The SDI Team reports from the ISC West conference, including industry trends, new technologies, and security market observations. Whether you were in attendance at the ISC West conference or not, please find our following takeaways to assist you with keeping your organization up to speed with industry developments.
ABSTRACT: Cybersecurity risk pervades all sectors of the US economy. It challenges the reliability, resiliency, and safety of our infrastructures. The chemical industry, particularly the petro-chemical industry, is a critical infrastructure that is vulnerable to cyber attacks. By its nature, the chemical industry deals with products that are sometimes highly hazardous for people and the environment. Cyber attacks on chemical industry represent a threat beyond the boundaries of the factory involved. This paper presents a brief introduction to how cybersecurity affects the chemical industry.
KEY WORDS: cybersecurity, computer security, chemical industry
Cyber Vardzia - An in-depth analysis of Integrated Physical and Cyber Securit...Dr David Probert
An Extensive Review of Integrating Cyber Security and Physical Security Systems and their Practical Implementation for Government and Business within 21stC Georgia. This paper accompanied the presentation slides that were given in the Opening Keynote Session of the 3rd GITI Conference at the Tbilisi Sheraton Hotel - November 2010.
The SDI Team reports from the ISC West conference, including industry trends, new technologies, and security market observations. Whether you were in attendance at the ISC West conference or not, please find our following takeaways to assist you with keeping your organization up to speed with industry developments.
ABSTRACT: Cybersecurity risk pervades all sectors of the US economy. It challenges the reliability, resiliency, and safety of our infrastructures. The chemical industry, particularly the petro-chemical industry, is a critical infrastructure that is vulnerable to cyber attacks. By its nature, the chemical industry deals with products that are sometimes highly hazardous for people and the environment. Cyber attacks on chemical industry represent a threat beyond the boundaries of the factory involved. This paper presents a brief introduction to how cybersecurity affects the chemical industry.
KEY WORDS: cybersecurity, computer security, chemical industry
Cyber Vardzia - An in-depth analysis of Integrated Physical and Cyber Securit...Dr David Probert
An Extensive Review of Integrating Cyber Security and Physical Security Systems and their Practical Implementation for Government and Business within 21stC Georgia. This paper accompanied the presentation slides that were given in the Opening Keynote Session of the 3rd GITI Conference at the Tbilisi Sheraton Hotel - November 2010.
The first brochure for SMi Group's 3rd annual Oil & Gas Cyber Security conference & exhibition is here. Don't miss the Early Bird deadline and contact Alia Malick if you want to get involved.
CYBER SECURITY TRANDS FOR FUTURE SMART GRID SYSTEMSGeorge Wainblat
SUMMARY - Current power grids increasingly emerging into smart networked grids and are more accessible from the public internet which poses new cyber threats in the grid. More computer based systems are introduced into power networks in order to monitor and control the network. Future model smart grid and micro grid systems will be based on data flows for communication of system status, usage and control throughout the network infrastructure in addition to the power flow. This creates new security threats on the power grid. Instead of relying mainly on power plants for power generation, there will be a combination of multiple generation sources and at the same time wider use of electrical computer based equipment by consumers. Both increase the amount of data flows in the network as well as introduce additional vulnerable spots. Vulnerability of the power grid to cyber-attacks increases even more because of the wide use of SCADA networks. SCADA networks are more accessible to the internet and lack authentication and authorization mechanisms therefore expose the grid to threats such as DDOS, Data interception, Data alteration and additional hacking threats.
The transition from present to future model has already begun and rapidly growing while it already poses new security challenges which must be attended immediately. It is essential to introduce immediately a single comprehensive security solution which will provide fast detection and prevention tools to cope with a variety of threats with different nature and from multiple sources. The solution should not be tightly coupled with each device in the network so it won’t require upgrade of the devices inside the grid.
The Cyber defense solution should be versatile using variety of cyber technologies such as Firewalls, anomaly detection, Big Data analytics, machine learning and more in a network wise combination.
