290 likes | 298 Views
This exercise focuses on identifying and protecting against the risk of GPS spoofing in navigation systems. Participants will discuss detection methods, potential solutions, and decision criteria for modifying or replacing the existing system.
E N D
Exercise ground rules • There are no right or wrong answers or ideas • Maintain a no-fault, stress-free environment • Use the scenario to provide context and spark creative ideas • Do not limit discussion to positions or policies • Tap community resources and assets to aid/enhance brainstorming
Our approach • Instead of thinking about cyber attacks as events, it might be more useful to consider them as a process, or the end result of a planning and preparation process. That approach implies a need to assess and understand potential adversaries, maintain situational awareness, and consider how the operating environment and features of our own organization or system might affect an adversary’s actions and objectives • Understand the Adversary • Maintain Situational Awareness • Consider the Operating Environment
Identify – Develop the organizational understanding to manage cybersecurity risk to systems, assets, data, and capabilities • Protect – Develop and implement the appropriate safeguards to ensure delivery of critical services • Round 1 – Identify & Protect • Evaluation of GPS Threat for • Our Navigation Systems
Starting information • 1. During Identify Phase and Protect Phase, you realize that your current Navigation system: • Interfaces with numerous other systems (at least 20 other systems on the ship) • Has access to the ships’: steering; propulsion; and autopilot • Is very dependent upon GPS information • 2. You determine a critical risk – spoofing your ships’ Navigation system, which could lead to ship destruction and loss of life • 3. With your knowledge of GPS spoofing, do you want to modify your existing Navigation system (harden the existing system), buy a different system, or some combination of both?
CE round 1 CONTRAINTS • Funding limited to Operational & Maintenance (O&M), and Procurement (PROC) funds in Current Year (CY) dollars with limited Management Reserve (MR) • Ship availability for installations are limited to 4-days per month per ship • Technical solution(s) shall include the use of GPS • Increases in shipboard manning must be justified
Exercise 1 • As a team, discuss and develop: • What is the main problem for ships from GPS spoofing? • How might we detect the GPS is spoofed?
Exercise 2 • As a team, discuss and develop: • How could you explain this risk to leadership? • What can we do about it?
Exercise 3 • As a team, discuss and develop: • The options of modifying your existing Navigation system (hardening the existing system), buying a different system, or some combination of both • What criteria might we use to pick between these options? (consider cost, speed to execute or acquire, and maturity of the option) • Can your need be met by a commercial item?
Exercise 4 • As a team, discuss and develop: • Use your decision criteria, as a team pick between the options of modifying your existing Navigation system (hardening the existing system), buying a different system, or some combination of both • What is your action? (which alternative did you pick) • What are the contracting strategies to support the chosen COA?
Template Issue(s) Alternatives Decision Criteria Assumption(s) Action
Detect – Develop and implement the appropriate activities to identify the occurrence of a cybersecurity event • Round 2 – Detect • Operations against an Identified Threat to • Navigation Systems across our Fleet
Additional information • 1. During Detect Phase, you realize your current Navigation COTS: • The Maritime Community and National Intelligence Agencies have provided threat warning • 2. You are warned of an identified attacker (the Void) by the Maritime Information Sharing Community and National Intelligence agencies – your ships’ navigation system • could be spoofed with false GPS signals • 3. IMO, Maritime National Coast Guards, and all major Port Authorities are on alert for oddly behaving ships
CE round 2 CONTRAINTS • Funding limited to Operational & Maintenance (O&M), and Procurement (PROC) funds in Current Year (CY) dollars with limited Management Reserve (MR) • Ship availability for installations are limited to 4-days per month per ship • Technical solution(s) other than GPS must be justified • Increase in current shipboard manning must be justified
Exercise 1 • As a team, discuss and develop: • How can we detect the threat’s operations? • Assume the ship works with a shore Security Operations Center (SOC), what should we be asking the SOC to look for?
Exercise 2 • As a team, discuss and develop: • How could you explain this risk to leadership? • What can we do about it?
Exercise 3 • As a team, discuss and develop: • With the increased possibility of attack, does your team need to change its option? (modifying your existing Navigation system, buying a different system, or some combination of both • Does a higher chance of a threat change your decision criteria? (consider cost, speed to execute or acquire, and maturity of the option) • Assuming in Round 1 that a contract was awarded to address the requirements in Round 1, would a modification to that contract to address to need identified in Round 2 still be within scope?
Exercise 4 • As a team, discuss and develop: • Use your decision criteria, as a team pick between the options of modifying your existing Navigation system, buying a different system, or some combination of both • What is your action? (did you change your alternative) • What are the contracting strategies to support the chosen COA?
Template Issue(s) Alternatives Decision Criteria Assumption(s) Action
Respond – Develop and implement the appropriate activities to take action regarding a detected cybersecurity event • Recover – Develop and implement the appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity event • Round 3 – Respond & Recover • Crisis Mode
Additional information • 1. During Respond Phase and Recover Phase, your company has experienced a disastrous attack that caused a massive economic loss and loss of life • 2. You are in extreme crisis
CE round 3 CONTRAINTS • Funding limited to Operational & Maintenance (O&M), and Procurement (PROC) funds in Current Year (CY) dollars with limited Management Reserve (MR) • Ship availability for installations are limited to 4-days per month per ship • Technical solution(s) other than GPS must be justified • Increase in current shipboard manning must be justified
Exercise 1 • As a team, discuss and develop: • How can we respond and recover? • Is there an alternative mode of operation for the navigation system?
Exercise 2 • As a team, discuss and develop: • What are possible effects on shipboard personnel with alternate modes of operation? • Can you explain this problem to leadership?
Exercise 3 • As a team, discuss and develop: • With an attack incident, does your team need to change its option? (modifying your existing Navigation system, buying a different system, or some combination of both • Does an incident change your decision criteria? (consider cost, speed to execute or acquire, and maturity of the option) • Are there any emergency acquisition flexibilities available in the case of a cyber attack?
Exercise 4 • As a team, discuss and develop: • Use your decision criteria, as a team pick between the options of modifying your existing Navigation system, buying a different system, or some combination of both • What is your action? (did you change your alternative) • What are the contracting strategies to support the chosen COA?
Template Issue(s) Alternatives Decision Criteria Assumption(s) Action
DAU ALTERNATE RESPONSE • All PORs should execute threat scenarios against their plans to establish baselines • Use the CEO Cybersecurity Checklist as a guideline to ensure PORs are considering cybersecurity concerns and issues • Consider all FAR/non-FAR options to address emergent cyber requirements