SlideShare a Scribd company logo

Cyber Sec Project Proposal

Chris Young
Chris Young

This document proposes a project to create educational materials about maritime cyber security risks. It aims to educate non-technical maritime industry employees through videos and guides. A working group of industry experts will identify common risks and vulnerabilities and distill technical knowledge into practical advice. Their findings will be given to creative specialists to develop engaging media. The goal is to widely disseminate knowledge to help detect, prevent, and respond to cyber threats and reduce companies' exposure. The project seeks funding and industry partners to collaborate and share the production costs.

1 of 7
Download to read offline
INSERT NEW COVER IMAGE Business Plan
People are part of complex systems in the maritime environment; they inter- act with one another and computer systems in both creative and destructive ways. At every intersection of human and machine there is the possibility for error, manipulation, coercion or sedition.” - The Future of Maritime Cyber Security - Lan- caster University IT systems are crucial to the safe and efficient operation of modern vessels and to the functioning of the maritime industry in general. Increasingly complex systems enable a host of essential maritime operations, from navigation and propulsion to freight manage- ment and traffic control. Onboard systems include GPS, DP, AIS, ECDIS, Radar, autopilot etc. and control sys- tems for ballast, stability, engine and propulsion control, cargo handling etc. Advances in satellite technology mean these previously remote onboard systems are in- creasingly likely to have a permanent internet connection, with the potential for any device onboard the vessel to become a node of the on-shore corporate IT network. The 24hr availability of email, web browsers, cloud storage, network access, smartphones and the challenges of 'BYOD' all add to the complexities and the vulnerable gateways to our data. In addition to the equipment onboard vessels, there are similarly vulnerable systems lo- cated in ports, VTS centres, offshore installations, operators and manager’s offices and in numerous maritime support businesses and organisations. There are considerable risks to the safety and security of vessels, the security and reputa- tion of the owners and operators and risks to the movement of world trade should mari- time corporate IT networks become compromised. The act of compromise can be either deliberate and criminal, or unforeseen and accidental. Either way, the results can be equally widespread and potentially disasterous.
The IMO propose that the subject be tackled using a process of Cyber Risk Management (CRM), covering safety, security and operational risks under one umbrella. This pro- ject will approach the subject from a similar viewpoint. Aims To mitigate the risk of exposure to cyber-vulnerabilities (deliberate or otherwise) by edu- cating those who have access to exposed IT systems and infrastructure, both onboard and shoreside. This will be achieved by giving a non-technical audience the knowledge to understand the risks, to know what to do to protect against these risks and what to do in response to a direct threat. During the development of this resource, the participating parties will form a working group to learn from the knowledge and experiences of each other to enhance their own internal procedures and systems for implementing a successful corporate CRM strategy. The final public output of the project will be to give practical guidance and advice on ‘Best Practices’ to those who may not have an IT background or training, enabling those at the sharp end to better support the work of the IT department in protecting the corporate net- work. For most companies, the greatest threat comes from the naivety of their own employees, on ship and shore. Awareness and good procedures can dramatically reduce the risk." - The Navigator, June 2016 Achieving the aims To achieve the stated aim, the working group will gather the latest in technical, security and behavioural knowledge and information and distil this into a series of practical ‘takeaways’ that can be easily understood and put into practice by a non-technical audi- ence. Fidra will then work with the creative team to create either a single film, or a series of ‘shorts’, that illustrate these points in a way that is both educational and entertaining to watch. It is only by achieving the second of these two goals that we have the greatest chance of the films being widely shared and the knowledge widely disseminated. If we are successful, the exposure will extend beyond the maritime industry. Fidra will work with the partners in the project and the maritime media outlets to ensure that as much publicity as possible is generated on release, using all available channels. Supporting materials could also be produced if these were felt to be of further benefit, in the form of guide notes and ‘best practice’ leaflets and posters (distributed as PDF docu- ments).
Project structure The biggest risk is from employees using computer-based systems since security prevention mechanisms within the network itself are rarely imple- mented in the mistaken belief that perimeter defences are all that is required.” - Maritime Cyber Security White Paper - ESC Global Security The project will be developed by a working group consisting of a small number of interest- ed parties, primarily but not necessarily exclusively from the maritime domain. Led by Fid- ra, the group will assemble a body of technical knowledge and best practices that will then be handed over to a team of behavioural and creative specialists. A primary feature of this project is its collaborative nature, the sharing of information and ideas for the benefit of the group (internally/privately where deemed appropriate) and for the wider maritime community on release of the resource. The technical working group will be tasked with:  Assembling a body of reference materials and resources pertinent to the subject matter.  Identifying the most commonly encountered risks and vulnerabilities and those that have the greatest potential to cause damage.  Creating clear and unambiguous advice for a non-technical audience on ways to de- tect the presence of a risk, whether this be deliberate criminal activity or an internal system failure.  Creating clear advice suitable for a non-technical audience on appropriate measures to take in response to the presence of a potential threat to protect the network.  Collating a list of ‘Best Practices’ that should be adopted by all those with access to the corporate IT infrastructure.  Discussing and sharing, although not necessarily publicly disseminating, internal procedures and IT system defence policies and Best Practices from a more tech- nical perspective (suitable for corporate IT and security teams and management). The above is subject to discussion and amendment but is a logical starting point. Budget The budget is yet to be defined, but will be agreed upon by all parties to the project prior to commissioning the creative team. The cost will be shared amongst those involved. Fidra will not seek to sell or otherwise monetise the project following release, with the aim of achieving as widespread distribution as possible. This is the reason that the develop- ment, production and distribution budget must be raised from industry partners. However, if the loss, damage, or liability was caused either directly or indi- rectly by the use of a computer and its associated systems and software “as a means of inflicting harm,” such loss, damage, or liability would be excluded from coverage.” - Marsh & McLennan report
Fidra are in the process of encouraging a ‘headline sponsor’ who has an interest in raising their profile within the maritime industry. This business or organisation may be less in- volved with the creation of the content but will cover a significant proportion of the produc- tion budget in return for the publicity generated by the release of the film(s). With the sponsorship contribution it is envisaged that individual partners will invest somewhere in the region of £5k (+VAT) each. ESC Global Security recommends that companies operating in the maritime industries put cyber security awareness training at the top of the agenda for users of technology and computer resources. This is one of the most effective ways of reducing a company's exposure to cyber security threats and increases both detection and incident response at the same time.” - Maritime Cyber Security White Paper - ESC Global Security While we are acutely aware of the financial position of many businesses in the maritime sector in these challenging times, we must be aware of the need to balance prudence with the ability to be creative and produce an effective resource. If the budget is too high, the project will languish as an idea that never came to fruition. If the budget is too low, we will be limited in what we can do and may fail our objectives by producing ‘just another training film’. For those looking to get internal budget sign-off, it may help to spread the cost across HSEQ, Risk Management, IT and Marketing Dept. budgets, as each department stand to benefit. The sum invested in this project could be recouped if just one cyber-attack or fail- ure can be avoided. It might be argued that the relatively low public profile of most marine busi- nesses means they are less likely to be the subject of a cyber-attack than fi- nancial institutions, energy companies, public utilities, or airlines. That may be the case, but nevertheless, the threat is real, and the results of a successful attack could be catastrophic. Certainly, the lack of any inbuilt encryption or authentication code in the critical systems used for navigation on board ship means that shipping could be seen as a soft target, and that perception alone could be enough to pro- voke an attack.” - Marsh & McLennan report
Resources & references Hackers working with a drug smuggling gang infiltrated the computerized cargo tracking system of the Port of Antwerp to identify the shipping con- tainers in which consignments of drugs had been hidden. The gang then drove the containers from the port, retrieved the drugs and covered their tracks. The criminal activity continued for a two-year period from June 2011, until it was stopped by joint action by Belgium and Dutch police. Cyber criminals will continue to do the unexpected, and the nature of attacks of this sort will evolve.” - Marsh & McLennan report IMO document MSC 96/4/1 (4th Feb 2016): Measures to enhance maritime security - Guidelines for Cyber risk management - SOURCE IMO document MSC 96/4/2 (9th Feb 2016): Measures to enhance maritime security - Guidelines for Cyber risk management - SOURCE IMO document MSC 96/4/5 (8th March 2016): Measures to enhance maritime securi- ty - Measures aimed at improving cybersecurity on ships - SOURCE IMO document MSC 96/INF.4: Measures aimed at improving cybersecurity on a ship - SOURCE BIMCO: The Guidelines on Cyber Security Onboard Ships - SOURCE United States National Institute of Standards and Technology's Framework for Im- proving Critical Infrastructure Security (the NIST Framework) - SOURCE ENISA (European Network and Information Security Agency): Analysis of cyber se- curity aspects in the maritime sector (Nov 2011) - SOURCE Lancaster University: The Future of Maritime Cyber Security - SOURCE Marsh & Mclennan report: The risk of cyber-attack to the maritime industry – SOURCE NCC Group: Maritime cyber security: Threats & Opportunities - SOURCE ESCGS: Maritime Cyber Security White Paper - SOURCE AMMITEC: Cyber Security Awareness Guidelines - SOURCE The Navigator: June 2016 issue – SOURCE ABS: The application of cyber-security principles to marine and offshore opera- tions - SOURCE
Contact details Interested parties should in the first instance contact Chris Young: Chris Young MNI Executive Producer Fidra Films Tel: +44 (0)7500 906 220 chris@fidragroup.com ... it is important that security procedures and processes are in place so that opera- tors know how to identify a potential security threat or have been trained to re- spond when a cyber attack is in process. Cyberspace was once just a way to communicate but now pretty much everything de- pends on it. Our critical infrastructures for energy, healthcare, banking, transportation and water are dependent on how well we protect and secure the systems and the data that controls them.” - Maritime Cyber Security White Paper - ESC Global Security Fidra Films is a trading name of Fidra Group Ltd, a company registered in England and Wales No. 9864419, VAT Reg. No. 232197420 Project partners To become a partner in this ground breaking project please contact us directly. See below for details. For reasons of project scale and collaborative logistics, places are strictly limited and will be offered on a first come first served basis.

