Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cyber and Maritime Infrastructure

Similar presentations

Presentation on theme: "Cyber and Maritime Infrastructure"— Presentation transcript:

1 Cyber and Maritime Infrastructure
Threat, Risk and Response CAPT Fred Turner, USN

2 The Process Acknowledge a “cyber” threat to maritime infrastructure exists Assess the “cyber” risk to maritime infrastructure Address the “cyber” issue to secure our maritime infrastructure…but it must be a “team sport” Industry – industry partnerships Industry – law enforcement – military - government International – regional – national partnerships We are here Cyber is not really a “threat,” “risk” or the “issue”…it is the medium/domain/terrain that interconnects with the maritime domain…and is the means by which an actor may threaten maritime infrastructure

3 Threat & Vulnerability
Emerging cyber threat vs. critical infrastructure Targets…face similar delivery methods & payloads Government organizations (civilian & military) Defense industries Energy sector Communications sector Financial sector Maritime sector next? Evolving threat…web site defacement, DDoS, data destruction, ICS/SCADA/HM&E manipulation Motives…state & non-state…exploitation, theft, attack Network/communications infrastructure vulnerabilities Network vulnerabilities; information assurance, removable media, wireless access The users; insider threat and negligent users Supply chain financial sector, energy sector also tied into system of systems Network infrastructure is directly tied into the maritime infrastructure… a system of systems which can effect port operations, ships at sea, etc.

4 Assessing the Risk Cyber Risk to Maritime Infrastructure = Challenges
Threat = Capability + Intent -> Vulnerability -> Consequences Challenges Lack of common, understandable terminology Lack of understanding of our networks and how they connect to maritime infrastructure; need “maps” Deficiency in including cyber in maritime infrastructure risk assessments…must integrate into current processes How do we calculate real vs theoretical risk? Potential impact on maritime operations and cost? Lack of understanding of “red lines;” ours and “theirs” Compromised network Terminal operating system Compromised network Adversary Business network Compromised network M/V Line operations & maintenance network Cost in time and money; how much does it cost to buy down the risk to “acceptable?” Ability to carry out operations at the time and place needed Challenges in calculating; how much risk is acceptable? We are all connected and are thus only as strong as our weakest link…so to a large degree, we share each other’s risk

5 Securing Maritime Infrastructure
Utilizing cyber risk assessment to enhance maritime security Guidance; strategies, policies & plans Training; for users but also to develop cyber expertise Resource allocation; fix priority vulnerabilities in existing architectures and networks…and build security into new ones Cyber security cooperation & collaboration Information sharing (e.g., threat, vulnerabilities, incidents & response, lessons, best practices, training) Training; collaboration in curricula & sharing experts Agreements; informal/voluntary OK but formal better Organization; virtual group or regional cyber threat center Ad Hoc Individual organization actions Routine collaboration and cooperation Formal mechanisms Informal mechanisms Civil sector & government partnership Civil sector Government, security services, military Regional cyber center International efforts All stakeholders must participate…industry, law enforcement, military, government departments/ministries…at all levels…national, regional & international

6 Discussion

7 Back up

8 U.S. Government Accountability Office, Maritime Critical Infrastructure Protection, June 2014 (Washington, DC: GAO ), 43.

Download ppt "Cyber and Maritime Infrastructure"

Similar presentations

Ads by Google