SECURITY IN LARGE, STRATEGIC AND COMPLEX SYSTEMSMarco Lisi
Lesson on "Security in large, Strategic and Complex Systems" at the "Master di II Livello" in "Homeland Security" -
Università degli Studi Campus Bio-Medico di Roma, A. A. 2012-2013
Overview about smart grid projects in Brazil and how the security requiments have been considered in R&D projects. Results related to a smart metering security assessment project are presented.
The International Association of Risk and Compliance Professionals (IARCP) today announced a major revision of the Certified Information Systems Risk and Compliance Professional (CISRCP) certification program.
Introduction to National Critical Infrastructure Cyber Security: Background a...Jack Whitsitt
Given at SOURCE Boston 2013, this presentation is one of the only places you will find the conceptual and policy underpinnings of U.S. national cyber security and critical infrastructure protection efforts and information about the recent White House Cyber Executive Order
Hacking Critical Infrastructure Like You’re Not a N00bPriyanka Aash
This presentation is targeted towards an audience that already understands how to compromise the embedded systems that run a process and now is looking at manipulating the physics of the process itself. In as much as time allows, it will cover all the things necessary to accomplish more than exercising the automatic shutdown logic of a process.
(Source: RSA USA 2016-San Francisco)
VIVA LA COMPLEJIDAD ! BIG DATA Y TECNOLOGÍA : ELEFANTES EN CIUDADES DE PORCE...Carlos Moreno
Professor Carlos Moreno
Consejero Cientifico del Presidente de COFELY INEO, Grupo GDF SUEZ
Miembro del Consejo Francés Superior de la Formacion e Investigacion Esratégica
Madrid 2014
“Posiblemente la ciberseguridad de las infraestructuras urbanas no ha tenido la atención que se merece: cuestiones como una planificación cortoplacista o restricciones económicas han puesto de relieve múltiples vulnerabilidades de gestión en los servicios básicos de la ciudad. Por ello se ha abierto una gran oportunidad para desplegar soluciones tecnológicas relacionadas con la ciberseguridad industrial que mejoran la seguridad de estas infraestructuras urbanas. Bajo este prisma hablaremos de dispositivos de campo, comunicaciones M2M, integridad y disponibilidad de datos… hasta llegar a las mismísimas plataformas que gestionan toda la información en tiempo real.”
Symantec 2010 Critical Information Infrastructure Protection (CIP) Survey found, among other things, that 53 percent of critical infrastructure providers report that their networks have experienced what they perceived as politically motivated cyber attacks. Participants claimed to have experienced such an attack on an average of 10 times in the past five years, incurring an average cost of $850,000 during a period of five years to their businesses.
The first brochure for SMi Group's 3rd annual Oil & Gas Cyber Security conference & exhibition is here. Don't miss the Early Bird deadline and contact Alia Malick if you want to get involved.
CYBER SECURITY TRANDS FOR FUTURE SMART GRID SYSTEMSGeorge Wainblat
SUMMARY - Current power grids increasingly emerging into smart networked grids and are more accessible from the public internet which poses new cyber threats in the grid. More computer based systems are introduced into power networks in order to monitor and control the network. Future model smart grid and micro grid systems will be based on data flows for communication of system status, usage and control throughout the network infrastructure in addition to the power flow. This creates new security threats on the power grid. Instead of relying mainly on power plants for power generation, there will be a combination of multiple generation sources and at the same time wider use of electrical computer based equipment by consumers. Both increase the amount of data flows in the network as well as introduce additional vulnerable spots. Vulnerability of the power grid to cyber-attacks increases even more because of the wide use of SCADA networks. SCADA networks are more accessible to the internet and lack authentication and authorization mechanisms therefore expose the grid to threats such as DDOS, Data interception, Data alteration and additional hacking threats.
