SlideShare a Scribd company logo

INTRODUCTION TO MARITIME CYBERSECURITY

A
Andrew Bichlmeier
1 of 7
Download to read offline
Introduction to Maritime Cybersecurity A course and minor program proposal to the CSU Maritime Academy Dr. Donna Nincic 1/c Andrew Bichlmeier 1/c Blaine Meserve-Nibley 1/c Luis Robles
Intro to Maritime Cybersecurity CSU Maritime Academy Course/Minor Proposal 2 | P a g e Introduction to Maritime Cyber Security Course Description Cybersecurity in the maritime domain is an emerging field of vulnerability on a global scale. The maritime industry, governing entities, and stakeholders must become aware of the increasing threats to information systems. Cyberspace is infinite, and attacks can be made from any point in the world. Attacks are capable of disrupting “just in time” transportation delivery systems and carry significant implications for economic and national security. Introduction to Maritime Cybersecurity will educate students on the current types of threats, the actors who may seek to cause harm in the maritime domain, and the governing authorities responsible for preventing such attacks. Additionally, the course will explore current U.S. policy, domestic and international laws, and response to cybersecurity incidents. Recommended Textbook Singer, P.W., Friedman, A. (2014). Cybersecurity and Cyberwar: What Everyone Needs to Know. 1st Edition. New York: Oxford University Press. Introduction to Maritime Cybersecurity – Proposed Course Syllabus SECTION I: INTRODUCTION TO MARITIME CYBERSECURITY Topic/Reading Description Week 1 Cyber – The Problem Reading: Begin Course Textbook The introductory week will begin to engage the class into the concept of cyberspace. What is cyberspace? Why is it an emerging issue? What is different about cyber from other security threats? These questions will get the class focused on what they will be learning throughout the rest of the semester in Intro to Maritime Cyber Security. Week 1 will also establish basic definitions and cyber terms to ensure technical “language” is uniform. Week 2 The Classified Problem/Types of Threats Reading: RAND: Cyber- security threat characterization This week will introduce the problem of academia in regards to studying information that may be deemed classified or sensitive in nature. Specifically, how can conclusions or recommendations are made while addressing classified material that is non-accessible. The second part of the week will begin the types of threats that affect the maritime cyber domain and their targeted information systems.
Intro to Maritime Cybersecurity CSU Maritime Academy Course/Minor Proposal 3 | P a g e Week 3 Types of Threats (continued) Reading: RAND: Cyber- security threat characterization The types of threats in the maritime cyber domain must be understood in order to have a full grasp of the dangers to information systems. Different threats have various outcomes with some seeking to steal or destroy data while others seek to shut down systems or control networks. The types of threats to be covered specifically are: Denial of Service, Phishing, Trojan Horse, Virus, Worms, Exploits, and Data Coercion (changing, corrupting, and deleting). Week 4 Case Studies Reading: Specific case studies Case studies are important in order to understand how cyber-attacks affect organizations or individuals. A case study clearly demonstrates how the type of attack has its own objective and will help the student understand why attacks occur. This week will also address who is being attacked in the cyber domain and why the targets may be of high or low interest for hackers. Some recommended case studies are: Office of Personnel Management, Ashley Maddison, and the Target credit card scam. Each case study demonstrates different motives and were caused by actors with separate interests. These case studies should begin to help tie in different aspects of cyber together throughout the semester. Week 5 The Threat Matrix Reading: Finish Course Textbook The Probability/Impact Matrix is vital to understanding and prioritizing defense mechanisms for certain threats. The prioritization is based on which threats are deemed high probability and high impact should the threat occur. This allows for agencies responsible for security to determine steps required to efficiently protect the assets in their domain. After the initial concept of the Threat Matrix is taught, students will apply it to the various threats they learned in the case studies and threats from weeks 3 and 4. SECTION II: ACTORS IN THE CYBER DOMAIN Topic/Reading Description Week 6 United States of America The United States is extremely vulnerable to cyber-attacks.
Intro to Maritime Cybersecurity CSU Maritime Academy Course/Minor Proposal 4 | P a g e Reading: White House Foreign Policy on Cyber, Comprehensive National Cybersecurity Initiative In response, the United States government has created policy that strives to stay ahead of the curve. This section will examine the adequacy of existing legal authorities, statutory or constitutional, for responding to cyber threats. Also, we will examine the appropriate roles for the executive and legislative branches in addressing cybersecurity. When there is a solid understanding of the U.S. cyber policy, we will delve into the existing cybersecurity threats. Week 7 China Reading: China and International Law, Exposing One of China’s Cyber Espionage Units China is an emerging world superpower and poses a threat to U.S. hegemony. This week will focus on Chinese cyber policy and their interactions with the United States. While both China and the U.S. are focused on working internationally to promote an open, interoperable, secure, and reliable cyberspace, there are striking differences between their two viewpoints. Key themes include China’s defensive acts, Code of Conduct, and transition from a developing nation. Week 8 Individuals Reading: Pirates Exploiting Cybersecurity Weaknesses in Maritime Industry Hacking for a Cause Cybersecurity Threats Impacting the Nation Within the cybersecurity world, there are actors with non- political goals. These actors are motivated by gaining tangibles such as money, information, and blackmail. Insiders, spammers, spyware/malware authors, hacktivists, criminals (seeking monetary gain) represent some of these individual non-state actors. This week will focus on a variety of non-political actors, their unique motivation, what information they after and what they plan to do with the information. Week 9 Terrorists A terrorist seeks to destroy, incapacitate, or exploit critical infrastructures in order to threaten national security, cause mass casualties, weaken the economy, and damage public morale and confidence. This week will examine terrorist’s motivation, cyber capabilities, where they could attack and how they will acquire the information. Key legislation for this week will include the Maritime Transportation Security Act and ISPS at ports and terminals. Week 10 The Threat Matrix (Actors) The Threat Matrix applied to actors should be re-examined now that there is a basic understanding of who are the main
