Cyber and Maritime Infrastructure

Slides:



Advertisements
Similar presentations
Critical Infrastructure Protection Policy Priorities Sara Pinheiro European Commission DG Home Affairs.
Advertisements

Homeland Security at the FCC July 10, FCCs Homeland Security Focus Interagency Partnerships Industry Partnerships Infrastructure Protection Communications.
1 Protecting the Long Island Business Community A Public Safety Partnership.
Classification The Threat Environment Joyce Corell, NCSC Assistant Director for Supply Chain National Defense Industrial Association Global Supply Chain.
Prepared for: DISA September 17, 2003 Establishing a Government Information Security System Presented to the IT AND COMMUNICATIONS SYSTEMS SECURITY CONFERENCE.
WebCast 5 May 2003 NERC Cyber Security Standard Overview of Proposed Cyber Security Standard.
Addressing Terrorist Use of the Internet, Cyber Crime and Other Threats: National Expert Workshop Forging a Comprehensive Approach to Cyber Security Richard.
DHS, National Cyber Security Division Overview
Management’s Role in Information Security V.T. Raja, Ph.D., Oregon State University.
South Carolina Cyber.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
(Geneva, Switzerland, September 2014)
Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.
Stephen S. Yau CSE , Fall Security Strategies.
Session 3 – Information Security Policies
Comptroller of the Currency Administrator of National Banks E- Security Risk Mitigation: A Supervisor’s Perspective Global Dialogue World Bank Group September.
Resiliency Rules: 7 Steps for Critical Infrastructure Protection.
Navigating the Maze How to sell to the public sector Adrian Farley Chief Deputy CIO State of California
 Jonathan Trull, Deputy State Auditor, Colorado Office of the State Auditor  Travis Schack, Colorado’s Information Security Officer  Chris Ingram,
The U. S. National Strategy for Global Supply Chain Security Neema Khatri Office of International Affairs U.S. Department of Homeland Security.
Cybersecurity and the Department of Justice Vincent A. Citro, Assistant United States Attorney July 9-10, 2014 Unclassified – For Public Use.
Industrial Control Security & Access Control Facilities Management UNECE International Forum on Trade Facilitation Geneva, Switzerland May
Managing Risks, Countering Threats: Protecting Critical National Infrastructure Against Terrorism Martin Rudner Canadian Centre of Intelligence and Security.
Assessment Presentation Philip Robbins - July 14, 2012 University of Phoenix Hawaii Campus Fundamentals of Information Systems Security.
Adaptation knowledge needs and response under the UNFCCC process Adaptation Knowledge Day V Session 1: Knowledge Gaps Bonn, Germany 09 June 2014 Rojina.
U. S. Coast Guard Requirements Maritime Security.
The NIGF CONFERENCE © 2013 ADDRESSING THE VULNERABILITY OF CRITICAL ICT INFRASTRUCTURE by Ernest Ndukwe, OFR Chairman Openmedia Communications Ltd 18 th.
NATO Advanced Research Workshop “Best Practices and Innovative Approaches to Develop Cyber Security and Resiliency Policy Framework” Scenario for Discussion.
2 ictQATAR “ Information and Communication Technology (ICT) improves how we live and work in countless ways.”  The Ministry of Information Communication.
0 Peter F. Verga U.S. Department of Defense 2 Definitions Homeland Security – A concerted national effort to prevent terrorist attacks within the United.
Securing Critical Chemical Assets: The Responsible Care ® Security Code Protection of Hazardous Installations from Intentional Adversary Acts European.
1 Smart Grid Cyber Security Annabelle Lee Senior Cyber Security Strategist Computer Security Division National Institute of Standards and Technology June.
WebCast 5 May 2003 Proposed NERC Cyber Security Standard Presentation to IT Standing Committee Stuart Brindley, IMO May 26, 2003.
Information Security: It’s Everyone’s Business September 16, 2003 Greg Garcia, Vice President, Information Security ITAA.
1 State Homeland Security: Priorities and Funding R. Chris McIlroy Homeland Security and Technology Division National Governors Association.
International Telecommunication Union Geneva, 9(pm)-10 February 2009 BEST PRACTICES FOR ORGANIZING NATIONAL CYBERSECURITY EFFORTS James Ennis US Department.
Cyber Insecurity Under Attack Cyber Security Past, present and future Patricia Titus Chief Information Security Officer Unisys Corporation.
A Global Approach to Protecting the Global Critical Infrastructure Dr. Stephen D. Bryen.
Governor’s Office of Homeland Security & Emergency Preparedness LOUISIANA BANKERS ASSOCIATION 2010 Louisiana Emergency Preparedness Coalition Meetings.
Enterprise Cybersecurity Strategy
What is “national security”?  No longer defined only by threat of arms  It really is the economy  Infrastructure not controlled by the government.
1 1 Cybersecurity : Optimal Approach for PSAPs FCC Task Force on Optimal PSAP Architecture Working Group 1 Final Report December 10 th, 2015.
Preparedness Project Lessons NC AWWA / WEA 2015 Annual Conference Jack Moyer.
UNCLASSIFIED 1 National Security in Cyberspace: It Takes a Nation Sandra Stanar-Johnson NSA/CSS Representative to the Department of Homeland Security February.
Latest Strategies for IT Security Margaret Myers Principal Director, Deputy CIO United States Department of Defense North American Day 2006.
TLP:Green FIRST/TF-CSIRT Technical Colloquium January 25 th – 27 th, 2016 Prague, CZ TLP:Green.
Sicherheitsaspekte beim Betrieb von IT-Systemen Christian Leichtfried, BDE Smart Energy IBM Austria December 2011.
1 Iowa Emergency Management Association Iowa Homeland Security and Emergency Management Department Emergency Management Program Development Course EMERGENCY.
Colonel Chaipun Nilvises Deputy Director, Office of ASEAN Affairs Office of Policy and Planning Ministry of Defence of Thailand.
April 19 th, 2016 Governors Homeland Security and All-Hazards Cyber Security Sub-Committee.
Cybersecurity - What’s Next? June 2017
Crisis management related research at
and Security Management: ISO 28000
Information Technology Sector
Cyber Resilient Energy Delivery Consortium
California Cybersecurity Integration Center (Cal-CSIC)
Critical Infrastructure Protection Policy Priorities
United States Coast Guard
NRC Cyber Security Regulatory Overview
Best Practices in Cyber Security Maggy Powell Senior Manager Real-Time Systems Security Exelon 21 March 2018.
Csilla Farkas Cybersecurity Csilla Farkas
NERC Cyber Security Standard
Emergency Management and Utilities
Securing Critical Chemical Assets: The Responsible Care® Security Code
Best Practices in Cyber Security Maggy Powell Senior Manager Real-Time Systems Security Exelon 26 September 2018.
Cybersecurity Threat Assessment
National Information Assurance (NIA) Policy
Cyber Security in a Risk Management Framework
Presentation transcript:

Cyber and Maritime Infrastructure Threat, Risk and Response CAPT Fred Turner, USN

The Process Acknowledge a “cyber” threat to maritime infrastructure exists Assess the “cyber” risk to maritime infrastructure Address the “cyber” issue to secure our maritime infrastructure…but it must be a “team sport” Industry – industry partnerships Industry – law enforcement – military - government International – regional – national partnerships We are here Cyber is not really a “threat,” “risk” or the “issue”…it is the medium/domain/terrain that interconnects with the maritime domain…and is the means by which an actor may threaten maritime infrastructure

Threat & Vulnerability Emerging cyber threat vs. critical infrastructure Targets…face similar delivery methods & payloads Government organizations (civilian & military) Defense industries Energy sector Communications sector Financial sector Maritime sector next? Evolving threat…web site defacement, DDoS, data destruction, ICS/SCADA/HM&E manipulation Motives…state & non-state…exploitation, theft, attack Network/communications infrastructure vulnerabilities Network vulnerabilities; information assurance, removable media, wireless access The users; insider threat and negligent users Supply chain financial sector, energy sector also tied into system of systems Network infrastructure is directly tied into the maritime infrastructure… a system of systems which can effect port operations, ships at sea, etc.

Assessing the Risk Cyber Risk to Maritime Infrastructure = Challenges Threat = Capability + Intent -> Vulnerability -> Consequences Challenges Lack of common, understandable terminology Lack of understanding of our networks and how they connect to maritime infrastructure; need “maps” Deficiency in including cyber in maritime infrastructure risk assessments…must integrate into current processes How do we calculate real vs theoretical risk? Potential impact on maritime operations and cost? Lack of understanding of “red lines;” ours and “theirs” Compromised network Terminal operating system Compromised network Adversary Business network Compromised network M/V Line operations & maintenance network Cost in time and money; how much does it cost to buy down the risk to “acceptable?” Ability to carry out operations at the time and place needed Challenges in calculating; how much risk is acceptable? We are all connected and are thus only as strong as our weakest link…so to a large degree, we share each other’s risk

Securing Maritime Infrastructure Utilizing cyber risk assessment to enhance maritime security Guidance; strategies, policies & plans Training; for users but also to develop cyber expertise Resource allocation; fix priority vulnerabilities in existing architectures and networks…and build security into new ones Cyber security cooperation & collaboration Information sharing (e.g., threat, vulnerabilities, incidents & response, lessons, best practices, training) Training; collaboration in curricula & sharing experts Agreements; informal/voluntary OK but formal better Organization; virtual group or regional cyber threat center Ad Hoc Individual organization actions Routine collaboration and cooperation Formal mechanisms Informal mechanisms Civil sector & government partnership Civil sector Government, security services, military Regional cyber center International efforts All stakeholders must participate…industry, law enforcement, military, government departments/ministries…at all levels…national, regional & international

Discussion

Back up

U.S. Government Accountability Office, Maritime Critical Infrastructure Protection, June 2014 (Washington, DC: GAO-14-459), 43.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.