The transition from present to future model has already begun and rapidly growing while it already poses new security challenges which must be attended immediately. It is essential to introduce immediately a single comprehensive security solution which will provide fast detection and prevention tools to cope with a variety of threats with different nature and from multiple sources. The solution should not be tightly coupled with each device in the network so it won’t require upgrade of the devices inside the grid.
The Cyber defense solution should be versatile using variety of cyber technologies such as Firewalls, anomaly detection, Big Data analytics, machine learning and more in a network wise combination.
SECURITY IN LARGE, STRATEGIC AND COMPLEX SYSTEMSMarco Lisi
Lesson on "Security in large, Strategic and Complex Systems" at the "Master di II Livello" in "Homeland Security" -
Università degli Studi Campus Bio-Medico di Roma, A. A. 2012-2013
Overview about smart grid projects in Brazil and how the security requiments have been considered in R&D projects. Results related to a smart metering security assessment project are presented.
The International Association of Risk and Compliance Professionals (IARCP) today announced a major revision of the Certified Information Systems Risk and Compliance Professional (CISRCP) certification program.
Introduction to National Critical Infrastructure Cyber Security: Background a...Jack Whitsitt
Given at SOURCE Boston 2013, this presentation is one of the only places you will find the conceptual and policy underpinnings of U.S. national cyber security and critical infrastructure protection efforts and information about the recent White House Cyber Executive Order
Hacking Critical Infrastructure Like You’re Not a N00bPriyanka Aash
This presentation is targeted towards an audience that already understands how to compromise the embedded systems that run a process and now is looking at manipulating the physics of the process itself. In as much as time allows, it will cover all the things necessary to accomplish more than exercising the automatic shutdown logic of a process.
(Source: RSA USA 2016-San Francisco)
VIVA LA COMPLEJIDAD ! BIG DATA Y TECNOLOGÍA : ELEFANTES EN CIUDADES DE PORCE...Carlos Moreno
Professor Carlos Moreno
Consejero Cientifico del Presidente de COFELY INEO, Grupo GDF SUEZ
Miembro del Consejo Francés Superior de la Formacion e Investigacion Esratégica
Madrid 2014
“Posiblemente la ciberseguridad de las infraestructuras urbanas no ha tenido la atención que se merece: cuestiones como una planificación cortoplacista o restricciones económicas han puesto de relieve múltiples vulnerabilidades de gestión en los servicios básicos de la ciudad. Por ello se ha abierto una gran oportunidad para desplegar soluciones tecnológicas relacionadas con la ciberseguridad industrial que mejoran la seguridad de estas infraestructuras urbanas. Bajo este prisma hablaremos de dispositivos de campo, comunicaciones M2M, integridad y disponibilidad de datos… hasta llegar a las mismísimas plataformas que gestionan toda la información en tiempo real.”
Symantec 2010 Critical Information Infrastructure Protection (CIP) Survey found, among other things, that 53 percent of critical infrastructure providers report that their networks have experienced what they perceived as politically motivated cyber attacks. Participants claimed to have experienced such an attack on an average of 10 times in the past five years, incurring an average cost of $850,000 during a period of five years to their businesses.
U.S. Approach to Cybersecurity GovernanceGwanhoo Lee
Presents U.S. Federal Cybersecurity Programs, the Cybersecurity Act (CSA) of 2015, NIST Framework for Improving Critical Infrastructure Cybersecurity, and Private Sector Best Practices in Cybersecurity Governance
Government Technology & Services Coalition & InfraGard NCR's Program: Cyber Security: Securing the Federal Cyber Domain by Strengthening Public-Private Partnership
Presentation: How do we Protect our Systems and Meet Compliance in a Rapidly Changing Environment
Presenter: Sean McCloskey, Program Manager, Cyber Security Evaluations Program, DHS
Description: With all the constant innovation in cyber, what is “cutting edge”? What constraints hinder innovation? How is technology being used to address the Executive Orders, comply to standards, and other meet other mandates? What areas still need resources, ideas and innovation? Join us to hear advances in cyber security technology and ways to protect and monitor systems that will provide for resilient infrastructures and incorporate new solutions.