Intro to Maritime Cybersecurity CSU Maritime Academy Course/Minor Proposal 5 | P a g e Reading: Cyber-security threat characterization, Cyber Tops Intel Community’s 2013 Global Threat Assessment actors in cybersecurity. We will look at the possibility of threats from these different actors. Key themes will include prioritization, characterization, and the role of domestic law enforcement agencies to take action. This will allow for a smooth transition into the third phase of the class, protecting against cyber. SECTION III: PROTECTING AGAINST CYBER ATTACKS Topic/Reading Description Week 11 Targets & Vulnerabilities Reading: Critical Infrastructure Gap: U.S. Port Facilities and Cyber Vulnerabilities GAO: Report on Cyber Terrorism in the Maritime Environment It is important to Understand the areas where maritime facilities are most vulnerable, while understanding and proposing solutions for maritime facilities. This week focuses on understanding the areas for improvements for both private and governmental facilities. Take into considerations government, business, and public infrastructure while looking at the weak links with the chain of cybersecurity and understanding the need for a shifting of security focus. The focus will be on vulnerabilities within local, state, and federal government and comparing those vulnerabilities to business in maritime and port facilities. Additionally, students will evaluate supply chain vulnerabilities at port facilities, shipping companies, and vessels. Week 12 U.S. Government Strategy Reading: USCG Cyber Strategy DoD Cyber Strategy The objective for this week is to understand the resources used by the government to defend against and combat maritime cyber threats in the 21st century. It is important to understand the crucial methods and tactics that the Navy and USCG use to combat maritime cyber security. This week will focus on both the DoD and USCG cyber strategies and review GAO and RAND reports on the US handing of cybersecurity. Week 13 Cyber Law Reading: China and International Law in The goal for this week is to understand the laws in which military and governmental agencies operate within. In addition, the class will compare the difference between domestic laws and international laws in cybersecurity. It is
Intro to Maritime Cybersecurity CSU Maritime Academy Course/Minor Proposal 6 | P a g e Cyberspace also important to understand civil rights of American citizens within that domestic law. Some of the suggested laws for examination are: Cybersecurity Information Sharing Act, Protecting Cyber Networks Act, and the National Cybersecurity Protection Advancement Act. Week 14 Cyber Crime/Terrorism Reading: Case Studies The objective of this week is to compare and contrast cyber-crime and cyber-terrorism while looking at what domestic and international agencies are doing to track down and stop criminals/terrorist from committing further acts of violence. This will include examining previous case studies in which cyber criminals were caught and how they were prosecuted. This will look at federal agencies including the FBI, NSA, CIA, DIA, and INTERPOL. Week 15 The Future of Cyber Reading: Cybersecurity Issues and Challenges The final week will wrap all the content from the previous weeks and take a brief look at what the future holds for the maritime cybersecurity domain. The class will also predict future threats, while using all the pervious case studies, to compile a list of feasible threats. Lastly, the course will touch on the future of cyber warfare and its implications, as well as the ethics of cyber-attacks . Proposed Minor Courses Introduction to Maritime Cybersecurity Cybersecurity in the maritime domain is an emerging field of vulnerability on a global scale. The maritime industry, governing entities, and stakeholders must become aware of the increasing threats to information systems. Cyberspace is infinite, and attacks can be made from any point in the world. Attacks are capable of disrupting “just in time” transportation delivery systems and carry significant implications for economic and national security. Introduction to Maritime Cybersecurity will educate students on the current types of threats, the actors who may seek to cause harm in the maritime domain, and the governing authorities responsible for preventing such attacks. Additionally, the course will explore current U.S. policy, domestic and international laws, and response to cybersecurity incidents. Introduction to Information Systems In order to have a level understanding of the cyber domain, students must have a base-level of comprehension in information systems. The course would introduce students to the basics of information systems and relate them to cybersecurity considerations. Included would be networks, databases, and other information systems related to the current cyber domain. In
Intro to Maritime Cybersecurity CSU Maritime Academy Course/Minor Proposal 7 | P a g e addition, the course could introduce laws that govern information systems and standardize basic vocabulary and system management at a base-level of comprehension for a student seeking the minor in maritime cybersecurity. Ports and Terminals Management A course already offered at CSU Maritime Academy, Ports and Terminals Management would be valuable for students to understand how goods and resources are moved throughout the world. This understanding is crucial since much of the global supply of goods is based on a “just-in- time” delivery system which is largely run on information systems that are exposed to the cyber domain. A student must comprehend the basics of ports and terminal management to be able to apply maritime cybersecurity into the maritime domain and industry. Who are the stakeholders at a port? How is a port run? Which laws govern ports? Each question are addressed in the course and would supplement the minor with background understanding on the maritime domain and its business management at ports and terminals. Cybersecurity Policy Cybersecurity has emerged as one of the most significant domestic and international security and economic risks today. In order to combat various cyber threats, state, federal, and international policy has been created. This course will explore policy issued by the various levels of government and its role in maritime cybersecurity. Key themes to be addressed include laws, regulations, civil liberties, law enforcement and national security. Strong emphasis will be placed on the Maritime Transportation Security Act, Cybersecurity Information Sharing Act of 2015, Protecting Cyber Networks Act, National Cybersecurity Protection Advancement Act of 2015 and the future of cybersecurity in the maritime domain. Maritime Cybersecurity Organizations The United States relies on the Internet and cyberspace for a variety of critical services. Ensuring the safety and security of cyberspace in the maritime domain requires the effort of several U.S. government agencies. The U.S. Coast Guard within the Department of Homeland Security and U.S. Navy in the Department of Defense are the two main agencies responsible with maritime cybersecurity. Key themes to be addressed in the course include agency jurisdiction, cyber strategy, policy issued by the agency, state of port and terminal cyber-systems, and cooperation with other departments. Cyber Warfare This class would look at the evolution of the cyber technology and how it has become the new platform for warfare between nations. Cyber warfare will look at the early roots of the Internet and take into account the influences of the military which made it into what it is today. Cyber warfare will also look at governmental abuse of information and the idea of transparency in the 21st century, utilizing examples like the Wiki Leaks and Edward Snowden. This will not be a tech class but a history/policy class regarding the concept of cyber warfare.

