Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cyber and Maritime Infrastructure

Published byMadeline Howard Modified over 9 years ago

Similar presentations

Presentation on theme: "Cyber and Maritime Infrastructure"— Presentation transcript:

1 Cyber and Maritime Infrastructure
Threat, Risk and Response CAPT Fred Turner, USN

2 The Process Acknowledge a “cyber” threat to maritime infrastructure exists Assess the “cyber” risk to maritime infrastructure Address the “cyber” issue to secure our maritime infrastructure…but it must be a “team sport” Industry – industry partnerships Industry – law enforcement – military - government International – regional – national partnerships We are here Cyber is not really a “threat,” “risk” or the “issue”…it is the medium/domain/terrain that interconnects with the maritime domain…and is the means by which an actor may threaten maritime infrastructure

3 Threat & Vulnerability
Emerging cyber threat vs. critical infrastructure Targets…face similar delivery methods & payloads Government organizations (civilian & military) Defense industries Energy sector Communications sector Financial sector Maritime sector next? Evolving threat…web site defacement, DDoS, data destruction, ICS/SCADA/HM&E manipulation Motives…state & non-state…exploitation, theft, attack Network/communications infrastructure vulnerabilities Network vulnerabilities; information assurance, removable media, wireless access The users; insider threat and negligent users Supply chain financial sector, energy sector also tied into system of systems Network infrastructure is directly tied into the maritime infrastructure… a system of systems which can effect port operations, ships at sea, etc.

4 Assessing the Risk Cyber Risk to Maritime Infrastructure = Challenges
Threat = Capability + Intent -> Vulnerability -> Consequences Challenges Lack of common, understandable terminology Lack of understanding of our networks and how they connect to maritime infrastructure; need “maps” Deficiency in including cyber in maritime infrastructure risk assessments…must integrate into current processes How do we calculate real vs theoretical risk? Potential impact on maritime operations and cost? Lack of understanding of “red lines;” ours and “theirs” Compromised network Terminal operating system Compromised network Adversary Business network Compromised network M/V Line operations & maintenance network Cost in time and money; how much does it cost to buy down the risk to “acceptable?” Ability to carry out operations at the time and place needed Challenges in calculating; how much risk is acceptable? We are all connected and are thus only as strong as our weakest link…so to a large degree, we share each other’s risk

5 Securing Maritime Infrastructure
Utilizing cyber risk assessment to enhance maritime security Guidance; strategies, policies & plans Training; for users but also to develop cyber expertise Resource allocation; fix priority vulnerabilities in existing architectures and networks…and build security into new ones Cyber security cooperation & collaboration Information sharing (e.g., threat, vulnerabilities, incidents & response, lessons, best practices, training) Training; collaboration in curricula & sharing experts Agreements; informal/voluntary OK but formal better Organization; virtual group or regional cyber threat center Ad Hoc Individual organization actions Routine collaboration and cooperation Formal mechanisms Informal mechanisms Civil sector & government partnership Civil sector Government, security services, military Regional cyber center International efforts All stakeholders must participate…industry, law enforcement, military, government departments/ministries…at all levels…national, regional & international

6 Discussion

7 Back up

8 U.S. Government Accountability Office, Maritime Critical Infrastructure Protection, June 2014 (Washington, DC: GAO ), 43.

Download ppt "Cyber and Maritime Infrastructure"

Similar presentations

Critical Infrastructure Protection Policy Priorities Sara Pinheiro European Commission DG Home Affairs.

Critical Infrastructure Protection Policy Priorities Sara Pinheiro European Commission DG Home Affairs.
Homeland Security at the FCC July 10, 2003. FCCs Homeland Security Focus Interagency Partnerships Industry Partnerships Infrastructure Protection Communications.

Homeland Security at the FCC July 10, FCCs Homeland Security Focus Interagency Partnerships Industry Partnerships Infrastructure Protection Communications.
1 Protecting the Long Island Business Community A Public Safety Partnership.

1 Protecting the Long Island Business Community A Public Safety Partnership.
Classification The Threat Environment Joyce Corell, NCSC Assistant Director for Supply Chain National Defense Industrial Association Global Supply Chain.

Classification The Threat Environment Joyce Corell, NCSC Assistant Director for Supply Chain National Defense Industrial Association Global Supply Chain.
Prepared for: DISA September 17, 2003 Establishing a Government Information Security System Presented to the IT AND COMMUNICATIONS SYSTEMS SECURITY CONFERENCE.

Prepared for: DISA September 17, 2003 Establishing a Government Information Security System Presented to the IT AND COMMUNICATIONS SYSTEMS SECURITY CONFERENCE.
WebCast 5 May 2003 NERC Cyber Security Standard Overview of Proposed Cyber Security Standard.

WebCast 5 May 2003 NERC Cyber Security Standard Overview of Proposed Cyber Security Standard.
Addressing Terrorist Use of the Internet, Cyber Crime and Other Threats: National Expert Workshop Forging a Comprehensive Approach to Cyber Security Richard.

Addressing Terrorist Use of the Internet, Cyber Crime and Other Threats: National Expert Workshop Forging a Comprehensive Approach to Cyber Security Richard.
DHS, National Cyber Security Division Overview

DHS, National Cyber Security Division Overview
Management’s Role in Information Security V.T. Raja, Ph.D., Oregon State University.

Management’s Role in Information Security V.T. Raja, Ph.D., Oregon State University.
South Carolina Cyber.

South Carolina Cyber.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
(Geneva, Switzerland, September 2014)

(Geneva, Switzerland, September 2014)
Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.

Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.
Stephen S. Yau CSE 465-591, Fall 2006 1 Security Strategies.

Stephen S. Yau CSE , Fall Security Strategies.
Session 3 – Information Security Policies

Session 3 – Information Security Policies
Comptroller of the Currency Administrator of National Banks E- Security Risk Mitigation: A Supervisor’s Perspective Global Dialogue World Bank Group September.

Comptroller of the Currency Administrator of National Banks E- Security Risk Mitigation: A Supervisor’s Perspective Global Dialogue World Bank Group September.
Resiliency Rules: 7 Steps for Critical Infrastructure Protection.

Resiliency Rules: 7 Steps for Critical Infrastructure Protection.
Navigating the Maze How to sell to the public sector Adrian Farley Chief Deputy CIO State of California

Navigating the Maze How to sell to the public sector Adrian Farley Chief Deputy CIO State of California
 Jonathan Trull, Deputy State Auditor, Colorado Office of the State Auditor  Travis Schack, Colorado’s Information Security Officer  Chris Ingram,

 Jonathan Trull, Deputy State Auditor, Colorado Office of the State Auditor  Travis Schack, Colorado’s Information Security Officer  Chris Ingram,
The U. S. National Strategy for Global Supply Chain Security Neema Khatri Office of International Affairs U.S. Department of Homeland Security.

The U. S. National Strategy for Global Supply Chain Security Neema Khatri Office of International Affairs U.S. Department of Homeland Security.

Similar presentations

Ads by Google