT. 

Simply connecting the U.S. LRIT to the IDE is a challenge of its own in a military network, but the level of complexity required to operate the backup IDE site is even more challenging. Specifically, the IMO requirements laid out in the Continuity of Service Plan for the LRIT System state “the IDE operator should be cognizant of firewall restrictions at the DR [disaster recovery] site and should ensure there are no restrictions at the DR site on the IP addresses accessing the production system.” For a default-deny network, this sort of open traffic communications requires a lot of control, and it also requires other participants to keep their own systems relatively static. With limited control over the outer edges of the network, and other countries changing their own system configurations and IP addresses in accordance with internal cybersecurity practices, this is a Sisyphean task that forces the U.S. Coast Guard out of compliance with its own obligations.

While these two systems that deal with public ship position information are clear cases of how and why hosting within the DoDIN is incompatible, there are other efficiencies and improvements to be found from hosting other applications or portions of applications outside DoD networks as well. There are a number of other services that allow the public to send information into or extract it from Coast Guard applications, such as web services that enable third-party developers to build their own applications for arrival and departure information for ships. A cruise line, for example, might want to build a feature into its own internal voyage planning software, or a container line might want to be able to submit bulk uploads for its regularly scheduled services, saving the ships’ masters from individually entering each port call. In networking, a widely employed concept is known as a “demilitarized zone,” (aptly named for its analogous real-world version) which exists outside a primary network and is open to the broad internet. Using the earlier building analogy, a network demilitarized zone offers an unlocked door into the building’s empty foyer where there is yet another door protecting the main parts of the building. The necessary data from the Coast Guard’s primary network, CGOne, could still be shared with this secondary network, but keeping the public interfaces separate would enable a degree of separation and security while maintaining connectivity to the public.

The Coast Guard’s flexible authorities and varied operational capabilities allow it to meet its many missions. In the IT realm, however, the Coast Guard needs greater flexibility to deviate from DISA’s military network practices and standards. Because the Coast Guard operates within military, law enforcement, and regulatory environments and must partner with public and private-sector entities, it requires a non-DISA secondary network to fulfill its obligations to other government agencies, foreign partners, and the public.

Lieutenant Ian King, U.S. Coast Guard

Lieutenant King is an active-duty information technology (IT) officer in the Coast Guard. He graduated from the U.S. Coast Guard Academy in 2012 with a Bachelor of Science in government, with a concentration in international affairs. He served as a marine inspector and waterways manager for five years in Norfolk, Virginia, before being selected for the Coast Guard’s IT management postgraduate program. He attended Colorado State University and earned a Master’s in Computer Information Systems. Currently, he serves as a project manager and technical oversight officer for a range of Coast Guard information systems that support maritime domain awareness, law enforcement, search and rescue, and aids to navigation missions. 

More Stories From This Author View Biography

Related Articles

An MH-65 Dolphin conducts a formation flight over Port Angeles, Washington.
P Professional Notes

Equip Coast Guard Helicopters with Tactical Data Link

By Lieutenant Commander Andrew N. Breen, U.S. Coast Guard
January 2023
Tactical data links can share information among helicopters, the cutters they support, and U.S. and NATO navy assets with whom the Coast Guard integrates.
Crew members from the USCGC Oliver Henry (WPC-1140) approach a fishing vessel in the Pacific Ocean in March 2023.
P Featured Article

Let the Coast Guard Keep the Fines

By Chief Boatswain’s Mate Phillip Null, U.S. Coast Guard (Retired)
October 2023
Reimagine “prize money” to benefit the service and the nation.
The TPC Group Petrochemical Plant at Port Neches, Texas, burns after an accidental explosion in November 2019. U.S. adversaries could cause similar or worse destruction to critical homeland infrastructure from offshore using widely available commercial drone and other technology, as Houthi rebels claimed to have done against the Saudi Abqaiq oil-processing facility last September.
P Featured Article

Navy Information Warfare and Homeland Defense

By Lieutenant Commander James Landreth, U.S. Navy Reserve
July 2020
The information warfare community must learn and adapt to deal with the drone threat to the homeland.

Quicklinks

Footer menu

  • About the Naval Institute
  • Books & Press
  • Naval History
  • USNI News
  • Proceedings
  • Oral Histories
  • Events
  • Naval Institute Foundation
  • Photos & Historical Prints
  • Advertise With Us
  • Naval Institute Archives

Receive the Newsletter

Sign up to get updates about new releases and event invitations.

Sign Up Now
Example NewsletterPrivacy Policy
USNI Logo White
Copyright © 2025 U.S. Naval Institute Privacy PolicyTerms of UseContact UsAdvertise With UsFAQContent LicenseMedia Inquiries
  • Facebook
  • Twitter
  • LinkedIn
  • Instagram
×

You've read 1 out of 5 free articles of Proceedings this month.

Non-members can read five free Proceedings articles per month. Join now and never hit a limit.