Recommended

Global Maritime Cyber Strategy
Global Maritime Cyber StrategyGlobal Maritime Cyber Strategy
Global Maritime Cyber StrategyIan Kelly
 
Cyberwar: (R)evolution?
Cyberwar: (R)evolution?Cyberwar: (R)evolution?
Cyberwar: (R)evolution?zapp0
 
Protection of critical information infrastructure
Protection of critical information infrastructureProtection of critical information infrastructure
Protection of critical information infrastructureNeha Agarwal
 
Cyber Sec Project Proposal
Cyber Sec Project ProposalCyber Sec Project Proposal
Cyber Sec Project ProposalChris Young
 
Cyberwar threat to national security
Cyberwar threat to national securityCyberwar threat to national security
Cyberwar threat to national securityTalwant Singh
 
National Critical Information Infrastructure Protection Centre (NCIIPC): Role...
National Critical Information Infrastructure Protection Centre (NCIIPC): Role...National Critical Information Infrastructure Protection Centre (NCIIPC): Role...
National Critical Information Infrastructure Protection Centre (NCIIPC): Role...Cybersecurity Education and Research Centre
 
CYBERWAR: THE NEXT THREAT TO NATIONAL SECURITY
CYBERWAR: THE NEXT THREAT TO NATIONAL SECURITYCYBERWAR: THE NEXT THREAT TO NATIONAL SECURITY
CYBERWAR: THE NEXT THREAT TO NATIONAL SECURITYTalwant Singh
 
The National Cyber Security Strategy 2016 to 2021 sets out the government's p...
The National Cyber Security Strategy 2016 to 2021 sets out the government's p...The National Cyber Security Strategy 2016 to 2021 sets out the government's p...
The National Cyber Security Strategy 2016 to 2021 sets out the government's p...at MicroFocus Italy ❖✔
 

Recommended

Global Maritime Cyber Strategy
Global Maritime Cyber StrategyGlobal Maritime Cyber Strategy
Global Maritime Cyber StrategyIan Kelly
 
Cyberwar: (R)evolution?
Cyberwar: (R)evolution?Cyberwar: (R)evolution?
Cyberwar: (R)evolution?zapp0
 
Protection of critical information infrastructure
Protection of critical information infrastructureProtection of critical information infrastructure
Protection of critical information infrastructureNeha Agarwal
 
Cyber Sec Project Proposal
Cyber Sec Project ProposalCyber Sec Project Proposal
Cyber Sec Project ProposalChris Young
 
Cyberwar threat to national security
Cyberwar threat to national securityCyberwar threat to national security
Cyberwar threat to national securityTalwant Singh
 
National Critical Information Infrastructure Protection Centre (NCIIPC): Role...
National Critical Information Infrastructure Protection Centre (NCIIPC): Role...National Critical Information Infrastructure Protection Centre (NCIIPC): Role...
National Critical Information Infrastructure Protection Centre (NCIIPC): Role...Cybersecurity Education and Research Centre
 
CYBERWAR: THE NEXT THREAT TO NATIONAL SECURITY
CYBERWAR: THE NEXT THREAT TO NATIONAL SECURITYCYBERWAR: THE NEXT THREAT TO NATIONAL SECURITY
CYBERWAR: THE NEXT THREAT TO NATIONAL SECURITYTalwant Singh
 
The National Cyber Security Strategy 2016 to 2021 sets out the government's p...
The National Cyber Security Strategy 2016 to 2021 sets out the government's p...The National Cyber Security Strategy 2016 to 2021 sets out the government's p...
The National Cyber Security Strategy 2016 to 2021 sets out the government's p...at MicroFocus Italy ❖✔
 
Cyber defence sebagai garda terdepan ketahanan nasional
Cyber defence sebagai garda terdepan ketahanan nasionalCyber defence sebagai garda terdepan ketahanan nasional
Cyber defence sebagai garda terdepan ketahanan nasionalEdi Suryadi
 
Potential Impact of Cyber Attacks on Critical Infrastructure
Potential Impact of Cyber Attacks on Critical InfrastructurePotential Impact of Cyber Attacks on Critical Infrastructure
Potential Impact of Cyber Attacks on Critical InfrastructureUnisys Corporation
 
Critical Infrastructure and Cyber Threat
Critical Infrastructure and Cyber ThreatCritical Infrastructure and Cyber Threat
Critical Infrastructure and Cyber ThreatMotorola Solutions
 
Pt08 19 final1
Pt08 19 final1Pt08 19 final1
Pt08 19 final1Francisco Santibañez
 
Selex ES at Le Bourget 2013 Cyber Partnership
Selex ES at Le Bourget 2013 Cyber Partnership Selex ES at Le Bourget 2013 Cyber Partnership
Selex ES at Le Bourget 2013 Cyber Partnership Leonardo
 
Maritime Cyber Security-Κυβερνοασφάλεια και Ναυτιλία
Maritime Cyber Security-Κυβερνοασφάλεια και ΝαυτιλίαMaritime Cyber Security-Κυβερνοασφάλεια και Ναυτιλία
Maritime Cyber Security-Κυβερνοασφάλεια και ΝαυτιλίαPapadakis K.-Cyber-Information Warfare Analyst & Cyber Defense/Security Consultant-Hellenic MoD
 
Critical Infrastructure and Cyber Security: trends and challenges
Critical Infrastructure and Cyber Security: trends and challengesCritical Infrastructure and Cyber Security: trends and challenges
Critical Infrastructure and Cyber Security: trends and challengesCommunity Protection Forum
 
Virtual Bridge Sessions: The National Cyber Security Centre at Your Service
Virtual Bridge Sessions: The National Cyber Security Centre at Your ServiceVirtual Bridge Sessions: The National Cyber Security Centre at Your Service
Virtual Bridge Sessions: The National Cyber Security Centre at Your ServiceCollege Development Network
 
Department of Defense Strategy for Operating in Cyberspace
Department of Defense Strategy for Operating in CyberspaceDepartment of Defense Strategy for Operating in Cyberspace
Department of Defense Strategy for Operating in CyberspaceDepartment of Defense
 
cybersecurity- A.Abutaleb
cybersecurity- A.Abutalebcybersecurity- A.Abutaleb
cybersecurity- A.AbutalebFahmi Albaheth
 
NUS-ISS Learning Day 2017 - Managing Cybersecurity Risk in the Digital Era fo...
NUS-ISS Learning Day 2017 - Managing Cybersecurity Risk in the Digital Era fo...NUS-ISS Learning Day 2017 - Managing Cybersecurity Risk in the Digital Era fo...
NUS-ISS Learning Day 2017 - Managing Cybersecurity Risk in the Digital Era fo...NUS-ISS
 
Need for Improved Critical Industrial Infrastructure Protection
Need for Improved Critical Industrial Infrastructure ProtectionNeed for Improved Critical Industrial Infrastructure Protection
Need for Improved Critical Industrial Infrastructure ProtectionWilliam McBorrough
 