Recommended

The Essentials | Privileged Access Management
The Essentials | Privileged Access ManagementThe Essentials | Privileged Access Management
The Essentials | Privileged Access Management
Ryan Gallavin
 
AWS Webcast - High Availability with Route 53 DNS Failover
AWS Webcast - High Availability with Route 53 DNS FailoverAWS Webcast - High Availability with Route 53 DNS Failover
AWS Webcast - High Availability with Route 53 DNS Failover
Amazon Web Services
 
Serverless CQRS in Azure!
Serverless CQRS in Azure!Serverless CQRS in Azure!
Serverless CQRS in Azure!
BizTalk360
 
AWSでアプリ開発するなら 知っておくべこと
AWSでアプリ開発するなら 知っておくべことAWSでアプリ開発するなら 知っておくべこと
AWSでアプリ開発するなら 知っておくべこと
Keisuke Nishitani
 
Session 3 - i4Trust components for Identity Management and Access Control i4T...
Session 3 - i4Trust components for Identity Management and Access Control i4T...Session 3 - i4Trust components for Identity Management and Access Control i4T...
Session 3 - i4Trust components for Identity Management and Access Control i4T...
FIWARE
 
Introducing AWS Fargate
Introducing AWS FargateIntroducing AWS Fargate
Introducing AWS Fargate
Amazon Web Services
 
Elastic APM:ログとメトリックから全体像を描き出す
Elastic APM:ログとメトリックから全体像を描き出すElastic APM:ログとメトリックから全体像を描き出す
Elastic APM:ログとメトリックから全体像を描き出す
Elasticsearch
 
EC2でkeepalived+LVS(DSR)
EC2でkeepalived+LVS(DSR)EC2でkeepalived+LVS(DSR)
EC2でkeepalived+LVS(DSR)Sugawara Genki
 

Recommended

The Essentials | Privileged Access Management
The Essentials | Privileged Access ManagementThe Essentials | Privileged Access Management
The Essentials | Privileged Access Management
Ryan Gallavin
 
AWS Webcast - High Availability with Route 53 DNS Failover
AWS Webcast - High Availability with Route 53 DNS FailoverAWS Webcast - High Availability with Route 53 DNS Failover
AWS Webcast - High Availability with Route 53 DNS Failover
Amazon Web Services
 
Serverless CQRS in Azure!
Serverless CQRS in Azure!Serverless CQRS in Azure!
Serverless CQRS in Azure!
BizTalk360
 
