Identify – Protect – Detect – Respond - Recover

Maritime & Port Security Information Sharing & Analysis Organization

TLP-GREEN Maritime & Port Security ISAO Federal Cybersecurity Policy

Presidential Executive Order 13691 – Feb. 2015 Promoting Private Sector Cybersecurity Information Sharing

Protecting Public Health & Safety, National and Economic Security Critical Infrastructure | Sector & Sub-Sector Business, Industry & Academia | Geographic Public/Private Collaboration

Cybersecurity Information Sharing Act of 2015…. Signed into law – December 2015 • Definitions • Federal Sharing • Protection - Personal Information • Private Sector Sharing and Liability Protection

Federal Government Published Guidelines – US Dept. Homeland Security, US Dept. of Justice, US Dept. of Defense

Maritime & Port Security ISAOISAO U.S. Coast Guard Guidance

Policy Letter CG-5P January 2017 Provides instructions to report suspicious and malicious cybersecurity activity • To whom • What kind

DRAFT NVIC May 2017 “MTSA-regulated facilities are instructed to analyze vulnerabilities with computer systems and networks in their Facility Security Assessment (FSA).”

Maritime & Port Security ISAOISAO Adversaries 101

Employees: Accidental Loss

Source: BIMCO “The Guidelines on Cyber Security Onboard Ships” ABS’ CyberSafetyTM Says, “Share”

Source: ABS “CyberSafety Guidance” Volume 1

Maritime & Port Security ISAO Ponenom Institute

Ponemon Institute: Second Annual Study on Exchanging Cyber Threat Intelligence There Has to Be a Better Way Maritime & Port Security ISAO When things go “south”…

Maritime & Port Security ISAO Ransomware

Maritime & Port Security ISAO Partners / Supply Chain

Victim 1. 2. 3. Recon

4. Others Tug Operators

Rail Law Firms Oil Trade& Gas Organizations Services Financial Services Marine TransportEquipment Suppliers Engineering

Maritime & Port Security ISAO Malicious Vessel Impersonation Emails

Maritime & Port Security ISAO Early Situational Awareness

MPS-ISAO Alert via CommandBridge Platform

Maritime & Port Security ISAO What do you do?

Cyber Vulnerability Management Hygiene

MPS-ISAO Information Sharing

Cybersecurity Risk Management Insurance

Maritime & Port Security ISAO [email protected]

Maritime & Port Security ISAO Sector Coordinating Council

Transportation Sector Specific Agencies (SSAs) Transportation Systems Sector DOT, DHS Maritime Public/Private Partnership Model Owners & Co-SSA Operators, US DOT Maritime CIPAC* Critical Maritime Assoc., Etc. Government Infrastructure Sector Sector Partnership Advisory Council Coordinating Other Co-SSA Coordinating GCC & SCC Council - SCC Transportatio US DHS Council - GCC Legal Framework (Private Sector) (Public Sector) n Modal SCCs MPS-ISAO Maritime Information Sharing & Other Analysis Center (ISAC) Manufacturing Federal Agencies Other Sectors, Regional Academia & Interdependencies Maritime & Consortium Research Port Security Coordinating Organization ISAO** SLTT Council s Supply Chain & State/Local Supporting Tribal/Territorial Services MPS-ISAO IACI Coordinated International Other Sectors & Sub-Sector ISAOs & ISACs Information Sharing with Assoc. of other Critical Infrastructure Public Safety - Law Enforcement Chemical Chemical Sectors/Sub-Sectors/ Certified ISAOs SLTT, Global Trafficking Health, Commercial Commercial Communities of Interest, (IACI)*** Transportation | Energy | IT Communications Communications US DHS / IACI CISCA Manufacturing |Financial | Critical Manufacturing Critical Manufacturing Agreement Air & Space, Communications Dams Dams Defense Defense Critical Partnership for Critical Infrastructure Security (PCIS) Critical Election Emergency Services Infrastructure Infrastructure Critical Infrastructure (CI)Cross-Sector Council Emergency Services Energy GCCs Comprised of Chairs, Co-Chairs, Vice-Chairs and Cross-Sector Energy Financial Services Designated Representatives of Sector Coordinating Council Financial Services Food & Agriculture Councils at the Sector and Sub-Sector Level Food & Agriculture Government Facilities Government Facilities Healthcare & Public Healthcare & Public Health Health Information * CIPAC provides the legal framework (mechanism) for GCC (public) and SCC (private-sector) Members to engage (coordination and collaboration) in joint critical infrastructure Information Technology protection activities. Technology Nuclear Reactors & ** The Maritime & Port Security ISAO (MPS-ISAO), a nonprofit Information Sharing Analysis Organization (ISAO) is the Information Sharing Analysis Center (ISAC) for the Nuclear Reactors & Waste Management Maritime Sector – ISAO Authorized by Presidential EO 13691, CISA Act, and US DHS / MPS-ISAO - CISCA Agreement Waste Management Water & Wastewater Water & Wastewater *** International Association of Certified ISAOs (IACI) – “Center of Gravity”, Global ISAO Association Supporting and Connecting ISAO/ISAC Information Sharing & Response ISAO Authorized by Presidential EO 13691, CISA Act, and US DHS/IACI – CISCA Agreement

Maritime & Port Security ISAO