Cert adli wahid_iisf2011
Cert adli wahid_iisf2011Cert adli wahid_iisf2011
Cert adli wahid_iisf2011Directorate of Information Security | Ditjen Aptika
 
Business blackout
Business blackoutBusiness blackout
Business blackoutSimone Luca Giargia
 
2015 Cyber Security Strategy
2015 Cyber Security Strategy 2015 Cyber Security Strategy
2015 Cyber Security Strategy Mohit Kumar
 
Noah Maina: Computer Emergency Response Team (CERT)
Noah Maina: Computer Emergency Response Team (CERT)Noah Maina: Computer Emergency Response Team (CERT)
Noah Maina: Computer Emergency Response Team (CERT)Hamisi Kibonde
 
CERT Certification
CERT CertificationCERT Certification
CERT CertificationConferencias FIST
 
Cyber Security for the Maritime Industry
Cyber Security for the Maritime IndustryCyber Security for the Maritime Industry
Cyber Security for the Maritime IndustryCybernetic Global Intelligence
 
18 maritim secur
18 maritim secur18 maritim secur
18 maritim securParth Dave
 
Maritime Security Brochure
Maritime Security BrochureMaritime Security Brochure
Maritime Security BrochureBeth Cook
 
Critical Infrastructure and Cybersecurity
Critical Infrastructure and Cybersecurity Critical Infrastructure and Cybersecurity
Critical Infrastructure and Cybersecurity European Services Institute
 
Critical Infrastructure Protection against targeted attacks on cyber-physical...
Critical Infrastructure Protection against targeted attacks on cyber-physical...Critical Infrastructure Protection against targeted attacks on cyber-physical...
Critical Infrastructure Protection against targeted attacks on cyber-physical...Enrique Martin
 

More Related Content

What's hot

Cyber defence sebagai garda terdepan ketahanan nasional
Cyber defence sebagai garda terdepan ketahanan nasionalCyber defence sebagai garda terdepan ketahanan nasional
Cyber defence sebagai garda terdepan ketahanan nasionalEdi Suryadi
 
Potential Impact of Cyber Attacks on Critical Infrastructure
Potential Impact of Cyber Attacks on Critical InfrastructurePotential Impact of Cyber Attacks on Critical Infrastructure
Potential Impact of Cyber Attacks on Critical InfrastructureUnisys Corporation
 
Critical Infrastructure and Cyber Threat
Critical Infrastructure and Cyber ThreatCritical Infrastructure and Cyber Threat
Critical Infrastructure and Cyber ThreatMotorola Solutions
 
Selex ES at Le Bourget 2013 Cyber Partnership
Selex ES at Le Bourget 2013 Cyber Partnership Selex ES at Le Bourget 2013 Cyber Partnership
Selex ES at Le Bourget 2013 Cyber Partnership Leonardo
 
Critical Infrastructure and Cyber Security: trends and challenges
Critical Infrastructure and Cyber Security: trends and challengesCritical Infrastructure and Cyber Security: trends and challenges
Critical Infrastructure and Cyber Security: trends and challengesCommunity Protection Forum
 
Virtual Bridge Sessions: The National Cyber Security Centre at Your Service
Virtual Bridge Sessions: The National Cyber Security Centre at Your ServiceVirtual Bridge Sessions: The National Cyber Security Centre at Your Service
Virtual Bridge Sessions: The National Cyber Security Centre at Your ServiceCollege Development Network
 
Department of Defense Strategy for Operating in Cyberspace
Department of Defense Strategy for Operating in CyberspaceDepartment of Defense Strategy for Operating in Cyberspace
Department of Defense Strategy for Operating in CyberspaceDepartment of Defense
 
cybersecurity- A.Abutaleb
cybersecurity- A.Abutalebcybersecurity- A.Abutaleb
cybersecurity- A.AbutalebFahmi Albaheth
 
NUS-ISS Learning Day 2017 - Managing Cybersecurity Risk in the Digital Era fo...
NUS-ISS Learning Day 2017 - Managing Cybersecurity Risk in the Digital Era fo...NUS-ISS Learning Day 2017 - Managing Cybersecurity Risk in the Digital Era fo...
NUS-ISS Learning Day 2017 - Managing Cybersecurity Risk in the Digital Era fo...NUS-ISS
 
Need for Improved Critical Industrial Infrastructure Protection
Need for Improved Critical Industrial Infrastructure ProtectionNeed for Improved Critical Industrial Infrastructure Protection
Need for Improved Critical Industrial Infrastructure ProtectionWilliam McBorrough
 
2015 Cyber Security Strategy
2015 Cyber Security Strategy 2015 Cyber Security Strategy
2015 Cyber Security Strategy Mohit Kumar
 
Noah Maina: Computer Emergency Response Team (CERT)
Noah Maina: Computer Emergency Response Team (CERT)Noah Maina: Computer Emergency Response Team (CERT)
Noah Maina: Computer Emergency Response Team (CERT)Hamisi Kibonde
 

What's hot (17)

Cyber defence sebagai garda terdepan ketahanan nasional
Cyber defence sebagai garda terdepan ketahanan nasionalCyber defence sebagai garda terdepan ketahanan nasional
Cyber defence sebagai garda terdepan ketahanan nasional
 
Potential Impact of Cyber Attacks on Critical Infrastructure
Potential Impact of Cyber Attacks on Critical InfrastructurePotential Impact of Cyber Attacks on Critical Infrastructure
Potential Impact of Cyber Attacks on Critical Infrastructure
 
Critical Infrastructure and Cyber Threat
Critical Infrastructure and Cyber ThreatCritical Infrastructure and Cyber Threat
Critical Infrastructure and Cyber Threat
 
Pt08 19 final1
Pt08 19 final1Pt08 19 final1
Pt08 19 final1
 
Selex ES at Le Bourget 2013 Cyber Partnership
Selex ES at Le Bourget 2013 Cyber Partnership Selex ES at Le Bourget 2013 Cyber Partnership
Selex ES at Le Bourget 2013 Cyber Partnership
 
Maritime Cyber Security-Κυβερνοασφάλεια και Ναυτιλία
Maritime Cyber Security-Κυβερνοασφάλεια και ΝαυτιλίαMaritime Cyber Security-Κυβερνοασφάλεια και Ναυτιλία
Maritime Cyber Security-Κυβερνοασφάλεια και Ναυτιλία
 