L'intervento su "infrastrutture critiche e cybersicurezza nel settore dei trasporti" tenuto da Andrea Chiappetta al workshop "Critical Infrastructure protection against hybrid warfare security related challenges" svoltosi a Stoccolma lo scorso maggio.
Cybersecurity - Dominic Nessi, Former CIO, Los Angeles World AirportsSITA
In the digital age of air transport – with its ever-more connected industry operations, passengers and aircraft – air transport faces a constant threat of cyber attacks, both on the critical infrastructure that keeps the wheels of air travel in motion, and on passenger data. The spotlight on threat intelligence, identity protection, data privacy and security in air transport has never been more intense. As we navigate deepening ‘lakes’ of data to become smarter at every step, how do we protect our operations and passengers, ensuring the utmost security and resilience across the air transport community?
CyberSecurity, Mona Al Achkar Jabbour, UNOOSA, ICAO, Civil Aviation, Cyber Defense, Cyber safety, Cyber Peace, Cyber crime, Pan Arab Observatory for Cyber Security, Lebanese Information Technology Association
Technology evolution is pushing the boundaries and changing the way business is done around the world. Advanced technology in the supply chain has improved productivity, minimizing expenses and failures.
Gramax-Cybersec-Role of Cybersecurity in Maritime A high-risk sector.pdfGramax Cybersec
Role of Cybersecurity in Maritime: A high-risk sector
Maritime, an ancient industry responsible carriage for 90% of global trade, stands as a cornerstone of the world economy. Despite initial perceptions that maritime assets are immune, the increased reliance on industrial control systems (ICS) and satellite communications renders this age-old industry susceptible to cyber adversaries. The reluctance to openly share information and collaborate on cybersecurity best practices has exacerbated the issue, leading to a surge in maritime cyber incidents, up by a staggering 900% since 2017. The NotPetya cyberattack in June 2017 stands out as one of the most devastating incidents, causing over $10 billion in damages. This malware, initially targeting Ukrainian companies, had a far-reaching impact, affecting global giants like Maersk, which lost significant data and infrastructure.
In this article, we will take you through the crucial role of cybersecurity in the maritime sector, offering insights into the intricacies of the maritime ecosystem, and identifying key vulnerable systems. Additionally, we will explore the far-reaching consequences of successful cyberattacks and effective strategies for cyber risk management in this high-stakes domain.
Infrastructure Security by Sivamurthy HiremathClubHack
With the development of technology, the interdependence of various infrastructures has increased, which also enhanced their vulnerabilities. The National Information Infrastructure security concerns the nation’s stability and economic security. So far, the research in Internet security primarily focused on securing the information rather than securing the infrastructure itself.
The pervasive and ubiquitous nature of the Internet coupled with growing concerns about cyber attacks we need immediate solutions for securing the Internet infrastructure. Given the prevailing threat situation, there is a compelling need to develop Hardware redesign architectures, Algorithms, and Protocols to realize a dependable Internet infrastructure. In order to achieve this goal, the first and foremost step is to develop a comprehensive understanding of the security threats and existing solutions. These attempts to fulfil this important step by providing classification of Security attacks are classified into four main categories: DNS hacking, Routing table poisoning, Packet mistreatment, and Denial-of-Service attacks. We are generally discussing on the existing Infrastructure solutions for each of these categories, and also outline a methodology for developing secured Nation.
This primary focus of study was to investigate how cyber risks in ICT infrastructures of supply chains are managed. As its theoretical base, the study used the Adaptive Security Architecture framework that has been employed by most IT security specialists. Five experienced IT experts participated in a semi-structured interview to provide practical insights on the state of cybersecurity in supply chains operations from various industries. Their responses were analyzed based on the four stages of prediction, prevention, detection and response.