AWSでアプリ開発するなら 知っておくべこと
AWSでアプリ開発するなら 知っておくべことAWSでアプリ開発するなら 知っておくべこと
AWSでアプリ開発するなら 知っておくべこと
Keisuke Nishitani
 
Session 3 - i4Trust components for Identity Management and Access Control i4T...
Session 3 - i4Trust components for Identity Management and Access Control i4T...Session 3 - i4Trust components for Identity Management and Access Control i4T...
Session 3 - i4Trust components for Identity Management and Access Control i4T...
FIWARE
 
Introducing AWS Fargate
Introducing AWS FargateIntroducing AWS Fargate
Introducing AWS Fargate
Amazon Web Services
 
Elastic APM:ログとメトリックから全体像を描き出す
Elastic APM:ログとメトリックから全体像を描き出すElastic APM:ログとメトリックから全体像を描き出す
Elastic APM:ログとメトリックから全体像を描き出す
Elasticsearch
 
EC2でkeepalived+LVS(DSR)
EC2でkeepalived+LVS(DSR)EC2でkeepalived+LVS(DSR)
EC2でkeepalived+LVS(DSR)Sugawara Genki
 
20210526 AWS Expert Online マルチアカウント管理の基本
20210526 AWS Expert Online マルチアカウント管理の基本20210526 AWS Expert Online マルチアカウント管理の基本
20210526 AWS Expert Online マルチアカウント管理の基本
Amazon Web Services Japan
 
(NET405) Build a Remote Access VPN Solution on AWS
(NET405) Build a Remote Access VPN Solution on AWS(NET405) Build a Remote Access VPN Solution on AWS
(NET405) Build a Remote Access VPN Solution on AWS
Amazon Web Services
 
AWS WAF のマネージドルールって結局どれを選べばいいの?
AWS WAF のマネージドルールって結局どれを選べばいいの?AWS WAF のマネージドルールって結局どれを選べばいいの?
AWS WAF のマネージドルールって結局どれを選べばいいの?
YOJI WATANABE
 
Build real-time streaming data pipelines to AWS with Confluent
Build real-time streaming data pipelines to AWS with ConfluentBuild real-time streaming data pipelines to AWS with Confluent
Build real-time streaming data pipelines to AWS with Confluent
confluent
 
금융 서비스 패러다임의 전환 가속화 시대, 신한금융투자의 Cloud First 전략 - 신중훈 AWS 솔루션즈 아키텍트 / 최성봉 클라우...
금융 서비스 패러다임의 전환 가속화 시대, 신한금융투자의 Cloud First 전략 - 신중훈 AWS 솔루션즈 아키텍트 / 최성봉 클라우...금융 서비스 패러다임의 전환 가속화 시대, 신한금융투자의 Cloud First 전략 - 신중훈 AWS 솔루션즈 아키텍트 / 최성봉 클라우...
금융 서비스 패러다임의 전환 가속화 시대, 신한금융투자의 Cloud First 전략 - 신중훈 AWS 솔루션즈 아키텍트 / 최성봉 클라우...
Amazon Web Services Korea
 
[AKIBA.AWS] NLBとPrivateLinkの仕様に立ち向かう
[AKIBA.AWS] NLBとPrivateLinkの仕様に立ち向かう[AKIBA.AWS] NLBとPrivateLinkの仕様に立ち向かう
[AKIBA.AWS] NLBとPrivateLinkの仕様に立ち向かう
Shuji Kikuchi
 
Swift 7.2 & Customer Security: Providing choice, flexibility and control.
Swift 7.2 & Customer Security: Providing choice, flexibility and control. Swift 7.2 & Customer Security: Providing choice, flexibility and control.
Swift 7.2 & Customer Security: Providing choice, flexibility and control.
Nancy Hernandez
 
2016 06 - design your api management strategy - axway - Api Management
2016 06 - design your api management strategy - axway - Api Management2016 06 - design your api management strategy - axway - Api Management
2016 06 - design your api management strategy - axway - Api Management
SmartWave
 
NQA - ISO 27001 Implementation Guide
NQA - ISO 27001 Implementation GuideNQA - ISO 27001 Implementation Guide
NQA - ISO 27001 Implementation Guide
NA Putra
 
Architecture Patterns for Multi-Region Active-Active Applications (ARC209-R2)...
Architecture Patterns for Multi-Region Active-Active Applications (ARC209-R2)...Architecture Patterns for Multi-Region Active-Active Applications (ARC209-R2)...
Architecture Patterns for Multi-Region Active-Active Applications (ARC209-R2)...
Amazon Web Services
 
Running Containers Without Servers: Introduction to AWS Fargate - SRV214 - At...
Running Containers Without Servers: Introduction to AWS Fargate - SRV214 - At...Running Containers Without Servers: Introduction to AWS Fargate - SRV214 - At...
Running Containers Without Servers: Introduction to AWS Fargate - SRV214 - At...
Amazon Web Services
 
OSMC 2021 | Introduction into OpenSearch
OSMC 2021 | Introduction into OpenSearchOSMC 2021 | Introduction into OpenSearch
OSMC 2021 | Introduction into OpenSearch
NETWAYS
 
Amazon Connect ハンズオン初級編
Amazon Connect ハンズオン初級編Amazon Connect ハンズオン初級編
Amazon Connect ハンズオン初級編
Amazon Web Services Japan
 
Bootcamp: Getting Started on AWS
Bootcamp: Getting Started on AWSBootcamp: Getting Started on AWS
Bootcamp: Getting Started on AWS
Amazon Web Services
 
Cost efficiencies and security best practices with Amazon S3 storage - STG301...
Cost efficiencies and security best practices with Amazon S3 storage - STG301...Cost efficiencies and security best practices with Amazon S3 storage - STG301...
Cost efficiencies and security best practices with Amazon S3 storage - STG301...
Amazon Web Services
 
AWS IAM과 친해지기 – 조이정, AWS 솔루션즈 아키텍트:: AWS Builders Online Series
AWS IAM과 친해지기 – 조이정, AWS 솔루션즈 아키텍트:: AWS Builders Online Series AWS IAM과 친해지기 – 조이정, AWS 솔루션즈 아키텍트:: AWS Builders Online Series
AWS IAM과 친해지기 – 조이정, AWS 솔루션즈 아키텍트:: AWS Builders Online Series
Amazon Web Services Korea
 
