120 likes | 394 Views
Maritime Cyber Security: An Overview May 2014. What is Maritime Cyber Security?. www.sera-brynn.com | info@sera-brynn.com | 757-243-1257. COMPLEXITY IN MOTION. Systems Support Both Operations and Business Processes Operational Systems Similar to Industrial Control Systems/SCADA
E N D
Maritime Cyber Security: An Overview May 2014
What is Maritime Cyber Security? www.sera-brynn.com | info@sera-brynn.com | 757-243-1257
COMPLEXITY IN MOTION • Systems Support Both Operations and Business Processes • Operational Systems Similar to Industrial Control Systems/SCADA • Often Stove-Piped, Require Integrations • Maintaining Operations is Paramount • Security May Be A Shared Responsibility Between Commercial and Government www.sera-brynn.com | info@sera-brynn.com | 757-243-1257
THE PERFECT STORM • Lack of Consistent Regulation • Designated Critical Infrastructure in Many Cases • Often Shared Security Responsibility Between Commercial and Government • Competitive Environment • Cyber Security Only Gets Noticed When It Goes Awry www.sera-brynn.com | info@sera-brynn.com | 757-243-1257
CREDIBLE THREATS • Under the Radar No More – Automated Attacks Don’t Discriminate • Kinetic Impact on Critical Infrastructure • Insider Threats and Organized Crime • Lack of Support As Products Age • Liability and Risk Management • 229 Days is Average Time to Discover Advanced Attack • Within a year of STUXNET, U.S. CERT saw a 1,900% Increase In Security Advisories for SCADA/ICS Products www.sera-brynn.com | info@sera-brynn.com | 757-243-1257
What’s the Solution? www.sera-brynn.com | info@sera-brynn.com | 757-243-1257
BEYOND SCARE TACTICS • A compromised network is only valuable when operational. • Visibility Into Network Activity Is Essential • Layered Defenses (Defense-In-Depth) • Disaster Planning • Risk Management www.sera-brynn.com | info@sera-brynn.com | 757-243-1257
SELF ASSESSMENT • If you are responsible for cyber security: • Do you know what, if any, compliance framework applies? • Would an auditor conclude that you were compliant? Or negligent? • Can you justify the operational risk if security trade-offs are made? Who in the organization has accepted the risk? www.sera-brynn.com | info@sera-brynn.com | 757-243-1257
QUESTIONS? www.sera-brynn.com | info@sera-brynn.com | 757-243-1257
THANK YOU Sera-Brynn 5806 Harbour View Blvd. Suite 204 Suffolk, VA 23435 info@sera-brynn.com 757-243-1257 Heather Engel, CISSP Principal | Sera-Brynn Heather.engel@sera-brynn.com 757-358-1164 www.sera-brynn.com | info@sera-brynn.com | 757-243-1257