Maritime Cyber Vulnerabilities in the Energy Sector Center for Joint Operations of the Sea ODU Maritime Institute Students Crow, Fresco, Lee.

Slides:



Advertisements
Similar presentations
Incident Handling & Log Analysis in a Web Driven World Manindra Kishore.
Advertisements

Copyright © 2014 American Water Works Association Water Sector Approach to Process Control System Security.
Creating Stronger, Safer, Web Facing Code JPL IT Security Mary Rivera June 17, 2011.
Information System protection and Security. Need for Information System Security §With the invent of computers and telecommunication systems, organizations.
Cyber Security and the Smart Grid George W. Arnold, Eng.Sc.D. National Institute of Standards and Technology (NIST) U.S. Department of Commerce
Greg Lamb. Introduction It is clear that we as consumers and entrepreneurs cannot expect complete privacy when discussing business matters. However… There.
Physical and Environmental Security Chapter 5 Part 1 Pages 427 to 456.
It’s always better live. MSDN Events Securing Web Applications Part 1 of 2 Understanding Threats and Attacks.
Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.
CS 290C: Formal Models for Web Software Lecture 1: Introduction Instructor: Tevfik Bultan.
Assessing the Threat How much money is lost due to cyber crimes? –Estimates range from $100 million to $100s billions –Why the discrepancy? Companies don’t.
The World's Most Secured Browsing Solution COCKPIT4i is a radically new, powerful solution that protects against the security risks posed by exposure to.
K E M A, I N C. Current Status of Cyber Security Issues 2004 Keynote Address Joe Weiss January 20, 2004.
Glass Box Testing: Thinking Inside the Box Omri Weisman Manager, Security Research Group IBM Rational.
OWASP Mobile Top 10 Why They Matter and What We Can Do
Secure Software Development Mini Zeng University of Alabama in Huntsville 1.
1 Internet Security Threat Report X Internet Security Threat Report VI Figure 1.Distribution Of Attacks Targeting Web Browsers.
Marine Industry Day 2015 Sector Command Center (24 hours): (504) National Response Center: Website:
Evolving IT Framework Standards (Compliance and IT)
Unify and Simplify: Security Management
BITS Proprietary and Confidential © BITS Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.
Seán Paul McGurk National Cybersecurity and Communications
IAEA International Atomic Energy Agency IAEA Nuclear Security Programme Enhancing cybersecurity in nuclear infrastructure TWG-NPPIC – IAEA May 09 – A.
BOTSWANA NATIONAL CYBER SECURITY STRATEGY PROJECT
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
Copyright 2007 © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
OSI and TCP/IP Models And Some Vulnerabilities AfNOG th May 2011 – 10 th June 2011 Tanzania By Marcus K. G. Adomey.
Secure Connections for a Smarter World Dr. Shuyuan Mary Ho Assistant Professor School of Information Florida State University.
10/14/2015 Introducing Worry-Free SecureSite. Copyright Trend Micro Inc. Agenda Problem –SQL injection –XSS Solution Market opportunity Target.
1 Smart Grid Cyber Security Annabelle Lee Senior Cyber Security Strategist Computer Security Division National Institute of Standards and Technology June.
Course code: ABI 204 Introduction to E-Commerce Chapter 5: Security Threats to Electronic Commerce AMA University 1.
Chapter 1 Overview The NIST Computer Security Handbook defines the term Computer Security as:
APPLICATION PENETRATION TESTING Author: Herbert H. Thompson Presentation by: Nancy Cohen.
Input Validation – common associated risks  ______________ user input controls SQL statements ultimately executed by a database server
Building Secure Web Applications With ASP.Net MVC.
Web Application Vulnerabilities ECE 4112 Internetwork Security, Spring 2005 Chris Kelly Chris Lewis April 28, 2005 ECE 4112 Internetwork Security, Spring.
Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 1 “Overview”. © 2016 Pearson.
CIP 2015 Smart Grid Vulnerability Assessment Using National Testbed Networks IHAB DARWISHOBINNA IGBETAREQ SAADAWI.
Introduction: Information security services. We adhere to the strictest and most respected standards in the industry, including: -The National Institute.
SCADA John F. Lipka USA Security Lead Encana Oil & Gas (USA) Inc.
Web Security Group 5 Adam Swett Brian Marco. Why Web Security? Web sites and web applications constantly growing Complex business applications are now.
Computer Security By Duncan Hall.
Safe’n’Sec IT security solutions for enterprises of any size.
CISC 849 : Applications in Fintech Vaishnavi Gandra Dept of Computer & Information Sciences University of Delaware Extracting Cybersecurity Related Linked.
TÜBİTAK – BİLGEM – SGE Cyber Security Institute
CYBER SECURITY Industry guidelines for use on- board ships Mr Angus Frew, Secretary General.
TÜBİTAK – BİLGEM – SGE Cyber Security Institute Asım Gençer Gökce TÜBİTAK BİLGEM Cyber Security Institute (SGE) Role: Cyber.
Homeland Security, First Edition © 2012 Pearson Education, Inc. All rights reserved. Overview of National Infrastructure Protection CHAPTER 3.
Understanding IT Infrastructure Lecture 9. 2 Announcements Business Case due Thursday Business Analysis teams have been formed Business Analysis Proposals.
NEXT GENERATION ATTACKS & EXPLOIT MITIGATIONS TECHNIQUES ID No: 1071 Name: Karthik GK ID: College: Sathyabama university.
Carrie Estes Collin Donaldson.  Zero day attacks  “zero day”  Web application attacks  Signing up for a class  Hardening the web server  Enhancing.
© 2016 Global Market Insights, Inc. USA. All Rights Reserved Fuel Cell Market size worth $25.5bn by 2024 Industrial Control Systems.
CS457 Introduction to Information Security Systems
Enterprise risk management
TOPIC: Web Security (Part-4)
State Board of Elections Computers
Cybersecurity Awareness
Protective Security Advisor Program Brief
Internet Service Provider Attack Scenario
Double Deuce Jibran Ilyas, Frank LaSota, Paul Lowder, Juan Mendez
Brute force attacks, DDOS, Botnet, Exploit, SQL injection
Double Deuce Jibran Ilyas, Frank LaSota, Paul Lowder, Juan Mendez
I UNDERSTAND CONCEPTS OF CYBERSECURITY
Wenyu Ren, Timothy Yardley, Klara Nahrstedt
Protecting Against Common Web Application Vulnerabilities
Exploring DOM-Based Cross Site Attacks
Election Security Presented by: michelle K. tassinari Director and Legal counsel Elections division Office of the secretary of the commonwealth.
Presentation transcript:

Maritime Cyber Vulnerabilities in the Energy Sector Center for Joint Operations of the Sea ODU Maritime Institute Students Crow, Fresco, Lee

Situation In 2013, 40% of cyber attacks were directed at energy infrastructure. Challenges to energy industry cyber security can be broken down into 2 major categories. Protecting the equipment that generates energy Preventing the attackers to access to system database

IT Systems Shipboard computers are Linux based, and computers collect all the data into a storage center. –Inside database network server –Outside database network server via internet

Data System Supervisory Control and Data Acquisition (SCADA) systems which controls assets of industrial system. – When it was first introduced the problems to future security was not understood.

Cyber Attack Types SQL injection – improper coding to website to gain access to the database Remote and Local File Inclusion – stealing data through manipulation of a company’s web server XSS – Using victim’s browser to hijack information Directory Traversal – Exploiting insufficient security validation on the server to access the content

Liquefied Natural Gas 2 nd highest energy source Clear odorless natural gas Volume changes to 1/600 when liquefied Higher-pressure tanks require periodic inspection

LNG Process Exploration and transportation of the natural gas is complex

LNG Vulnerability Collision Release of gas to atmosphere (Computer Error) Explosion Fire

Regulatory Guidance Office of Energy Infrastructure Security - increase the response time and efficiency to the potential threats Draft a executive order to create a cybersecurity council (DHS) Information Security Risk Management program is created by voluntary movement The Critical Information Infrastructure Protection was introduced to protect energy sectors from cyber attacks.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.