In a high-pressure simulation at Pacific Northwest National Laboratory (PNNL) in Richland, Washington, the U.S. Coast Guard’s 2013 Cyber Protection Team (CPT) confronted a realistic scenario involving a cyberattack on a U.S. port. The exercise began with three massive ship-to-shore cranes grinding to a halt an apparent technical failure that quickly revealed itself as a malicious cyber intrusion.
This fictional, yet highly detailed, cyberattack scenario was part of a live training exercise designed to reflect the growing threats facing the Marine Transportation System (MTS). As ports increasingly rely on digital infrastructure, the Coast Guard has ramped up training to address the risks posed by sophisticated adversaries capable of disrupting vital logistics operations.
The simulation took place on a maritime platform at PNNL, part of the Control Environment Laboratory Resource (CELR), a facility operated by the Cybersecurity and Infrastructure Security Agency (CISA) and PNNL. The platform replicates the Operational Technology (OT) and Industrial Control Systems (ICS) used in real-life ports, including Chinese-manufactured cranes, equipment now under scrutiny for cybersecurity vulnerabilities. Over the last two years, the CPTs have focused on identifying cyber threats specific to such systems.
Realistic Training in a Controlled Environment
The exercise engaged the Coast Guard team in a “live-fire” scenario orchestrated by PNNL’s Red Team cybersecurity experts playing the role of adversaries. The Red Team executed a complex, multi-stage cyberattack, infiltrating the terminal’s digital networks, maintaining unauthorized access, and disrupting port operations.
Throughout the simulation, CPT members had to detect the breach, trace the method of attack, and implement a response plan in real time. Their mission included identifying vulnerabilities in the Terminal Operating System and advising fictional port authority personnel on how to mitigate and contain the threat. The scenario placed participants under operational stress to mirror the urgency of an actual incident.
“This realism is what makes the platform so valuable,” explained Donny Mendoza, Deputy Program Manager for CISA projects at PNNL. He noted that the platform’s design was informed by visits to active seaport facilities, ensuring an authentic replica of actual maritime infrastructure.
CISA ICS Section Chief Alex Reniers added, “Our goal was to replicate not just the infrastructure, but also the stress and operational impact of a real-world incident.” The environment allowed the team to practice effective responses without risk, sharpening their ability to prevent and mitigate cyber disruptions in real life.
Strengthening Maritime Cybersecurity Defenses
The Coast Guard’s 2013 CPT emerged from the simulation with enhanced cyber defense capabilities and a deeper understanding of threat dynamics in maritime environments. For the U.S. Coast Guard tasked with safeguarding the nation’s ports and critical infrastructure, realistic, hands-on training is increasingly vital as cyber threats evolve.
Chief David Kinnamont, crew lead for the participating team, highlighted the exercise’s effectiveness: “The maritime platform delivered exactly what we needed. It was a realistic scenario that improved team performance and sharpened our cyber response skills.”
As maritime cybersecurity becomes a national priority, the Coast Guard continues to expand its capabilities, using cutting-edge tools like the PNNL training platform to ensure it remains vigilant and prepared for emerging cyber threats at U.S. ports.
