Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cybersecurity EXERCISE (CE) ATD Scenario questions

Published byVebjørn Nilssen Modified over 5 years ago

Similar presentations

Presentation on theme: "Cybersecurity EXERCISE (CE) ATD Scenario questions"— Presentation transcript:

1 Cybersecurity EXERCISE (CE) ATD Scenario questions

2 Exercise ground rules There are no right or wrong answers or ideas
Maintain a no-fault, stress-free environment Use the scenario to provide context and spark creative ideas Do not limit discussion to positions or policies Tap community resources and assets to aid/enhance brainstorming Students should be able to understand: the difference between threat, risk, attack and vulnerability how threats materialize into attacks where to find information about threats, vulnerabilities and attacks typical threats, attacks and exploits and the motivations behind them high-level understanding of how example attacks work (e.g. DDOS, phishing and buffer overflow) how users are targeted in an attack and why this must be considered in defending against such attacks the concept of a threat landscape, its dynamic nature and how to create a landscape for an organization how to classify threats and example categories that there are different attacks, which have different patterns and different steps – for example be able to compare a DDOS to an attack designed to copy information how to classify threats and example categories that there are different types of malware – for example viruses, Trojans and spyware – their distribution mechanism and a detailed understanding of how they compromise information and systems that attacks can be combined for greater effect (e.g. phishing , followed by social engineering phone call)

3 Our approach Instead of thinking about cyber attacks as events, it might be more useful to consider them as a process, or the end result of a planning and preparation process. That approach implies a need to assess and understand potential adversaries, maintain situational awareness, and consider how the operating environment and features of our own organization or system might affect an adversary’s actions and objectives Understand the Adversary Maintain Situational Awareness Consider the Operating Environment

4 Round 1 – Identify & Protect
Identify – Develop the organizational understanding to manage cybersecurity risk to systems, assets, data, and capabilities Protect – Develop and implement the appropriate safeguards to ensure delivery of critical services Round 1 – Identify & Protect Evaluation of GPS Threat for Our Navigation Systems

5 Starting information 1. During Identify Phase and Protect Phase, you realize that your current Navigation system: Interfaces with numerous other systems (at least 20 other systems on the ship) Has access to the ships’: steering; propulsion; and autopilot Is very dependent upon GPS information 2. You determine a critical risk – spoofing your ships’ Navigation system, which could lead to ship destruction and loss of life 3. With your knowledge of GPS spoofing, do you want to modify your existing Navigation system (harden the existing system), buy a different system, or some combination of both?

6 CE round 1 CONTRAINTS Funding limited to Operational & Maintenance (O&M), and Procurement (PROC) funds in Current Year (CY) dollars with limited Management Reserve (MR) Ship availability for installations are limited to 4-days per month per ship Technical solution(s) shall include the use of GPS Increases in shipboard manning must be justified

7 Exercise 1 As a team, discuss and develop:
What is the main problem for ships from GPS spoofing? How might we detect the GPS is spoofed?

8 Exercise 2 As a team, discuss and develop:
How could you explain this risk to leadership? What can we do about it?

9 Exercise 3 As a team, discuss and develop:
The options of modifying your existing Navigation system (hardening the existing system), buying a different system, or some combination of both What criteria might we use to pick between these options? (consider cost, speed to execute or acquire, and maturity of the option) Can your need be met by a commercial item?

10 Exercise 4 As a team, discuss and develop:
Use your decision criteria, as a team pick between the options of modifying your existing Navigation system (hardening the existing system), buying a different system, or some combination of both What is your action? (which alternative did you pick) What are the contracting strategies to support the chosen COA?

11 Template Issue(s) Alternatives Decision Criteria Assumption(s) Action

12 Round 2 – Detect Operations against an Identified Threat to
Detect – Develop and implement the appropriate activities to identify the occurrence of a cybersecurity event Round 2 – Detect Operations against an Identified Threat to Navigation Systems across our Fleet

13 Additional information
1. During Detect Phase, you realize your current Navigation COTS: The Maritime Community and National Intelligence Agencies have provided threat warning 2. You are warned of an identified attacker (the Void) by the Maritime Information Sharing Community and National Intelligence agencies – your ships’ navigation system could be spoofed with false GPS signals 3. IMO, Maritime National Coast Guards, and all major Port Authorities are on alert for oddly behaving ships

14 CE round 2 CONTRAINTS Funding limited to Operational & Maintenance (O&M), and Procurement (PROC) funds in Current Year (CY) dollars with limited Management Reserve (MR) Ship availability for installations are limited to 4-days per month per ship Technical solution(s) other than GPS must be justified Increase in current shipboard manning must be justified

15 Exercise 1 As a team, discuss and develop:
How can we detect the threat’s operations? Assume the ship works with a shore Security Operations Center (SOC), what should we be asking the SOC to look for?

16 Exercise 2 As a team, discuss and develop:
How could you explain this risk to leadership? What can we do about it?

17 Exercise 3 As a team, discuss and develop:
With the increased possibility of attack, does your team need to change its option? (modifying your existing Navigation system, buying a different system, or some combination of both Does a higher chance of a threat change your decision criteria? (consider cost, speed to execute or acquire, and maturity of the option) Assuming in Round 1 that a contract was awarded to address the requirements in Round 1, would a modification to that contract to address to need identified in Round 2 still be within scope?

18 Exercise 4 As a team, discuss and develop:
Use your decision criteria, as a team pick between the options of modifying your existing Navigation system, buying a different system, or some combination of both What is your action? (did you change your alternative) What are the contracting strategies to support the chosen COA?