This study offers a new framework that suggests cybersecurity requires anticipatory vigilance, profiling malevolence, instantaneous response and uncompromised recovery to dealing with the cyber threats posing disruptions to supply chains.
A review on various security attacks in vehicular ad hoc networksjournalBEEI
Ad hoc vehicle networks (VANET) are being established as a primary form of mobile ad hoc networks (MANET) and a critical infrastructure to provide vehicle passengers with a wide range of safety applications. VANETs are increasingly common nowadays because it is connecting to a wide range of invisible services. The security of VANETs is paramount as their future use must not jeopardize their users' safety and privacy. The security of these VANETs is essential for the benefit of secure and effective security solutions and facilities, and uncertainty remains, and research in this field remains fast increasing. We discussed the challenges in VANET in this survey. Were vehicles and communication in VANET are efficient to ensure communication between vehicles to vehicles (V2V), vehicles to infrastructures (V2I). Clarified security concerns have been discussed, including confidentiality, authentication, integrity, availableness, and non-repudiation. We have also discussed the potential attacks on security services. According to analysis and performance evaluations, this paper shows that the ACPN is both feasible and appropriate for effective authentication in the VANET. Finally, the article found that in VANETs, encryption and authentication are critical.
Asset & Risk Management for Critical InfrastructuresSim-CI
Sim-CI, or Simulation Critical Infrastructures is a aimed at supporting and facilitating resilience of Critical Infrastructures by enabling integral network management across interconnected CI's such as utility, telecom, security and so forth. The product suite spans from dynamic network planning facilitating asset and risk management, to operational workflow management and wearables enabling Field Service Engineers to accurately and safely assess and secure a contained area of a CI/CI's whilst limit any damage on the CI and related CI's (cascading effects) by containing and restoring the network.
CNL Software IPSecurityCenter Case Studies Presentation 0113Adlan Hussain
CNL Software’s award winning PSIM technology is deployed to secure major cities, critical infrastructure and global commerce. Our solutions sit at the heart of some of the largest, most complex and ground-breaking security integration projects in the world. Our work with leading organizations is helping to shape the future of security by offering thought leadership on key issues such as asset protection, energy reduction, process compliance and business advantage.
Similar to Critical Infrastructure and Cybersecurity Transportation Sector (20)
FIA officials brutally tortured innocent and snatched 200 Bitcoins of worth 4...jamalseoexpert1978
Farman Ayaz Khattak and Ehtesham Matloob are government officials in CTW Counter terrorism wing Islamabad, in Federal Investigation Agency FIA Headquarters. CTW and FIA kidnapped crypto currency owner from Islamabad and snatched 200 Bitcoins those worth of 4 billion rupees in Pakistan currency. There is not Cryptocurrency Regulations in Pakistan & CTW is official dacoit and stealing digital assets from the innocent crypto holders and making fake cases of terrorism to keep them silent.
Best practices for project execution and deliveryCLIVE MINCHIN
A select set of project management best practices to keep your project on-track, on-cost and aligned to scope. Many firms have don't have the necessary skills, diligence, methods and oversight of their projects; this leads to slippage, higher costs and longer timeframes. Often firms have a history of projects that simply failed to move the needle. These best practices will help your firm avoid these pitfalls but they require fortitude to apply.
Top mailing list providers in the USA.pptxJeremyPeirce1
Discover the top mailing list providers in the USA, offering targeted lists, segmentation, and analytics to optimize your marketing campaigns and drive engagement.
Discover the innovative and creative projects that highlight my journey throu...dylandmeas
Discover the innovative and creative projects that highlight my journey through Full Sail University. Below, you’ll find a collection of my work showcasing my skills and expertise in digital marketing, event planning, and media production.
How to Implement a Real Estate CRM SoftwareSalesTown
To implement a CRM for real estate, set clear goals, choose a CRM with key real estate features, and customize it to your needs. Migrate your data, train your team, and use automation to save time. Monitor performance, ensure data security, and use the CRM to enhance marketing. Regularly check its effectiveness to improve your business.