Advanced API Security
Advanced API SecurityAdvanced API Security
Advanced API Security
Prabath Siriwardena
 
AWS入門!!
AWS入門!!AWS入門!!
AWS入門!!
Wataru NOGUCHI
 
20191016 AWS Black Belt Online Seminar Amazon Route 53 Resolver
20191016 AWS Black Belt Online Seminar Amazon Route 53 Resolver20191016 AWS Black Belt Online Seminar Amazon Route 53 Resolver
20191016 AWS Black Belt Online Seminar Amazon Route 53 Resolver
Amazon Web Services Japan
 
15分でわかるAWSクラウドで オンプレ以上のセキュリティを実現できる理由
15分でわかるAWSクラウドで オンプレ以上のセキュリティを実現できる理由15分でわかるAWSクラウドで オンプレ以上のセキュリティを実現できる理由
15分でわかるAWSクラウドで オンプレ以上のセキュリティを実現できる理由Yasuhiro Horiuchi
 
Airport security 2013 john mc carthy
Airport security 2013 john mc carthyAirport security 2013 john mc carthy
Airport security 2013 john mc carthy
Russell Publishing
 
Unit 7 Assignment Group Assignment – Risk Analysis and Ident
Unit 7 Assignment Group Assignment – Risk Analysis and IdentUnit 7 Assignment Group Assignment – Risk Analysis and Ident
Unit 7 Assignment Group Assignment – Risk Analysis and Ident
corbing9ttj
 

More Related Content

What's hot

20210526 AWS Expert Online マルチアカウント管理の基本
20210526 AWS Expert Online マルチアカウント管理の基本20210526 AWS Expert Online マルチアカウント管理の基本
20210526 AWS Expert Online マルチアカウント管理の基本
Amazon Web Services Japan
 
(NET405) Build a Remote Access VPN Solution on AWS
(NET405) Build a Remote Access VPN Solution on AWS(NET405) Build a Remote Access VPN Solution on AWS
(NET405) Build a Remote Access VPN Solution on AWS
Amazon Web Services
 
AWS WAF のマネージドルールって結局どれを選べばいいの?
AWS WAF のマネージドルールって結局どれを選べばいいの?AWS WAF のマネージドルールって結局どれを選べばいいの?
AWS WAF のマネージドルールって結局どれを選べばいいの?
YOJI WATANABE
 
Build real-time streaming data pipelines to AWS with Confluent
Build real-time streaming data pipelines to AWS with ConfluentBuild real-time streaming data pipelines to AWS with Confluent
Build real-time streaming data pipelines to AWS with Confluent
confluent
 
금융 서비스 패러다임의 전환 가속화 시대, 신한금융투자의 Cloud First 전략 - 신중훈 AWS 솔루션즈 아키텍트 / 최성봉 클라우...
금융 서비스 패러다임의 전환 가속화 시대, 신한금융투자의 Cloud First 전략 - 신중훈 AWS 솔루션즈 아키텍트 / 최성봉 클라우...금융 서비스 패러다임의 전환 가속화 시대, 신한금융투자의 Cloud First 전략 - 신중훈 AWS 솔루션즈 아키텍트 / 최성봉 클라우...
금융 서비스 패러다임의 전환 가속화 시대, 신한금융투자의 Cloud First 전략 - 신중훈 AWS 솔루션즈 아키텍트 / 최성봉 클라우...
Amazon Web Services Korea
 
[AKIBA.AWS] NLBとPrivateLinkの仕様に立ち向かう
[AKIBA.AWS] NLBとPrivateLinkの仕様に立ち向かう[AKIBA.AWS] NLBとPrivateLinkの仕様に立ち向かう
[AKIBA.AWS] NLBとPrivateLinkの仕様に立ち向かう
Shuji Kikuchi
 
Swift 7.2 & Customer Security: Providing choice, flexibility and control.
Swift 7.2 & Customer Security: Providing choice, flexibility and control. Swift 7.2 & Customer Security: Providing choice, flexibility and control.
Swift 7.2 & Customer Security: Providing choice, flexibility and control.
Nancy Hernandez
 
2016 06 - design your api management strategy - axway - Api Management
2016 06 - design your api management strategy - axway - Api Management2016 06 - design your api management strategy - axway - Api Management
2016 06 - design your api management strategy - axway - Api Management
SmartWave
 
NQA - ISO 27001 Implementation Guide
NQA - ISO 27001 Implementation GuideNQA - ISO 27001 Implementation Guide
NQA - ISO 27001 Implementation Guide
NA Putra
 
Architecture Patterns for Multi-Region Active-Active Applications (ARC209-R2)...
Architecture Patterns for Multi-Region Active-Active Applications (ARC209-R2)...Architecture Patterns for Multi-Region Active-Active Applications (ARC209-R2)...
Architecture Patterns for Multi-Region Active-Active Applications (ARC209-R2)...
Amazon Web Services
 
Running Containers Without Servers: Introduction to AWS Fargate - SRV214 - At...
Running Containers Without Servers: Introduction to AWS Fargate - SRV214 - At...Running Containers Without Servers: Introduction to AWS Fargate - SRV214 - At...
Running Containers Without Servers: Introduction to AWS Fargate - SRV214 - At...
Amazon Web Services
 
OSMC 2021 | Introduction into OpenSearch
OSMC 2021 | Introduction into OpenSearchOSMC 2021 | Introduction into OpenSearch
OSMC 2021 | Introduction into OpenSearch
NETWAYS
 
Amazon Connect ハンズオン初級編
Amazon Connect ハンズオン初級編Amazon Connect ハンズオン初級編
Amazon Connect ハンズオン初級編
Amazon Web Services Japan
 
Bootcamp: Getting Started on AWS
Bootcamp: Getting Started on AWSBootcamp: Getting Started on AWS
Bootcamp: Getting Started on AWS
Amazon Web Services
 
Cost efficiencies and security best practices with Amazon S3 storage - STG301...
Cost efficiencies and security best practices with Amazon S3 storage - STG301...Cost efficiencies and security best practices with Amazon S3 storage - STG301...
Cost efficiencies and security best practices with Amazon S3 storage - STG301...
Amazon Web Services
 