Critical Infrastructure and Cyber Security: trends and challenges
Critical Infrastructure and Cyber Security: trends and challengesCritical Infrastructure and Cyber Security: trends and challenges
Critical Infrastructure and Cyber Security: trends and challenges
 
Virtual Bridge Sessions: The National Cyber Security Centre at Your Service
Virtual Bridge Sessions: The National Cyber Security Centre at Your ServiceVirtual Bridge Sessions: The National Cyber Security Centre at Your Service
Virtual Bridge Sessions: The National Cyber Security Centre at Your Service
 
Department of Defense Strategy for Operating in Cyberspace
Department of Defense Strategy for Operating in CyberspaceDepartment of Defense Strategy for Operating in Cyberspace
Department of Defense Strategy for Operating in Cyberspace
 
cybersecurity- A.Abutaleb
cybersecurity- A.Abutalebcybersecurity- A.Abutaleb
cybersecurity- A.Abutaleb
 
NUS-ISS Learning Day 2017 - Managing Cybersecurity Risk in the Digital Era fo...
NUS-ISS Learning Day 2017 - Managing Cybersecurity Risk in the Digital Era fo...NUS-ISS Learning Day 2017 - Managing Cybersecurity Risk in the Digital Era fo...
NUS-ISS Learning Day 2017 - Managing Cybersecurity Risk in the Digital Era fo...
 
Need for Improved Critical Industrial Infrastructure Protection
Need for Improved Critical Industrial Infrastructure ProtectionNeed for Improved Critical Industrial Infrastructure Protection
Need for Improved Critical Industrial Infrastructure Protection
 
Cert adli wahid_iisf2011
Cert adli wahid_iisf2011Cert adli wahid_iisf2011
Cert adli wahid_iisf2011
 
Business blackout
Business blackoutBusiness blackout
Business blackout
 
2015 Cyber Security Strategy
2015 Cyber Security Strategy 2015 Cyber Security Strategy
2015 Cyber Security Strategy
 
Noah Maina: Computer Emergency Response Team (CERT)
Noah Maina: Computer Emergency Response Team (CERT)Noah Maina: Computer Emergency Response Team (CERT)
Noah Maina: Computer Emergency Response Team (CERT)
 
CERT Certification
CERT CertificationCERT Certification
CERT Certification
 

Viewers also liked

18 maritim secur
18 maritim secur18 maritim secur
18 maritim securParth Dave
 
Maritime Security Brochure
Maritime Security BrochureMaritime Security Brochure
Maritime Security BrochureBeth Cook
 
Critical Infrastructure Protection against targeted attacks on cyber-physical...
Critical Infrastructure Protection against targeted attacks on cyber-physical...Critical Infrastructure Protection against targeted attacks on cyber-physical...
Critical Infrastructure Protection against targeted attacks on cyber-physical...Enrique Martin
 
Cyber security threats for 2017
Cyber security threats for 2017Cyber security threats for 2017
Cyber security threats for 2017Ramiro Cid
 
Cyber security
Cyber securityCyber security
Cyber securitySiblu28
 
Cyber crime and security ppt
Cyber crime and security pptCyber crime and security ppt
Cyber crime and security pptLipsita Behera
 

Viewers also liked (9)

Cyber Security for the Maritime Industry
Cyber Security for the Maritime IndustryCyber Security for the Maritime Industry
Cyber Security for the Maritime Industry
 
18 maritim secur
18 maritim secur18 maritim secur
18 maritim secur
 
Maritime Security Brochure
Maritime Security BrochureMaritime Security Brochure
Maritime Security Brochure
 
Critical Infrastructure and Cybersecurity
Critical Infrastructure and Cybersecurity Critical Infrastructure and Cybersecurity
Critical Infrastructure and Cybersecurity
 
Critical Infrastructure Protection against targeted attacks on cyber-physical...
Critical Infrastructure Protection against targeted attacks on cyber-physical...Critical Infrastructure Protection against targeted attacks on cyber-physical...
Critical Infrastructure Protection against targeted attacks on cyber-physical...
 
Cybersecurity 2 cyber attacks
Cybersecurity 2 cyber attacksCybersecurity 2 cyber attacks
Cybersecurity 2 cyber attacks
 
Cyber security threats for 2017
Cyber security threats for 2017Cyber security threats for 2017
Cyber security threats for 2017
 
Cyber security
Cyber securityCyber security
Cyber security
 
Cyber crime and security ppt
Cyber crime and security pptCyber crime and security ppt
Cyber crime and security ppt
 

Similar to INTRODUCTION TO MARITIME CYBERSECURITY

Sputnik Education Reform Movement
Sputnik Education Reform MovementSputnik Education Reform Movement
Sputnik Education Reform MovementJennifer Reither
 
Marriage of Cyber Security with Emergency Management -- NEMA
Marriage of Cyber Security with Emergency Management -- NEMAMarriage of Cyber Security with Emergency Management -- NEMA
Marriage of Cyber Security with Emergency Management -- NEMADavid Sweigert
 
HM502Unit 5 DQTopic 1 Infrastructure ProtectionA detailed
HM502Unit 5 DQTopic 1 Infrastructure ProtectionA detailedHM502Unit 5 DQTopic 1 Infrastructure ProtectionA detailed
HM502Unit 5 DQTopic 1 Infrastructure ProtectionA detailedSusanaFurman449
 
Hello dr. aguiar and classmates,for this week’s forum we were as
Hello dr. aguiar and classmates,for this week’s forum we were asHello dr. aguiar and classmates,for this week’s forum we were as
Hello dr. aguiar and classmates,for this week’s forum we were assimba35
 
VFAC REVIEW issue12_extract_2016
VFAC REVIEW issue12_extract_2016VFAC REVIEW issue12_extract_2016
VFAC REVIEW issue12_extract_2016Cameron Brown
 
1Running head CYBERWARCYBER WAR9Outstanding title.docx
1Running head CYBERWARCYBER WAR9Outstanding title.docx1Running head CYBERWARCYBER WAR9Outstanding title.docx
1Running head CYBERWARCYBER WAR9Outstanding title.docxfelicidaddinwoodie
 
Title United States. The National Strategy for Homeland Security .docx
Title United States. The National Strategy for Homeland Security .docxTitle United States. The National Strategy for Homeland Security .docx
Title United States. The National Strategy for Homeland Security .docxjuliennehar
 