3.0 Project 2_ Developing My Brand Identity Kit.pptxtanyjahb
A personal brand exploration presentation summarizes an individual's unique qualities and goals, covering strengths, values, passions, and target audience. It helps individuals understand what makes them stand out, their desired image, and how they aim to achieve it.
An introduction to the cryptocurrency investment platform Binance Savings.Any kyc Account
Learn how to use Binance Savings to expand your bitcoin holdings. Discover how to maximize your earnings on one of the most reliable cryptocurrency exchange platforms, as well as how to earn interest on your cryptocurrency holdings and the various savings choices available.
Taurus Zodiac Sign: Unveiling the Traits, Dates, and Horoscope Insights of th...my Pandit
Dive into the steadfast world of the Taurus Zodiac Sign. Discover the grounded, stable, and logical nature of Taurus individuals, and explore their key personality traits, important dates, and horoscope insights. Learn how the determination and patience of the Taurus sign make them the rock-steady achievers and anchors of the zodiac.
Recruiting in the Digital Age: A Social Media MasterclassLuanWise
In this masterclass, presented at the Global HR Summit on 5th June 2024, Luan Wise explored the essential features of social media platforms that support talent acquisition, including LinkedIn, Facebook, Instagram, X (formerly Twitter) and TikTok.
Event Report - SAP Sapphire 2024 Orlando - lots of innovation and old challengesHolger Mueller
Holger Mueller of Constellation Research shares his key takeaways from SAP's Sapphire confernece, held in Orlando, June 3rd till 5th 2024, in the Orange Convention Center.
Authentically Social by Corey Perlman - EO Puerto Rico
Critical Infrastructure and Cybersecurity Transportation Sector
1. Senza il preventivo consenso di SI-IES s.r.l. non deve essere
resa nota a terze parti ne riprodotta, sotto qualsiasi formato,
l’informazione contenuta in questa proposta
Critical Infrastructure and Cyber security
Transportation Sector
UNECE
Working Party on Transport Trends and Econoimcs
2. Diary
Trasportation Sector Analysis
Critical Infrastructures LEGAL FRAMEWORK
Interdependencies
Sustainable Strategic Path
Focus on Maritime CI
Proposed approach identified by Dual Cipp
Scenarios proposed in DUAL Cipp
Conclusion
Contact Us
-1-
3. Trasportation Sector Analysis
-2-
In our mobile society transport is a key sector of the economy and sustains over 11 million jobs in EU.
• efficiency
• safety and security
• sustainability (green transport technologies)
• Sustainable mobility
• Passenger safety and security
• Data protection and privacy
• ID management and access control
• Traffic and vehicle management
• Overload, congestion, delays
• Energy and environmental issues
• Sales, fees and charges
• Resilience management structure
CRITICALFUNCTIONS
Transportation has played a key role in the development of our society.
Several changes are affecting this sector.
The question is: are we ready for this or not?
The arrival of new technologies and services that help cities and vehicles can
reach a global value up to 2.5 Trillion per year in 2025.
The information everywhere World has opened up new opportunities to make the
existing transportation network far more efficient and user friendly.
4. Trasportation Sector Analysis
-3-
Trasportation Attacks in a Digital Age:
• Increasing dependence on technology and web-based communication has amplified cyber threaths.
• It is fundamental to protect transport infrastructures because of the rising number and increasing
complexity of cyber attacks.
• It is essential to provide reliable and safe transport infrastructure solutions and to guarantee that
transportation remains open, operating and safe for people depending on it
• Crimeware
• Cyber business/industrial
Espionage
• Insider Misuse
• Web App Attacks
• Network-damaging attempts
• Manipulation of access control
and monitoring systems
• Point-of-Sale Intrusions
• Software Errors
• Data Theft/Loss
• Payment Card Skimmers
• Denial of Service
• Natural hazards and
impairments
• Terrorism
Frequency
SECURITY THREATS
3° Target
5. Trasportation Sector Analysis
-6-
In the 2014 Cybe sec entered the top 10 gloabl risk on the Allianz risk
barometer.