AWS IAM과 친해지기 – 조이정, AWS 솔루션즈 아키텍트:: AWS Builders Online Series
AWS IAM과 친해지기 – 조이정, AWS 솔루션즈 아키텍트:: AWS Builders Online Series AWS IAM과 친해지기 – 조이정, AWS 솔루션즈 아키텍트:: AWS Builders Online Series
AWS IAM과 친해지기 – 조이정, AWS 솔루션즈 아키텍트:: AWS Builders Online Series
Amazon Web Services Korea
 
Advanced API Security
Advanced API SecurityAdvanced API Security
Advanced API Security
Prabath Siriwardena
 
AWS入門!!
AWS入門!!AWS入門!!
AWS入門!!
Wataru NOGUCHI
 
20191016 AWS Black Belt Online Seminar Amazon Route 53 Resolver
20191016 AWS Black Belt Online Seminar Amazon Route 53 Resolver20191016 AWS Black Belt Online Seminar Amazon Route 53 Resolver
20191016 AWS Black Belt Online Seminar Amazon Route 53 Resolver
Amazon Web Services Japan
 
15分でわかるAWSクラウドで オンプレ以上のセキュリティを実現できる理由
15分でわかるAWSクラウドで オンプレ以上のセキュリティを実現できる理由15分でわかるAWSクラウドで オンプレ以上のセキュリティを実現できる理由
15分でわかるAWSクラウドで オンプレ以上のセキュリティを実現できる理由Yasuhiro Horiuchi
 

What's hot (20)

20210526 AWS Expert Online マルチアカウント管理の基本
20210526 AWS Expert Online マルチアカウント管理の基本20210526 AWS Expert Online マルチアカウント管理の基本
20210526 AWS Expert Online マルチアカウント管理の基本
 
(NET405) Build a Remote Access VPN Solution on AWS
(NET405) Build a Remote Access VPN Solution on AWS(NET405) Build a Remote Access VPN Solution on AWS
(NET405) Build a Remote Access VPN Solution on AWS
 
AWS WAF のマネージドルールって結局どれを選べばいいの?
AWS WAF のマネージドルールって結局どれを選べばいいの?AWS WAF のマネージドルールって結局どれを選べばいいの?
AWS WAF のマネージドルールって結局どれを選べばいいの?
 
Build real-time streaming data pipelines to AWS with Confluent
Build real-time streaming data pipelines to AWS with ConfluentBuild real-time streaming data pipelines to AWS with Confluent
Build real-time streaming data pipelines to AWS with Confluent
 
금융 서비스 패러다임의 전환 가속화 시대, 신한금융투자의 Cloud First 전략 - 신중훈 AWS 솔루션즈 아키텍트 / 최성봉 클라우...
금융 서비스 패러다임의 전환 가속화 시대, 신한금융투자의 Cloud First 전략 - 신중훈 AWS 솔루션즈 아키텍트 / 최성봉 클라우...금융 서비스 패러다임의 전환 가속화 시대, 신한금융투자의 Cloud First 전략 - 신중훈 AWS 솔루션즈 아키텍트 / 최성봉 클라우...
금융 서비스 패러다임의 전환 가속화 시대, 신한금융투자의 Cloud First 전략 - 신중훈 AWS 솔루션즈 아키텍트 / 최성봉 클라우...
 
[AKIBA.AWS] NLBとPrivateLinkの仕様に立ち向かう
[AKIBA.AWS] NLBとPrivateLinkの仕様に立ち向かう[AKIBA.AWS] NLBとPrivateLinkの仕様に立ち向かう
[AKIBA.AWS] NLBとPrivateLinkの仕様に立ち向かう
 
Swift 7.2 & Customer Security: Providing choice, flexibility and control.
Swift 7.2 & Customer Security: Providing choice, flexibility and control. Swift 7.2 & Customer Security: Providing choice, flexibility and control.
Swift 7.2 & Customer Security: Providing choice, flexibility and control.
 
2016 06 - design your api management strategy - axway - Api Management
2016 06 - design your api management strategy - axway - Api Management2016 06 - design your api management strategy - axway - Api Management
2016 06 - design your api management strategy - axway - Api Management
 
NQA - ISO 27001 Implementation Guide
NQA - ISO 27001 Implementation GuideNQA - ISO 27001 Implementation Guide
NQA - ISO 27001 Implementation Guide
 
Architecture Patterns for Multi-Region Active-Active Applications (ARC209-R2)...
Architecture Patterns for Multi-Region Active-Active Applications (ARC209-R2)...Architecture Patterns for Multi-Region Active-Active Applications (ARC209-R2)...
Architecture Patterns for Multi-Region Active-Active Applications (ARC209-R2)...
 
Running Containers Without Servers: Introduction to AWS Fargate - SRV214 - At...
Running Containers Without Servers: Introduction to AWS Fargate - SRV214 - At...Running Containers Without Servers: Introduction to AWS Fargate - SRV214 - At...
Running Containers Without Servers: Introduction to AWS Fargate - SRV214 - At...
 
OSMC 2021 | Introduction into OpenSearch
OSMC 2021 | Introduction into OpenSearchOSMC 2021 | Introduction into OpenSearch
OSMC 2021 | Introduction into OpenSearch
 
Amazon Connect ハンズオン初級編
Amazon Connect ハンズオン初級編Amazon Connect ハンズオン初級編
Amazon Connect ハンズオン初級編
 
Bootcamp: Getting Started on AWS
Bootcamp: Getting Started on AWSBootcamp: Getting Started on AWS
Bootcamp: Getting Started on AWS
 
Cost efficiencies and security best practices with Amazon S3 storage - STG301...
Cost efficiencies and security best practices with Amazon S3 storage - STG301...Cost efficiencies and security best practices with Amazon S3 storage - STG301...
Cost efficiencies and security best practices with Amazon S3 storage - STG301...
 
AWS IAM과 친해지기 – 조이정, AWS 솔루션즈 아키텍트:: AWS Builders Online Series
AWS IAM과 친해지기 – 조이정, AWS 솔루션즈 아키텍트:: AWS Builders Online Series AWS IAM과 친해지기 – 조이정, AWS 솔루션즈 아키텍트:: AWS Builders Online Series
AWS IAM과 친해지기 – 조이정, AWS 솔루션즈 아키텍트:: AWS Builders Online Series
 
Advanced API Security
Advanced API SecurityAdvanced API Security
Advanced API Security
 
AWS入門!!
AWS入門!!AWS入門!!
AWS入門!!
 