William Strong1. Explain what is meant by the collaborations bet.docx
William Strong1. Explain what is meant by the collaborations bet.docxWilliam Strong1. Explain what is meant by the collaborations bet.docx
William Strong1. Explain what is meant by the collaborations bet.docxambersalomon88660
 
Securing Cyber Space- Eljay Robertson
Securing Cyber Space- Eljay RobertsonSecuring Cyber Space- Eljay Robertson
Securing Cyber Space- Eljay RobertsonEljay Robertson
 
Berlin Intl Sec Conf2 Paper
Berlin Intl Sec Conf2 PaperBerlin Intl Sec Conf2 Paper
Berlin Intl Sec Conf2 Papermartindudziak
 
Asymmetric threat 5_paper
Asymmetric threat 5_paperAsymmetric threat 5_paper
Asymmetric threat 5_paperMarioEliseo3
 
Resourcing the US 2030 Cyber Strategy
Resourcing the US 2030 Cyber StrategyResourcing the US 2030 Cyber Strategy
Resourcing the US 2030 Cyber StrategyScott Dickson
 
Justin BennettTerrorism is one of the six strategic risk that is.docx
Justin BennettTerrorism is one of the six strategic risk that is.docxJustin BennettTerrorism is one of the six strategic risk that is.docx
Justin BennettTerrorism is one of the six strategic risk that is.docxtawnyataylor528
 
Cyber security-in-india-present-status
Cyber security-in-india-present-statusCyber security-in-india-present-status
Cyber security-in-india-present-statusRama Reddy
 
Homeland Security And Infrastructure (NPPD)
Homeland Security And Infrastructure (NPPD)Homeland Security And Infrastructure (NPPD)
Homeland Security And Infrastructure (NPPD)Jill Baldwin
 
Chapter 11The Threat Matrix In this chapter,
Chapter 11The Threat Matrix In this chapter, Chapter 11The Threat Matrix In this chapter,
Chapter 11The Threat Matrix In this chapter, MargaritoWhitt221
 
Hacking Municipal Government Best Practices for Protection of Sensitive Loc...
Hacking Municipal Government Best Practices for Protection of Sensitive Loc...Hacking Municipal Government Best Practices for Protection of Sensitive Loc...
Hacking Municipal Government Best Practices for Protection of Sensitive Loc...Ben Griffith
 
The Energy Sector Paper
The Energy Sector PaperThe Energy Sector Paper
The Energy Sector PaperSonia Sanchez
 
Finland s cyber security strategy background dossier
Finland s cyber security strategy background dossierFinland s cyber security strategy background dossier
Finland s cyber security strategy background dossierYury Chemerkin
 

Similar to INTRODUCTION TO MARITIME CYBERSECURITY (20)

Sputnik Education Reform Movement
Sputnik Education Reform MovementSputnik Education Reform Movement
Sputnik Education Reform Movement
 
Marriage of Cyber Security with Emergency Management -- NEMA
Marriage of Cyber Security with Emergency Management -- NEMAMarriage of Cyber Security with Emergency Management -- NEMA
Marriage of Cyber Security with Emergency Management -- NEMA
 
Homeland Security Bill
Homeland Security BillHomeland Security Bill
Homeland Security Bill
 
HM502Unit 5 DQTopic 1 Infrastructure ProtectionA detailed
HM502Unit 5 DQTopic 1 Infrastructure ProtectionA detailedHM502Unit 5 DQTopic 1 Infrastructure ProtectionA detailed
HM502Unit 5 DQTopic 1 Infrastructure ProtectionA detailed
 
Hello dr. aguiar and classmates,for this week’s forum we were as
Hello dr. aguiar and classmates,for this week’s forum we were asHello dr. aguiar and classmates,for this week’s forum we were as
Hello dr. aguiar and classmates,for this week’s forum we were as
 
VFAC REVIEW issue12_extract_2016
VFAC REVIEW issue12_extract_2016VFAC REVIEW issue12_extract_2016
VFAC REVIEW issue12_extract_2016
 
1Running head CYBERWARCYBER WAR9Outstanding title.docx
1Running head CYBERWARCYBER WAR9Outstanding title.docx1Running head CYBERWARCYBER WAR9Outstanding title.docx
1Running head CYBERWARCYBER WAR9Outstanding title.docx
 
Title United States. The National Strategy for Homeland Security .docx
Title United States. The National Strategy for Homeland Security .docxTitle United States. The National Strategy for Homeland Security .docx
Title United States. The National Strategy for Homeland Security .docx
 
William Strong1. Explain what is meant by the collaborations bet.docx
William Strong1. Explain what is meant by the collaborations bet.docxWilliam Strong1. Explain what is meant by the collaborations bet.docx
William Strong1. Explain what is meant by the collaborations bet.docx
 
Securing Cyber Space- Eljay Robertson
Securing Cyber Space- Eljay RobertsonSecuring Cyber Space- Eljay Robertson
Securing Cyber Space- Eljay Robertson
 
Berlin Intl Sec Conf2 Paper
Berlin Intl Sec Conf2 PaperBerlin Intl Sec Conf2 Paper
Berlin Intl Sec Conf2 Paper
 
Asymmetric threat 5_paper
Asymmetric threat 5_paperAsymmetric threat 5_paper
Asymmetric threat 5_paper
 
Resourcing the US 2030 Cyber Strategy
Resourcing the US 2030 Cyber StrategyResourcing the US 2030 Cyber Strategy
Resourcing the US 2030 Cyber Strategy
 
Justin BennettTerrorism is one of the six strategic risk that is.docx
Justin BennettTerrorism is one of the six strategic risk that is.docxJustin BennettTerrorism is one of the six strategic risk that is.docx
Justin BennettTerrorism is one of the six strategic risk that is.docx
 
Cyber security-in-india-present-status
Cyber security-in-india-present-statusCyber security-in-india-present-status
Cyber security-in-india-present-status
 
Homeland Security And Infrastructure (NPPD)
Homeland Security And Infrastructure (NPPD)Homeland Security And Infrastructure (NPPD)
Homeland Security And Infrastructure (NPPD)
 
Chapter 11The Threat Matrix In this chapter,
Chapter 11The Threat Matrix In this chapter, Chapter 11The Threat Matrix In this chapter,
Chapter 11The Threat Matrix In this chapter,
 
Hacking Municipal Government Best Practices for Protection of Sensitive Loc...
Hacking Municipal Government Best Practices for Protection of Sensitive Loc...Hacking Municipal Government Best Practices for Protection of Sensitive Loc...
Hacking Municipal Government Best Practices for Protection of Sensitive Loc...
 