19 Template Issue(s) Alternatives Decision Criteria Assumption(s) Action

20 Round 3 – Respond & Recover
Respond – Develop and implement the appropriate activities to take action regarding a detected cybersecurity event Recover – Develop and implement the appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity event Round 3 – Respond & Recover Crisis Mode

21 Additional information
1. During Respond Phase and Recover Phase, your company has experienced a disastrous attack that caused a massive economic loss and loss of life 2. You are in extreme crisis

22 CE round 3 CONTRAINTS Funding limited to Operational & Maintenance (O&M), and Procurement (PROC) funds in Current Year (CY) dollars with limited Management Reserve (MR) Ship availability for installations are limited to 4-days per month per ship Technical solution(s) other than GPS must be justified Increase in current shipboard manning must be justified

23 Exercise 1 As a team, discuss and develop:
How can we respond and recover? Is there an alternative mode of operation for the navigation system?

24 Exercise 2 As a team, discuss and develop:
What are possible effects on shipboard personnel with alternate modes of operation? Can you explain this problem to leadership?

25 Exercise 3 As a team, discuss and develop:
With an attack incident, does your team need to change its option? (modifying your existing Navigation system, buying a different system, or some combination of both Does an incident change your decision criteria? (consider cost, speed to execute or acquire, and maturity of the option) Are there any emergency acquisition flexibilities available in the case of a cyber attack?

26 Exercise 4 As a team, discuss and develop:
Use your decision criteria, as a team pick between the options of modifying your existing Navigation system, buying a different system, or some combination of both What is your action? (did you change your alternative) What are the contracting strategies to support the chosen COA?

27 Template Issue(s) Alternatives Decision Criteria Assumption(s) Action

28 DAU ALTERNATE RESPONSE
All PORs should execute threat scenarios against their plans to establish baselines Use the CEO Cybersecurity Checklist as a guideline to ensure PORs are considering cybersecurity concerns and issues Consider all FAR/non-FAR options to address emergent cyber requirements

29 Questions

Download ppt "Cybersecurity EXERCISE (CE) ATD Scenario questions"

Similar presentations

NOTE: To change the image on this slide, select the picture and delete it. Then click the Pictures icon in the placeholde r to insert your own image. Cybersecurity.

NOTE: To change the image on this slide, select the picture and delete it. Then click the Pictures icon in the placeholde r to insert your own image. Cybersecurity.
Copyright © 2014 American Water Works Association Water Sector Approach to Process Control System Security.

Copyright © 2014 American Water Works Association Water Sector Approach to Process Control System Security.
© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.

© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.
Agenda COBIT 5 Product Family Information Security COBIT 5 content

Agenda COBIT 5 Product Family Information Security COBIT 5 content
1 Continuity Planning for transportation agencies.

1 Continuity Planning for transportation agencies.
National Protection and Programs Directorate Department of Homeland Security The Office of Infrastructure Protection Cybersecurity Brief [Date of presentation]

National Protection and Programs Directorate Department of Homeland Security The Office of Infrastructure Protection Cybersecurity Brief [Date of presentation]
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
National Space-Based Positioning, Navigation, and Timing (PNT) Federal Advisory Board DHS Challenges & Opportunities Captain Curtis Dubay, P.E. Department.

National Space-Based Positioning, Navigation, and Timing (PNT) Federal Advisory Board DHS Challenges & Opportunities Captain Curtis Dubay, P.E. Department.
Greg Shaw 202-994-6736 How do we turn private sector preparedness into an investment rather than a cost of doing.

Greg Shaw How do we turn private sector preparedness into an investment rather than a cost of doing.
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering.

©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering.
NIST framework vs TENACE Protect Function (Sestriere, 21-23 Gennaio 2015)

NIST framework vs TENACE Protect Function (Sestriere, Gennaio 2015)
Computer Security: Principles and Practice

Computer Security: Principles and Practice
Stephen S. Yau CSE 465-591, Fall 2006 1 Security Strategies.

Stephen S. Yau CSE , Fall Security Strategies.
EASTERN MICHIGAN UNIVERSITY Continuity of Operations Planning (COOP)

EASTERN MICHIGAN UNIVERSITY Continuity of Operations Planning (COOP)
 Jonathan Trull, Deputy State Auditor, Colorado Office of the State Auditor  Travis Schack, Colorado’s Information Security Officer  Chris Ingram,

 Jonathan Trull, Deputy State Auditor, Colorado Office of the State Auditor  Travis Schack, Colorado’s Information Security Officer  Chris Ingram,
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.
Session 16: Distribution of Geospatial Data 1 Distribution of Geospatial Data in the Public Environment Hazard Mapping and Modeling.

Session 16: Distribution of Geospatial Data 1 Distribution of Geospatial Data in the Public Environment Hazard Mapping and Modeling.
Company duties under the ISM Code

Company duties under the ISM Code
Operations Security (OPSEC) 301-371-1050. Introduction  Standard  Application  Objectives  Regulations and Guidance  OPSEC Definition  Indicators.

Operations Security (OPSEC) Introduction  Standard  Application  Objectives  Regulations and Guidance  OPSEC Definition  Indicators.
Building Capability.  In order to successfully operate an architecture function within an enterprise, it is necessary to put in place appropriate organization.

Building Capability.  In order to successfully operate an architecture function within an enterprise, it is necessary to put in place appropriate organization.

Similar presentations

Ads by Google