20191016 AWS Black Belt Online Seminar Amazon Route 53 Resolver
20191016 AWS Black Belt Online Seminar Amazon Route 53 Resolver20191016 AWS Black Belt Online Seminar Amazon Route 53 Resolver
20191016 AWS Black Belt Online Seminar Amazon Route 53 Resolver
 
15分でわかるAWSクラウドで オンプレ以上のセキュリティを実現できる理由
15分でわかるAWSクラウドで オンプレ以上のセキュリティを実現できる理由15分でわかるAWSクラウドで オンプレ以上のセキュリティを実現できる理由
15分でわかるAWSクラウドで オンプレ以上のセキュリティを実現できる理由
 

Similar to Cyber Sec Project Proposal

Airport security 2013 john mc carthy
Airport security 2013 john mc carthyAirport security 2013 john mc carthy
Airport security 2013 john mc carthy
Russell Publishing
 
Unit 7 Assignment Group Assignment – Risk Analysis and Ident
Unit 7 Assignment Group Assignment – Risk Analysis and IdentUnit 7 Assignment Group Assignment – Risk Analysis and Ident
Unit 7 Assignment Group Assignment – Risk Analysis and Ident
corbing9ttj
 
SECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docx
SECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docxSECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docx
SECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docx
bagotjesusa
 
CANSO-Safety_Cybersecurity-Risk-Assessment-Guide-2023.pdf
CANSO-Safety_Cybersecurity-Risk-Assessment-Guide-2023.pdfCANSO-Safety_Cybersecurity-Risk-Assessment-Guide-2023.pdf
CANSO-Safety_Cybersecurity-Risk-Assessment-Guide-2023.pdf
walterzamprogno1
 
Maritime Cyber Security-Κυβερνοασφάλεια και Ναυτιλία
Maritime Cyber Security-Κυβερνοασφάλεια και ΝαυτιλίαMaritime Cyber Security-Κυβερνοασφάλεια και Ναυτιλία
Maritime Cyber Security-Κυβερνοασφάλεια και Ναυτιλία
Papadakis K.-Cyber-Information Warfare Analyst & Cyber Defense/Security Consultant-Hellenic MoD
 
Cyber-insurance and liability caps proposed as incentives by Department of Co...
Cyber-insurance and liability caps proposed as incentives by Department of Co...Cyber-insurance and liability caps proposed as incentives by Department of Co...
Cyber-insurance and liability caps proposed as incentives by Department of Co...
David Sweigert
 
Get Ahead of Cyber Security by Tiffy Issac, Partner EY India
Get Ahead of Cyber Security by Tiffy Issac, Partner EY IndiaGet Ahead of Cyber Security by Tiffy Issac, Partner EY India
Get Ahead of Cyber Security by Tiffy Issac, Partner EY India
Rahul Neel Mani
 
AGEOS Infrastructure Cyber Security White Paper
AGEOS Infrastructure Cyber Security White PaperAGEOS Infrastructure Cyber Security White Paper
AGEOS Infrastructure Cyber Security White Paper
Mestizo Enterprises
 
Insa cyber intelligence 2011
Insa cyber intelligence 2011Insa cyber intelligence 2011
Insa cyber intelligence 2011
Mousselmal Tarik
 
Journal of Business Continuity & Emergency Planning Volume 7 N.docx
Journal of Business Continuity & Emergency Planning Volume 7 N.docxJournal of Business Continuity & Emergency Planning Volume 7 N.docx
Journal of Business Continuity & Emergency Planning Volume 7 N.docx
christiandean12115
 
INFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAM
INFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAMINFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAM
INFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAM
Christopher Nanchengwa
 
UCISA cyber incident response toolkit.pptx
UCISA cyber incident response toolkit.pptxUCISA cyber incident response toolkit.pptx
UCISA cyber incident response toolkit.pptx
ucisa
 
Wireless Security on Context (disponible en español)
Wireless Security on Context (disponible en español)Wireless Security on Context (disponible en español)
Wireless Security on Context (disponible en español)
Cisco Service Provider Mobility
 
Internet
InternetInternet
Internet
hetal001
 
Ten Expert Tips on Internet of Things Security
Ten Expert Tips on Internet of Things SecurityTen Expert Tips on Internet of Things Security
Ten Expert Tips on Internet of Things Security
Dean Bonehill ♠Technology for Business♠
 
expert tips
expert tipsexpert tips
expert tips
Mcolisi Tineth Ngwenya
 
INDIAN NATIONAL CYBER SECURITY POLICY (NCSP-2013)
INDIAN NATIONAL CYBER SECURITY POLICY (NCSP-2013)INDIAN NATIONAL CYBER SECURITY POLICY (NCSP-2013)
INDIAN NATIONAL CYBER SECURITY POLICY (NCSP-2013)
Santosh Khadsare
 
Data Safety And Security
Data Safety And SecurityData Safety And Security
Data Safety And Security
Constantine Karbaliotis
 
SIA-Q1-2016
SIA-Q1-2016SIA-Q1-2016
SIA-Q1-2016
Owais Hassan
 
Critical Infrastructure and Cybersecurity Transportation Sector
Critical Infrastructure and Cybersecurity Transportation SectorCritical Infrastructure and Cybersecurity Transportation Sector
Critical Infrastructure and Cybersecurity Transportation Sector
European Services Institute
 

Similar to Cyber Sec Project Proposal (20)

Airport security 2013 john mc carthy
Airport security 2013 john mc carthyAirport security 2013 john mc carthy
Airport security 2013 john mc carthy
 
Unit 7 Assignment Group Assignment – Risk Analysis and Ident
Unit 7 Assignment Group Assignment – Risk Analysis and IdentUnit 7 Assignment Group Assignment – Risk Analysis and Ident
Unit 7 Assignment Group Assignment – Risk Analysis and Ident
 
SECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docx
SECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docxSECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docx
SECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docx
 
CANSO-Safety_Cybersecurity-Risk-Assessment-Guide-2023.pdf
CANSO-Safety_Cybersecurity-Risk-Assessment-Guide-2023.pdfCANSO-Safety_Cybersecurity-Risk-Assessment-Guide-2023.pdf
CANSO-Safety_Cybersecurity-Risk-Assessment-Guide-2023.pdf
 
Maritime Cyber Security-Κυβερνοασφάλεια και Ναυτιλία
Maritime Cyber Security-Κυβερνοασφάλεια και ΝαυτιλίαMaritime Cyber Security-Κυβερνοασφάλεια και Ναυτιλία
Maritime Cyber Security-Κυβερνοασφάλεια και Ναυτιλία
 
Cyber-insurance and liability caps proposed as incentives by Department of Co...
Cyber-insurance and liability caps proposed as incentives by Department of Co...Cyber-insurance and liability caps proposed as incentives by Department of Co...
Cyber-insurance and liability caps proposed as incentives by Department of Co...
 