The Energy Sector Paper
The Energy Sector PaperThe Energy Sector Paper
The Energy Sector Paper
 
Finland s cyber security strategy background dossier
Finland s cyber security strategy background dossierFinland s cyber security strategy background dossier
Finland s cyber security strategy background dossier
 

INTRODUCTION TO MARITIME CYBERSECURITY

  • 1. Introduction to Maritime Cybersecurity A course and minor program proposal to the CSU Maritime Academy Dr. Donna Nincic 1/c Andrew Bichlmeier 1/c Blaine Meserve-Nibley 1/c Luis Robles
  • 2. Intro to Maritime Cybersecurity CSU Maritime Academy Course/Minor Proposal 2 | P a g e Introduction to Maritime Cyber Security Course Description Cybersecurity in the maritime domain is an emerging field of vulnerability on a global scale. The maritime industry, governing entities, and stakeholders must become aware of the increasing threats to information systems. Cyberspace is infinite, and attacks can be made from any point in the world. Attacks are capable of disrupting “just in time” transportation delivery systems and carry significant implications for economic and national security. Introduction to Maritime Cybersecurity will educate students on the current types of threats, the actors who may seek to cause harm in the maritime domain, and the governing authorities responsible for preventing such attacks. Additionally, the course will explore current U.S. policy, domestic and international laws, and response to cybersecurity incidents. Recommended Textbook Singer, P.W., Friedman, A. (2014). Cybersecurity and Cyberwar: What Everyone Needs to Know. 1st Edition. New York: Oxford University Press. Introduction to Maritime Cybersecurity – Proposed Course Syllabus SECTION I: INTRODUCTION TO MARITIME CYBERSECURITY Topic/Reading Description Week 1 Cyber – The Problem Reading: Begin Course Textbook The introductory week will begin to engage the class into the concept of cyberspace. What is cyberspace? Why is it an emerging issue? What is different about cyber from other security threats? These questions will get the class focused on what they will be learning throughout the rest of the semester in Intro to Maritime Cyber Security. Week 1 will also establish basic definitions and cyber terms to ensure technical “language” is uniform. Week 2 The Classified Problem/Types of Threats Reading: RAND: Cyber- security threat characterization This week will introduce the problem of academia in regards to studying information that may be deemed classified or sensitive in nature. Specifically, how can conclusions or recommendations are made while addressing classified material that is non-accessible. The second part of the week will begin the types of threats that affect the maritime cyber domain and their targeted information systems.
  • 3. Intro to Maritime Cybersecurity CSU Maritime Academy Course/Minor Proposal 3 | P a g e Week 3 Types of Threats (continued) Reading: RAND: Cyber- security threat characterization The types of threats in the maritime cyber domain must be understood in order to have a full grasp of the dangers to information systems. Different threats have various outcomes with some seeking to steal or destroy data while others seek to shut down systems or control networks. The types of threats to be covered specifically are: Denial of Service, Phishing, Trojan Horse, Virus, Worms, Exploits, and Data Coercion (changing, corrupting, and deleting). Week 4 Case Studies Reading: Specific case studies Case studies are important in order to understand how cyber-attacks affect organizations or individuals. A case study clearly demonstrates how the type of attack has its own objective and will help the student understand why attacks occur. This week will also address who is being attacked in the cyber domain and why the targets may be of high or low interest for hackers. Some recommended case studies are: Office of Personnel Management, Ashley Maddison, and the Target credit card scam. Each case study demonstrates different motives and were caused by actors with separate interests. These case studies should begin to help tie in different aspects of cyber together throughout the semester. Week 5 The Threat Matrix Reading: Finish Course Textbook The Probability/Impact Matrix is vital to understanding and prioritizing defense mechanisms for certain threats. The prioritization is based on which threats are deemed high probability and high impact should the threat occur. This allows for agencies responsible for security to determine steps required to efficiently protect the assets in their domain. After the initial concept of the Threat Matrix is taught, students will apply it to the various threats they learned in the case studies and threats from weeks 3 and 4. SECTION II: ACTORS IN THE CYBER DOMAIN Topic/Reading Description Week 6 United States of America The United States is extremely vulnerable to cyber-attacks.
  • 4. Intro to Maritime Cybersecurity CSU Maritime Academy Course/Minor Proposal 4 | P a g e Reading: White House Foreign Policy on Cyber, Comprehensive National Cybersecurity Initiative In response, the United States government has created policy that strives to stay ahead of the curve. This section will examine the adequacy of existing legal authorities, statutory or constitutional, for responding to cyber threats. Also, we will examine the appropriate roles for the executive and legislative branches in addressing cybersecurity. When there is a solid understanding of the U.S. cyber policy, we will delve into the existing cybersecurity threats. Week 7 China Reading: China and International Law, Exposing One of China’s Cyber Espionage Units China is an emerging world superpower and poses a threat to U.S. hegemony. This week will focus on Chinese cyber policy and their interactions with the United States. While both China and the U.S. are focused on working internationally to promote an open, interoperable, secure, and reliable cyberspace, there are striking differences between their two viewpoints. Key themes include China’s defensive acts, Code of Conduct, and transition from a developing nation. Week 8 Individuals Reading: Pirates Exploiting Cybersecurity Weaknesses in Maritime Industry Hacking for a Cause Cybersecurity Threats Impacting the Nation Within the cybersecurity world, there are actors with non- political goals. These actors are motivated by gaining tangibles such as money, information, and blackmail. Insiders, spammers, spyware/malware authors, hacktivists, criminals (seeking monetary gain) represent some of these individual non-state actors. This week will focus on a variety of non-political actors, their unique motivation, what information they after and what they plan to do with the information. Week 9 Terrorists A terrorist seeks to destroy, incapacitate, or exploit critical infrastructures in order to threaten national security, cause mass casualties, weaken the economy, and damage public morale and confidence. This week will examine terrorist’s motivation, cyber capabilities, where they could attack and how they will acquire the information. Key legislation for this week will include the Maritime Transportation Security Act and ISPS at ports and terminals. Week 10 The Threat Matrix (Actors) The Threat Matrix applied to actors should be re-examined now that there is a basic understanding of who are the main
