maritime cyber security: an overview may 2014. | [email protected] | 757-243-1257 what is...
TRANSCRIPT
Maritime Cyber Security: An Overview
May 2014
COMPLEXITY IN MOTION• Systems Support Both Operations and Business Processes• Operational Systems Similar to Industrial Control Systems/SCADA• Often Stove-Piped, Require Integrations• Maintaining Operations is Paramount• Security May Be A Shared Responsibility Between Commercial and
Government
www.sera-brynn.com | [email protected] | 757-243-1257
THE PERFECT STORM• Lack of Consistent Regulation• Designated Critical Infrastructure in Many Cases• Often Shared Security Responsibility Between Commercial and
Government• Competitive Environment• Cyber Security Only Gets Noticed When It Goes Awry
www.sera-brynn.com | [email protected] | 757-243-1257
CREDIBLE THREATS• Under the Radar No More – Automated Attacks Don’t Discriminate• Kinetic Impact on Critical Infrastructure• Insider Threats and Organized Crime• Lack of Support As Products Age• Liability and Risk Management• 229 Days is Average Time to Discover Advanced Attack• Within a year of STUXNET, U.S. CERT saw a 1,900% Increase In
Security Advisories for SCADA/ICS Products
www.sera-brynn.com | [email protected] | 757-243-1257
BEYOND SCARE TACTICSA compromised network is only valuable when operational.
• Visibility Into Network Activity Is Essential• Layered Defenses (Defense-In-Depth)• Disaster Planning• Risk Management
www.sera-brynn.com | [email protected] | 757-243-1257
SELF ASSESSMENT• If you are responsible for cyber security:
• Do you know what, if any, compliance framework applies?
• Would an auditor conclude that you were compliant? Or negligent?
• Can you justify the operational risk if security trade-offs are made? Who in the organization has accepted the risk?
www.sera-brynn.com | [email protected] | 757-243-1257
Heather Engel, CISSPPrincipal | Sera-Brynn
www.sera-brynn.com | [email protected] | 757-243-1257
THANK YOU
Sera-Brynn5806 Harbour View Blvd. Suite 204Suffolk, VA [email protected] 757-243-1257