Get Ahead of Cyber Security by Tiffy Issac, Partner EY India
Get Ahead of Cyber Security by Tiffy Issac, Partner EY IndiaGet Ahead of Cyber Security by Tiffy Issac, Partner EY India
Get Ahead of Cyber Security by Tiffy Issac, Partner EY India
 
AGEOS Infrastructure Cyber Security White Paper
AGEOS Infrastructure Cyber Security White PaperAGEOS Infrastructure Cyber Security White Paper
AGEOS Infrastructure Cyber Security White Paper
 
Insa cyber intelligence 2011
Insa cyber intelligence 2011Insa cyber intelligence 2011
Insa cyber intelligence 2011
 
Journal of Business Continuity & Emergency Planning Volume 7 N.docx
Journal of Business Continuity & Emergency Planning Volume 7 N.docxJournal of Business Continuity & Emergency Planning Volume 7 N.docx
Journal of Business Continuity & Emergency Planning Volume 7 N.docx
 
INFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAM
INFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAMINFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAM
INFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAM
 
UCISA cyber incident response toolkit.pptx
UCISA cyber incident response toolkit.pptxUCISA cyber incident response toolkit.pptx
UCISA cyber incident response toolkit.pptx
 
Wireless Security on Context (disponible en español)
Wireless Security on Context (disponible en español)Wireless Security on Context (disponible en español)
Wireless Security on Context (disponible en español)
 
Internet
InternetInternet
Internet
 
Ten Expert Tips on Internet of Things Security
Ten Expert Tips on Internet of Things SecurityTen Expert Tips on Internet of Things Security
Ten Expert Tips on Internet of Things Security
 
expert tips
expert tipsexpert tips
expert tips
 
INDIAN NATIONAL CYBER SECURITY POLICY (NCSP-2013)
INDIAN NATIONAL CYBER SECURITY POLICY (NCSP-2013)INDIAN NATIONAL CYBER SECURITY POLICY (NCSP-2013)
INDIAN NATIONAL CYBER SECURITY POLICY (NCSP-2013)
 
Data Safety And Security
Data Safety And SecurityData Safety And Security
Data Safety And Security
 
SIA-Q1-2016
SIA-Q1-2016SIA-Q1-2016
SIA-Q1-2016
 
Critical Infrastructure and Cybersecurity Transportation Sector
Critical Infrastructure and Cybersecurity Transportation SectorCritical Infrastructure and Cybersecurity Transportation Sector
Critical Infrastructure and Cybersecurity Transportation Sector
 