  • 5. Intro to Maritime Cybersecurity CSU Maritime Academy Course/Minor Proposal 5 | P a g e Reading: Cyber-security threat characterization, Cyber Tops Intel Community’s 2013 Global Threat Assessment actors in cybersecurity. We will look at the possibility of threats from these different actors. Key themes will include prioritization, characterization, and the role of domestic law enforcement agencies to take action. This will allow for a smooth transition into the third phase of the class, protecting against cyber. SECTION III: PROTECTING AGAINST CYBER ATTACKS Topic/Reading Description Week 11 Targets & Vulnerabilities Reading: Critical Infrastructure Gap: U.S. Port Facilities and Cyber Vulnerabilities GAO: Report on Cyber Terrorism in the Maritime Environment It is important to Understand the areas where maritime facilities are most vulnerable, while understanding and proposing solutions for maritime facilities. This week focuses on understanding the areas for improvements for both private and governmental facilities. Take into considerations government, business, and public infrastructure while looking at the weak links with the chain of cybersecurity and understanding the need for a shifting of security focus. The focus will be on vulnerabilities within local, state, and federal government and comparing those vulnerabilities to business in maritime and port facilities. Additionally, students will evaluate supply chain vulnerabilities at port facilities, shipping companies, and vessels. Week 12 U.S. Government Strategy Reading: USCG Cyber Strategy DoD Cyber Strategy The objective for this week is to understand the resources used by the government to defend against and combat maritime cyber threats in the 21st century. It is important to understand the crucial methods and tactics that the Navy and USCG use to combat maritime cyber security. This week will focus on both the DoD and USCG cyber strategies and review GAO and RAND reports on the US handing of cybersecurity. Week 13 Cyber Law Reading: China and International Law in The goal for this week is to understand the laws in which military and governmental agencies operate within. In addition, the class will compare the difference between domestic laws and international laws in cybersecurity. It is
  • 6. Intro to Maritime Cybersecurity CSU Maritime Academy Course/Minor Proposal 6 | P a g e Cyberspace also important to understand civil rights of American citizens within that domestic law. Some of the suggested laws for examination are: Cybersecurity Information Sharing Act, Protecting Cyber Networks Act, and the National Cybersecurity Protection Advancement Act. Week 14 Cyber Crime/Terrorism Reading: Case Studies The objective of this week is to compare and contrast cyber-crime and cyber-terrorism while looking at what domestic and international agencies are doing to track down and stop criminals/terrorist from committing further acts of violence. This will include examining previous case studies in which cyber criminals were caught and how they were prosecuted. This will look at federal agencies including the FBI, NSA, CIA, DIA, and INTERPOL. Week 15 The Future of Cyber Reading: Cybersecurity Issues and Challenges The final week will wrap all the content from the previous weeks and take a brief look at what the future holds for the maritime cybersecurity domain. The class will also predict future threats, while using all the pervious case studies, to compile a list of feasible threats. Lastly, the course will touch on the future of cyber warfare and its implications, as well as the ethics of cyber-attacks . Proposed Minor Courses Introduction to Maritime Cybersecurity Cybersecurity in the maritime domain is an emerging field of vulnerability on a global scale. The maritime industry, governing entities, and stakeholders must become aware of the increasing threats to information systems. Cyberspace is infinite, and attacks can be made from any point in the world. Attacks are capable of disrupting “just in time” transportation delivery systems and carry significant implications for economic and national security. Introduction to Maritime Cybersecurity will educate students on the current types of threats, the actors who may seek to cause harm in the maritime domain, and the governing authorities responsible for preventing such attacks. Additionally, the course will explore current U.S. policy, domestic and international laws, and response to cybersecurity incidents. Introduction to Information Systems In order to have a level understanding of the cyber domain, students must have a base-level of comprehension in information systems. The course would introduce students to the basics of information systems and relate them to cybersecurity considerations. Included would be networks, databases, and other information systems related to the current cyber domain. In
  • 7. Intro to Maritime Cybersecurity CSU Maritime Academy Course/Minor Proposal 7 | P a g e addition, the course could introduce laws that govern information systems and standardize basic vocabulary and system management at a base-level of comprehension for a student seeking the minor in maritime cybersecurity. Ports and Terminals Management A course already offered at CSU Maritime Academy, Ports and Terminals Management would be valuable for students to understand how goods and resources are moved throughout the world. This understanding is crucial since much of the global supply of goods is based on a “just-in- time” delivery system which is largely run on information systems that are exposed to the cyber domain. A student must comprehend the basics of ports and terminal management to be able to apply maritime cybersecurity into the maritime domain and industry. Who are the stakeholders at a port? How is a port run? Which laws govern ports? Each question are addressed in the course and would supplement the minor with background understanding on the maritime domain and its business management at ports and terminals. Cybersecurity Policy Cybersecurity has emerged as one of the most significant domestic and international security and economic risks today. In order to combat various cyber threats, state, federal, and international policy has been created. This course will explore policy issued by the various levels of government and its role in maritime cybersecurity. Key themes to be addressed include laws, regulations, civil liberties, law enforcement and national security. Strong emphasis will be placed on the Maritime Transportation Security Act, Cybersecurity Information Sharing Act of 2015, Protecting Cyber Networks Act, National Cybersecurity Protection Advancement Act of 2015 and the future of cybersecurity in the maritime domain. Maritime Cybersecurity Organizations The United States relies on the Internet and cyberspace for a variety of critical services. Ensuring the safety and security of cyberspace in the maritime domain requires the effort of several U.S. government agencies. The U.S. Coast Guard within the Department of Homeland Security and U.S. Navy in the Department of Defense are the two main agencies responsible with maritime cybersecurity. Key themes to be addressed in the course include agency jurisdiction, cyber strategy, policy issued by the agency, state of port and terminal cyber-systems, and cooperation with other departments. Cyber Warfare This class would look at the evolution of the cyber technology and how it has become the new platform for warfare between nations. Cyber warfare will look at the early roots of the Internet and take into account the influences of the military which made it into what it is today. Cyber warfare will also look at governmental abuse of information and the idea of transparency in the 21st century, utilizing examples like the Wiki Leaks and Edward Snowden. This will not be a tech class but a history/policy class regarding the concept of cyber warfare.