1 ENC Encryption/ISO 19379 Julia Powell Office of Coast Survey Marine Chart Division.

Slides:



Advertisements
Similar presentations
Quality Assurance Program - The Law - 33 USC § 892b. Quality assurance program (a) Definition. For purposes of this section, the term "hydrographic product"
Advertisements

Development and Impact of Inland ENCs/ECDIS on Hydrographic Offices Denise LaDue, USACE.
PPUs and Electronic Charts, Southampton 12 May 2011 bathymetric ENCs (S-57 based bathy layers) Friedhelm Moggert-Kägeler, SevenCs GmbH.
OPEN ACCESS PUBLICATION ISSUES FOR NSF OPP Advisory Committee May 30, /24/111 |
The SAFE-BioPharma Identity Proofing Process Author of Record SWG (Digital Credentials) October 3, 2012 Peter Alterman, Ph.D. Chief Operating Officer,
DESIGNING A PUBLIC KEY INFRASTRUCTURE
Electronic Chart Per R. Bodin.
Electronic Commerce Yong Choi School of Business CSU, Bakersfield.
1 CS 502: Computing Methods for Digital Libraries Lecture 26 Techniques of Access Management.
FERPA 2008 New regulations enact updates from over a decade of interpretations.
CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.
Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.
Creating a GIS from NOAA Electronic Navigational Charts
Payment Card Industry (PCI) Data Security Standard
Agenda Review homework Final Exam requirments ISO 9000 Baldridge
FAMILY EDUCATIONAL RIGHTS AND PRIVACY ACT Electronic Signatures This work is the intellectual property of the author. Permission is granted for this material.
Regulations & Requirements
By Mrs. Smith DATA INTEGRITY AND SECURITY. Accurate Complete Valid Data Integrity.
Quality Assurance Program - The Law - 33 USC § 892b. Quality assurance program (a) Definition. For purposes of this section, the term "hydrographic product"
Electronic Customer Portal System. Reducing Risks – Increasing Efficiency – Lowering Costs Secure Internet based Communication Gateway direct to your.
Deploying a Certification Authority for Networks Security Prof. Dr. VICTOR-VALERIU PATRICIU Cdor.Prof. Dr. AUREL SERB Computer Engineering Department Military.
Session 16: Distribution of Geospatial Data 1 Distribution of Geospatial Data in the Public Environment Hazard Mapping and Modeling.
Computers Are Your Future Tenth Edition Chapter 12: Databases & Information Systems Copyright © 2009 Pearson Education, Inc. Publishing as Prentice Hall1.
HIPAA PRIVACY AND SECURITY AWARENESS.
Electronic Navigational Charts (ENCs) Captain Jim Gardner Chief, Marine Chart Division Office of Coast Survey National Ocean Service.
Lec#3 Project Quality Management Ghazala Amin. 2 Quality Specialist-Job responsibility Responsibilities Reports monitoring and measurement of processes.
Nautical Chart Products – NOAA Hydro Training 2009 Nautical Chart Products.
Inland ECDIS standard 2.3 UNECE June 16, Content ienc.openecdis.org2www.ris.eu Inland ECDIS expert group and Inland ENC Harmonization Group (IEHG)
Data management in the field Ari Haukijärvi 2nd EHES training seminar.
9/21/2015 UNCLASSIFIED 1 Supports: –Marine navigation –Mission planning –Geographic Information Systems Digital Nautical Chart (DNC) Relational database.
C-MAP Norway AS One Stop Shop for Nautical Information FARGIS Seminar Oslo 16/17 March,2004.
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
IT Infrastructure for Business
Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin Business Plug-In B6 Information Security.
Cryptography, Authentication and Digital Signatures
 What is intranet What is intranet  FeaturesFeatures  ArchitectureArchitecture  MeritsMerits  applicationsapplications  What is ExtranetWhat is.
Aids Verifier Overview. Definition of an Aid to Navigation Any device, external to a vessel, intended to assist navigators to determine their position,
Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.
Types of Electronic Infection
Version Advanced User Training. Instructions This training module contains additional key concepts that are an extension to the concepts in the.
The Legalities of Technicalities By Kellie Birdwell.
ACM 511 Introduction to Computer Networks. Computer Networks.
1 1 Aeronautical Information Services Brief to AIXM User Group 27 February 2007.
Educational Computing David Goldschmidt, Ph.D. Computer Science The College of Saint Rose CIS 204 Spring 2009.
© 2003 The MITRE Corporation. All rights reserved For Internal MITRE Use Addressing ISO-RTO e-MARC Concerns: Clarifications and Ramifications Response.
International Hydrographic Organization MSDI OPEN FORUM IHO MSDIWG Vision and Deliverables to the IHO London, Tuesday 3rd March 2015 Jens Peter Hartmann.
DIGITAL SIGNATURE.
©Dr. Respickius Casmir Network Security Best Practices – Session 2 By Dr. Respickius Casmir.
Creating & Building the Web Site Week 8. Objectives Planning web site development Initiation of the project Analysis for web site development Designing.
Nordic Institute of Navigation E-Navigation Conference IHO and e-Nav Robert WARD Director, International Hydrographic Organization.
CABLING SYSTEM WARRANTY REGISTRATION. PURPOSE OF CABLING REGISTRATION.
The world leader in serving science OMNIC DS & Thermo Security Administration 21 CFR Part 11 Tools for FT-IR and Raman Spectroscopy.
Digital Rights Management for Mobiles Jani Suomalainen Research Seminar on Telecommunications Business II Telecommunications Software and Multimedia Laboratory.
ACTION ITEM ACTION ITEM INLAND ENC MACHC 2015.
ICT Legislation  Copyright, Designs and Patents Act (1988);  Computer Misuse Act (1990);  Health and Safety at Work Act (1974);  EU Health and Safety.
Data Protection Act and Other Laws
ISO 9000.
Office of Coast Survey The Nation’s Nautical Chartmaker
NOAA’s Nautical Charting Products and Services
10th MEETING OF THE IHO INTER-REGIONAL COORDINATION COMMITTEE
Arctic Regional Hydrographic Commission 8th Conference
Quality Assurance Program - The Law -
DQWG14-10J Data integrity, marine boundaries from a MSDI perspective Submitted by the MSDIWG Chair Monaco, 6 February 2019.
Worldwide ENC Database Working Group (WENDWG) SWPHC16 Update
Hydrographic Services and Standards Committee
From Pen and Ink Charts to ENC-First: Deriving Raster Products
Sunset of NOAA Raster Chart Production
Roadmap for the S-100 Implementation Decade
Presentation transcript:

1 ENC Encryption/ISO Julia Powell Office of Coast Survey Marine Chart Division

2 Issue Do NOAA ENCs and RNCs need to be encrypted Are mariners at risk because NOAA ENCs and RNCs are distributed for free over the internet without encryption

3 IHO S-63 Data Protection Standard Purposes: Piracy Protection –To prevent unauthorized copying of data Selective Access –Restrict access to ENC information to only those charts for which a customer has acquired chart permits Authentication –Use of digital signatures to provide assurance that the ENC data came from an approved source

4 S-63 Pertaining to NOAA Piracy Protection –Does not apply NOAA does not copyright data Selective Access –Does not apply NOAA distributes ENCs for free via the Internet Authentication –Mariners can download their own –Mariners can purchase from a “Trusted Supplier”, CED/CEVAD can use encryption as part of their service

5 Four Potential Scenarios NOAA ENCs could be corrupted: During Production During Internet Download At the ENC distributor’s site At the End User

6 During Production Would require internal tampering, e.g. disgruntled employee Multiple layers of review as part of the quality control process Encryption would not prevent corruption during the production process No known instance of such sabotage by Coast Survey employees

7 During Internet Download CRC-32 check described by IHO S-57 –Checks that data has been transmitted correctly –Values stored separately from the data Would have to defeat server security and have knowledge to alter CRC values –Unlikely that corrupted data could be downloaded from NOAA

8 At the ENC Distributors Site Final Rule for CED/CEVAD distributorship license –Allows for Encryption –Follows the European RENC model European Hydrographic offices supply the Regional ENC coordinating centers with unencrypted data RENC encrypts prior to distribution –Becomes a trusted partner Neither NOAA nor the RENCs inspect or quality control such redistributed data

9 At the End User Site ECDIS performance standard allows for the updating of the base system ENC Encryption will not prevent the end user from keying incorrect data into the system

10 Conclusion Encryption would minimize the user base Designed mainly to protect copyright and control access, not the data CED/CEVAD allows for encryption if mariner’s prefer NOAA’s distribution policy is at least as secure as the RENC’s

11 ISO Some private companies argue that privately made charts should be accepted for meeting federal chart carriage regulations They believe if they meet the ISO standard their data would be “guaranteed,” thus suitable for meeting federal regulations NOAA does not support, believing that regulated carriage should require official data

12 What is ISO International Organization for Standardization Developed by industry with government participation and support Standard for “ECS databases – Content, quality, updating and testing.”

13 What is ISO The purpose “is to clearly define the minimum acceptable requirements for electronic chart data…” Not intended to meet IMO requirements for ECDIS and is not “intended to satisfy the SOLAS V requirement to carry a navigational chart.”

14 Using ISO to Certify Private Data Three technical reasons for not certifying data compliant to ISO for official carriage regulations –Data Quality –Attribution and Display Issues –Frequency of Updating

15 Data Quality NOAA ENC is maintained from highly accurate original source Original Source is not available to private chart makers ECS databases use precompiled paper or electronic charts Use of official nautical charts as source is not required NOAA has highly trained cartographers to deal with source interpretation

16 Attribution and Display ISO is not tied to an encoding or display standard such as S-57 and S-52 Without such ties, nobody can guarantee that the mariner will be served effectively –No guarantee of consistent display or content across systems and software –No guarantee of consistent encoding of the database for charting features

17 Frequency of Updating USCG publishes LNM’s weekly ISO mandates only “at least one per month” ISO will not meet the weekly update interval required by the Coast Guard By following this standard the mariner is not guaranteed to be getting the latest critical information Would not comply with Federal Regulations

18 NOAA’s Alternative: CED/CEVADs Mechanism for private companies to become Certified ENC Distributors Intent is to allow for the redistribution of official NOAA ENC’s while retaining official status CED/CEVAD data is suitable for chart carriage Private companies would not have to be ISO certified

19 Conclusion Privately made electronic charts meeting ISO should not be accepted for meeting federal carriage regulations –Not linked to a recognized display or encoding standard –Monthly updates –Not using original source, such as NOAA surveys, USACE channel surveys, etc…

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.