Identify – Protect – Detect – Respond - Recover
Maritime & Port Security Information Sharing & Analysis Organization
TLP-GREEN Maritime & Port Security ISAO Federal Cybersecurity Policy
Presidential Executive Order 13691 – Feb. 2015 Promoting Private Sector Cybersecurity Information Sharing
Protecting Public Health & Safety, National and Economic Security Critical Infrastructure | Sector & Sub-Sector Business, Industry & Academia | Geographic Public/Private Collaboration
Cybersecurity Information Sharing Act of 2015…. Signed into law – December 2015 • Definitions • Federal Sharing • Protection - Personal Information • Private Sector Sharing and Liability Protection
Federal Government Published Guidelines – US Dept. Homeland Security, US Dept. of Justice, US Dept. of Defense
Maritime & Port Security ISAOISAO U.S. Coast Guard Guidance
Policy Letter CG-5P January 2017 Provides instructions to report suspicious and malicious cybersecurity activity • To whom • What kind
DRAFT NVIC May 2017 “MTSA-regulated facilities are instructed to analyze vulnerabilities with computer systems and networks in their Facility Security Assessment (FSA).”
Maritime & Port Security ISAOISAO Adversaries 101
Employees: Accidental Loss
Source: BIMCO “The Guidelines on Cyber Security Onboard Ships” ABS’ CyberSafetyTM Says, “Share”
Source: ABS “CyberSafety Guidance” Volume 1
Maritime & Port Security ISAO Ponenom Institute
Ponemon Institute: Second Annual Study on Exchanging Cyber Threat Intelligence There Has to Be a Better Way Maritime & Port Security ISAO When things go “south”…
Maritime & Port Security ISAO Ransomware
Maritime & Port Security ISAO Partners / Supply Chain
Victim 1. 2. 3. Recon
4. Others Tug Operators
Rail Law Firms Oil Trade& Gas Organizations Services Financial Services Marine TransportEquipment Suppliers Engineering
Maritime & Port Security ISAO Malicious Vessel Impersonation Emails
Maritime & Port Security ISAO Early Situational Awareness
MPS-ISAO Alert via CommandBridge Platform
Maritime & Port Security ISAO What do you do?
Cyber Vulnerability Management Hygiene
MPS-ISAO Information Sharing
Cybersecurity Risk Management Insurance
Maritime & Port Security ISAO [email protected]
Maritime & Port Security ISAO Sector Coordinating Council
Transportation Sector Specific Agencies (SSAs) Transportation Systems Sector DOT, DHS Maritime Public/Private Partnership Model Owners & Co-SSA Operators, US DOT Maritime CIPAC* Critical Maritime Assoc., Etc. Government Infrastructure Sector Sector Partnership Advisory Council Coordinating Other Co-SSA Coordinating GCC & SCC Council - SCC Transportatio US DHS Council - GCC Legal Framework (Private Sector) (Public Sector) n Modal SCCs MPS-ISAO Maritime Information Sharing & Other Analysis Center (ISAC) Manufacturing Federal Agencies Other Sectors, Regional Academia & Interdependencies Maritime & Consortium Research Port Security Coordinating Organization ISAO** SLTT Council s Supply Chain & State/Local Supporting Tribal/Territorial Services MPS-ISAO IACI Coordinated International Other Sectors & Sub-Sector ISAOs & ISACs Information Sharing with Assoc. of other Critical Infrastructure Public Safety - Law Enforcement Chemical Chemical Sectors/Sub-Sectors/ Certified ISAOs SLTT, Global Trafficking Health, Commercial Commercial Communities of Interest, (IACI)*** Transportation | Energy | IT Communications Communications US DHS / IACI CISCA Manufacturing |Financial | Critical Manufacturing Critical Manufacturing Agreement Air & Space, Communications Dams Dams Defense Defense Critical Partnership for Critical Infrastructure Security (PCIS) Critical Election Emergency Services Infrastructure Infrastructure Critical Infrastructure (CI)Cross-Sector Council Emergency Services Energy GCCs Comprised of Chairs, Co-Chairs, Vice-Chairs and Cross-Sector Energy Financial Services Designated Representatives of Sector Coordinating Council Financial Services Food & Agriculture Councils at the Sector and Sub-Sector Level Food & Agriculture Government Facilities Government Facilities Healthcare & Public Healthcare & Public Health Health Information * CIPAC provides the legal framework (mechanism) for GCC (public) and SCC (private-sector) Members to engage (coordination and collaboration) in joint critical infrastructure Information Technology protection activities. Technology Nuclear Reactors & ** The Maritime & Port Security ISAO (MPS-ISAO), a nonprofit Information Sharing Analysis Organization (ISAO) is the Information Sharing Analysis Center (ISAC) for the Nuclear Reactors & Waste Management Maritime Sector – ISAO Authorized by Presidential EO 13691, CISA Act, and US DHS / MPS-ISAO - CISCA Agreement Waste Management Water & Wastewater Water & Wastewater *** International Association of Certified ISAOs (IACI) – “Center of Gravity”, Global ISAO Association Supporting and Connecting ISAO/ISAC Information Sharing & Response ISAO Authorized by Presidential EO 13691, CISA Act, and US DHS/IACI – CISCA Agreement
Maritime & Port Security ISAO