More then 50% of Cyber Attacks are conducted on Country Critical
Infrastructure like electricity, water and oil and gas. 75% of the target are
industrial companies.
Most of those infrastructures were designed for resilience but never
designed with cber sec in mind.
6. -5-
Critical Infrastructure – LEGAL FRAMEWORK
Enisa Report on Cyber Sec challenges
in the Maritime Sector seems evident
that cyber threats are a growing
menace, spreading to all industry
sector that are relying on ICT systems.
Recent deliberate distruptions of
critical automatetion systems such as
stuxnet, prove that cyber attackes
have a significant impact on CI.
EU Critical Infrastructure
includes the the ocean and short
shipping ports as indicated in
the Directive 114/2008, and
concurrently critical part of the
supply chains and trasport
routes, transferring goods and
passengers.
EU PORTS:
- serve around 3,733 mln of
tons of freight flows
- 397 mln of passensger per
year
- 74% of goods entering or
leaving the EU by SEA
- 1.5 mln workers
7. Security and Emergency Management
-6-
Governance Cyber Protection Physical Protection
Security Model
Physical Protection
Identify vulnerabilities and gaps, prioritize and implement protection programs
Securing transport infrastructure in a structured consistent way.
Governance
Definition of a Security and Emergency Control Room:
Structured and consistent continuous monitoring of security events detected by a centralized
control platform for efficient monitoring and prompt decision-making process
Design of the platform according to a risk-based criteria. Identification of Relevant indicators
and sources of attack during critical cyber and physical events (e.g. potential attacks on ICS,
SCADA, navigation systems, physical access, energy systems maintenance and
management)
Advanced Analytics and Big data analysis techniques for security, that guarantee new
levels of protection and control via data sources analysis
Core- implementation
Cyber Protection
8. Security and Emergency Management
-6-
Security and Emergency
Management
Control
Governance and Management
Security Service
Infrastructure
Network
Peripherals
Analysis and
process
Control Room
a) Analysis
b) Decision making
PORT HYBRID SECURITY SYSTEMS – REAL TIME ALERT
9. Security and Emergency Management
-6-
Cybersecurity
Strategy
Cybersecurity
Assessment
Cybersecurity
Operations
Infrastructure
and business
Resilience
Networks
Assessement
Testing
Hacking
Emerging
Tech
Assessment
Security
Compliance
with API
Telco
Network
Security
Hackers recently shut down a floating oil
rig by tilting it, while another rig was so
riddled with computer malware that it
took 19 days to make it seaworthy again;
Somali pirates help choose their targets
by viewing navigational data online,
prompting ships to either turn off their
navigational devices, or fake the data so
it looks like they’re somewhere else; and
hackers infiltrated computers connected
to the Belgian port of Antwerp, located
specific containers, made off with their
smuggled drugs and deleted the records.
10. Interdependencies
-8-
The state and operation of each infrastructure is correlated to the state of other infrastructures.
Dependency of one transport system on physical material output, transmission of information, local environmental effects,
operations of other transport systems of infrastructures.
[Physical, cyber, geographical, functional dependencis]
Risk assessment methodologies must take into account cross-sectoral dependencies and events that could affect simultaneously
several infrastructures.