Cyber Sec Project Proposal

  • 2. People are part of complex systems in the maritime environment; they inter- act with one another and computer systems in both creative and destructive ways. At every intersection of human and machine there is the possibility for error, manipulation, coercion or sedition.” - The Future of Maritime Cyber Security - Lan- caster University IT systems are crucial to the safe and efficient operation of modern vessels and to the functioning of the maritime industry in general. Increasingly complex systems enable a host of essential maritime operations, from navigation and propulsion to freight manage- ment and traffic control. Onboard systems include GPS, DP, AIS, ECDIS, Radar, autopilot etc. and control sys- tems for ballast, stability, engine and propulsion control, cargo handling etc. Advances in satellite technology mean these previously remote onboard systems are in- creasingly likely to have a permanent internet connection, with the potential for any device onboard the vessel to become a node of the on-shore corporate IT network. The 24hr availability of email, web browsers, cloud storage, network access, smartphones and the challenges of 'BYOD' all add to the complexities and the vulnerable gateways to our data. In addition to the equipment onboard vessels, there are similarly vulnerable systems lo- cated in ports, VTS centres, offshore installations, operators and manager’s offices and in numerous maritime support businesses and organisations. There are considerable risks to the safety and security of vessels, the security and reputa- tion of the owners and operators and risks to the movement of world trade should mari- time corporate IT networks become compromised. The act of compromise can be either deliberate and criminal, or unforeseen and accidental. Either way, the results can be equally widespread and potentially disasterous.
  • 3. The IMO propose that the subject be tackled using a process of Cyber Risk Management (CRM), covering safety, security and operational risks under one umbrella. This pro- ject will approach the subject from a similar viewpoint. Aims To mitigate the risk of exposure to cyber-vulnerabilities (deliberate or otherwise) by edu- cating those who have access to exposed IT systems and infrastructure, both onboard and shoreside. This will be achieved by giving a non-technical audience the knowledge to understand the risks, to know what to do to protect against these risks and what to do in response to a direct threat. During the development of this resource, the participating parties will form a working group to learn from the knowledge and experiences of each other to enhance their own internal procedures and systems for implementing a successful corporate CRM strategy. The final public output of the project will be to give practical guidance and advice on ‘Best Practices’ to those who may not have an IT background or training, enabling those at the sharp end to better support the work of the IT department in protecting the corporate net- work. For most companies, the greatest threat comes from the naivety of their own employees, on ship and shore. Awareness and good procedures can dramatically reduce the risk." - The Navigator, June 2016 Achieving the aims To achieve the stated aim, the working group will gather the latest in technical, security and behavioural knowledge and information and distil this into a series of practical ‘takeaways’ that can be easily understood and put into practice by a non-technical audi- ence. Fidra will then work with the creative team to create either a single film, or a series of ‘shorts’, that illustrate these points in a way that is both educational and entertaining to watch. It is only by achieving the second of these two goals that we have the greatest chance of the films being widely shared and the knowledge widely disseminated. If we are successful, the exposure will extend beyond the maritime industry. Fidra will work with the partners in the project and the maritime media outlets to ensure that as much publicity as possible is generated on release, using all available channels. Supporting materials could also be produced if these were felt to be of further benefit, in the form of guide notes and ‘best practice’ leaflets and posters (distributed as PDF docu- ments).
  • 4. Project structure The biggest risk is from employees using computer-based systems since security prevention mechanisms within the network itself are rarely imple- mented in the mistaken belief that perimeter defences are all that is required.” - Maritime Cyber Security White Paper - ESC Global Security The project will be developed by a working group consisting of a small number of interest- ed parties, primarily but not necessarily exclusively from the maritime domain. Led by Fid- ra, the group will assemble a body of technical knowledge and best practices that will then be handed over to a team of behavioural and creative specialists. A primary feature of this project is its collaborative nature, the sharing of information and ideas for the benefit of the group (internally/privately where deemed appropriate) and for the wider maritime community on release of the resource. The technical working group will be tasked with:  Assembling a body of reference materials and resources pertinent to the subject matter.  Identifying the most commonly encountered risks and vulnerabilities and those that have the greatest potential to cause damage.  Creating clear and unambiguous advice for a non-technical audience on ways to de- tect the presence of a risk, whether this be deliberate criminal activity or an internal system failure.  Creating clear advice suitable for a non-technical audience on appropriate measures to take in response to the presence of a potential threat to protect the network.  Collating a list of ‘Best Practices’ that should be adopted by all those with access to the corporate IT infrastructure.  Discussing and sharing, although not necessarily publicly disseminating, internal procedures and IT system defence policies and Best Practices from a more tech- nical perspective (suitable for corporate IT and security teams and management). The above is subject to discussion and amendment but is a logical starting point. Budget The budget is yet to be defined, but will be agreed upon by all parties to the project prior to commissioning the creative team. The cost will be shared amongst those involved. Fidra will not seek to sell or otherwise monetise the project following release, with the aim of achieving as widespread distribution as possible. This is the reason that the develop- ment, production and distribution budget must be raised from industry partners. However, if the loss, damage, or liability was caused either directly or indi- rectly by the use of a computer and its associated systems and software “as a means of inflicting harm,” such loss, damage, or liability would be excluded from coverage.” - Marsh & McLennan report
  • 5. Fidra are in the process of encouraging a ‘headline sponsor’ who has an interest in raising their profile within the maritime industry. This business or organisation may be less in- volved with the creation of the content but will cover a significant proportion of the produc- tion budget in return for the publicity generated by the release of the film(s). With the sponsorship contribution it is envisaged that individual partners will invest somewhere in the region of £5k (+VAT) each. ESC Global Security recommends that companies operating in the maritime industries put cyber security awareness training at the top of the agenda for users of technology and computer resources. This is one of the most effective ways of reducing a company's exposure to cyber security threats and increases both detection and incident response at the same time.” - Maritime Cyber Security White Paper - ESC Global Security While we are acutely aware of the financial position of many businesses in the maritime sector in these challenging times, we must be aware of the need to balance prudence with the ability to be creative and produce an effective resource. If the budget is too high, the project will languish as an idea that never came to fruition. If the budget is too low, we will be limited in what we can do and may fail our objectives by producing ‘just another training film’. For those looking to get internal budget sign-off, it may help to spread the cost across HSEQ, Risk Management, IT and Marketing Dept. budgets, as each department stand to benefit. The sum invested in this project could be recouped if just one cyber-attack or fail- ure can be avoided. It might be argued that the relatively low public profile of most marine busi- nesses means they are less likely to be the subject of a cyber-attack than fi- nancial institutions, energy companies, public utilities, or airlines. That may be the case, but nevertheless, the threat is real, and the results of a successful attack could be catastrophic. Certainly, the lack of any inbuilt encryption or authentication code in the critical systems used for navigation on board ship means that shipping could be seen as a soft target, and that perception alone could be enough to pro- voke an attack.” - Marsh & McLennan report
  • 6. Resources & references Hackers working with a drug smuggling gang infiltrated the computerized cargo tracking system of the Port of Antwerp to identify the shipping con- tainers in which consignments of drugs had been hidden. The gang then drove the containers from the port, retrieved the drugs and covered their tracks. The criminal activity continued for a two-year period from June 2011, until it was stopped by joint action by Belgium and Dutch police. Cyber criminals will continue to do the unexpected, and the nature of attacks of this sort will evolve.” - Marsh & McLennan report IMO document MSC 96/4/1 (4th Feb 2016): Measures to enhance maritime security - Guidelines for Cyber risk management - SOURCE IMO document MSC 96/4/2 (9th Feb 2016): Measures to enhance maritime security - Guidelines for Cyber risk management - SOURCE IMO document MSC 96/4/5 (8th March 2016): Measures to enhance maritime securi- ty - Measures aimed at improving cybersecurity on ships - SOURCE IMO document MSC 96/INF.4: Measures aimed at improving cybersecurity on a ship - SOURCE BIMCO: The Guidelines on Cyber Security Onboard Ships - SOURCE United States National Institute of Standards and Technology's Framework for Im- proving Critical Infrastructure Security (the NIST Framework) - SOURCE ENISA (European Network and Information Security Agency): Analysis of cyber se- curity aspects in the maritime sector (Nov 2011) - SOURCE Lancaster University: The Future of Maritime Cyber Security - SOURCE Marsh & Mclennan report: The risk of cyber-attack to the maritime industry – SOURCE NCC Group: Maritime cyber security: Threats & Opportunities - SOURCE ESCGS: Maritime Cyber Security White Paper - SOURCE AMMITEC: Cyber Security Awareness Guidelines - SOURCE The Navigator: June 2016 issue – SOURCE ABS: The application of cyber-security principles to marine and offshore opera- tions - SOURCE
  • 7. Contact details Interested parties should in the first instance contact Chris Young: Chris Young MNI Executive Producer Fidra Films Tel: +44 (0)7500 906 220 chris@fidragroup.com ... it is important that security procedures and processes are in place so that opera- tors know how to identify a potential security threat or have been trained to re- spond when a cyber attack is in process. Cyberspace was once just a way to communicate but now pretty much everything de- pends on it. Our critical infrastructures for energy, healthcare, banking, transportation and water are dependent on how well we protect and secure the systems and the data that controls them.” - Maritime Cyber Security White Paper - ESC Global Security Fidra Films is a trading name of Fidra Group Ltd, a company registered in England and Wales No. 9864419, VAT Reg. No. 232197420 Project partners To become a partner in this ground breaking project please contact us directly. See below for details. For reasons of project scale and collaborative logistics, places are strictly limited and will be offered on a first come first served basis.