Cascading effects
Cyberattacks could damage
port operations for weeks
or months, thereby
dramatically affecting trade
and commerce,
11. Sustainable Strategic Path
-10-
SECURITY PROFESSIONAL
SERVICES
SUSTAINABLE STRATEGIC PATH
CYBER INTELLIGENCE
PRODUCTS
Multi-expertise and knowledge
towards sophisticated analytic
tools
and enhanced protection
functionalities
Design of advanced security
systems – Intelligent Security
Platform
Updating, tailored and
coordinated solutions
CULTURE, ROLES, DUTIES
AND RESPONSIBILITIES
Distribution of responsabilities,
Interaction among relevant
bodies on national and
European scale,
Information sharing
GOVERNANCE AND
POLICY ROADMAP
Short, medium and long time
planning
-People
-Process
-Technology
12. Focus on Maritime CI
-10-
Ports
Physical
Cyber
Terminal
Operating
Systems
Industrial Control
Systems
Business
Operation
Systems
Access control
and monitoring
systemsPromotion of an innovative physical/cyber
intelligence solution will allow different
stakeholders active in port operations to
cooperate in managing the physicial and
cyber sec threats
The relevant legislation on port sec
is the ISPS Code (EU/725/2004 and
EU/65/2010) – Port Sec Plan
managed by Port Sec Officer – Port
Facility Sec Officer
14. PROPOSED APPROACH – IDENTIFIED BY DUAL CIPP
-10-
Maritime Security Plans do not fully
address cyber sec related threats,
vulnerability and other
considertions and the ports that
carried out a cyber security and
vulnerability assessment are
EXTREMELY LIMITED
Definition of competencees: The
coast guard officials are in charge
for the management of the VTS and
not for the cyebr threats
Physical intervention /
improvements: Need to provide
physical interventions like Fiber
optic cable installation
Organizzation: Institution of a Port
Coordination Center, Security
mainteinance programme,
Process:
Cyber Incident response plan
Human Capital:
Cyber sec training
Institution / Stakeholders:
Lack of Cyber sec awarness and
culture
Public Private Partnership
HYBRID PORT
DUAL CIPP PROJECT – SUBMITTED BY AN INTERNATIONAL CONSORTOIUM
COMPOSED BY 7 MS in the framework of H2020 CIP Call
15. SCENARIOS PROPOSED IN DUAL CIPP
-10-
Scenarios Events
Cyber attacks on logistic
transportation
Event 1: sending a PDF document to a key user that from a user’s perspective contains some
interesting data. However, opening this PDF triggers the execution of an attached exploit (for
a publicly known vulnerability in Adobe Reader) that silently installs a remote access service
on the computer .
Event 2: the hackers handle to get access to more sophisticated attack tools capable of
identifying and exploiting vulnerabilities that pertain to the in-vehicle communication
interfaces, e.g., mobile communications, near field communications, wireless sensor
networks, etc.
Event 3: engage into malicious activities spanning from simple phishing attacks (targeting
port authorities and key employees)
Event 4: the hackers exploit vulnerabilities in the surveillance system of the port that controls
the CCTV video cameras in order to gain access and delete video streams that show their
malicious activities.
16. CONCLUSIONS
-10-
NEED TO ADDRESS cyber vulnerabilities in the framework of the Maritime. These
potential vulnerabilities include limited cybersecurity training and preparedness
(human capital), errors in software (BUG), protection of commercial technologies,
network connectivity and interdependencies, foreign dependencies, global positioning
system jamming-spoofing.
A cyber attack on networks at a port or aboard a ship could generate
Lost cargo, port disruptions, Physical and environmental damage.
Several mitigation measures can increase the security and resiliency of ports: setting up
maritime cybersecurity standards, sharing information across the sector, conducting
routine vulnerability assessments, using best practices, mitigating insider threats, and
developing contingency plans for cyber attacks.
Knowledge is power - Francis Bacon
17. Contact Us
-12-
Director
European Services Institute
SI-IES s.r.l.
Sito web: www.si-ies.it
Andrea Chiappetta
e-mail a.chiappetta@si-ies.it
SI-Istituto Europeo Servizi S.r.l. European Services Institute – Sede Legale:Via Elio Lampridio Cerva 87/A 00143 Roma
THANK YOU
for your attention