CYBER SECURITY INDUSTRY GUIDELINES

Size: px
Start display at page:

Download "CYBER SECURITY INDUSTRY GUIDELINES"

Transcription

1 CYBER SECURITY INDUSTRY GUIDELINES Aron Sorensen, Chief Marine Technical Officer, BIMCO 1

2 BIMCO Founded in ,300 members in around 130 countries Membership includes shipowners, operators, managers, brokers and agents Developing industry standards, and providing quality technical information, advice and education Advocating the oppinion of our members at IMO, ISO, IALA, IHO etc. 2

3 AGENDA Background for industry guidelines Considerations on cyber Risk based and agile approach 3

4 BIMCO S WORK In 2013, the BIMCO Executive Committee highlighted the importance of cyber security Ø Information gathering - to deal with cyber security needs and challenges in the maritime sector In March 2014, added to the agenda of the Marine Committee and of the Security Committee Ø Decided to develop industry guidance on cyber security for ships 4

5 SHIPS ARE VULNERABLE TO CYBER ATTACKS Ships chartered to 3rd party operators Ø The shipowner does not have control over the IT systems required by the charterer Historically ships have been offline Ø Today cyber security cannot be controlled through avoidance of connectivity 5

6 SHIPS ARE VULNERABLE TO CYBER ATTACKS Critical data pertaining to cargo is passed through numerous land-side entities Ø Penetration of just one entity can result in any data element being compromised A high reliability on IT systems related to safety Ø ECDIS and satellite receivers make a ship susceptible to either penetration or jamming 6

7 RISKS ON BOARD SHIPS Lack of software and system monitoring Insiders introducing malware by storage devices etc. Outdated (Microsoft) software Remote attacks by criminals Unprotected or badly designed hardware and networks 7

8 ATTACKING A SHIP WILL NOT STOP WORD TRADE A ship is an independent unit and a cyber attack may compromise safety of that ship, the marine environment and to some extent, the business continuity of the owner To a large extent the crew will use the same contingency plans as for any other emergency if the ship is compromised 8

9 AGILITY NEEDED Cyber attacks develop constantly so mitigating measurers will also have to change accordingly IMO regulation would be too slow Type approval of software is not the way forward, as it is a static process We see industry best management practice as the way to cope with cyber security 9

10 SPECIAL ATTENTION Cyber security should be carefully considered: Ø When taking over a new building and buying used tonnage Ø In connection with on-board software maintenance Ø When dealing with an always open on-line connection 10

11 IT STARTS DURING CONSTRUCTION OF THE SHIP Producer should have a QA system for software lifecycle activities, which specifies cyber-security considerations Ships networks should be configured to have controlled and uncontrolled networks 11

12 RISK BASED APPROACH NEEDED Some organisations, ships and systems may be more at risk than others, depending on the type and value of data stored To manage risks, ships personnel and owners should understand the probability that an event will occur and the resulting impact 12

13 INDUSTRY GUIDELINES ON CYBER SECURITY ON BOARD SHIPS The guidance to ship owners and operators includes how to: Ø minimize the risk of a cyber-attack through user access management Ø protect on board systems Ø develop contingency plans and Ø manage incidents if they do occur 13

14 IMO PROCESS At MSC 94 (November 2014), proposal for guidelines for ports, ships, and other parts of maritime transportation system Ø BIMCO informed that we were working on guidance for shipowners and crew on operational aspects of cyber security on-board ships Update paper by BIMCO, ICS, INTERTANKO and INTERCARGO submitted to MSC 95 (June 2015) Ø Intention to present the finalized guidelines to MSC 96 14

15 RELATED WORK Working with CIRM since 2013 on a draft industry standard Maintenance and update of onboard programmable electronic systems Ø The cyber work and the CIRM work are interrelated and coordination is essential Manufacturers should develop, manage and update computerbased systems in a secure way 15

16 INDUSTRY SOFTWARE MAINTENANCE GUIDELINES Event initiation Preventative maintenance Corrective maintenance Planning Where and when Best service engineer for the job Onboard software log Execution Execution and control Cyber security After service Service report and onboard software log Evaluation and feedback 16

17 CONCLUSIONS Awareness needed in the industry Ships are exposed to a cyber-threat calling for a risk based approach Ø Industry Guidance will be submitted to MSC 96 Ø Cyber crime is developing all the time and we need to keep up Cyber security considerations should start at the software production stage and cyber robustness considerations should be made when the ship is constructed 17

18 Aron Frank Sørensen Chief Marine Techncal Officer BIMCO Thank you for your attention Questions?

MEASURES TO ENHANCE MARITIME SECURITY. Industry guidelines on cyber security on board ships. Submitted by ICS, BIMCO, INTERTANKO and INTERCARGO

MEASURES TO ENHANCE MARITIME SECURITY. Industry guidelines on cyber security on board ships. Submitted by ICS, BIMCO, INTERTANKO and INTERCARGO E MARITIME SAFETY COMMITTEE 95th session Agenda item 4 MSC 95/4/1 5 March 2015 Original: ENGLISH MEASURES TO ENHANCE MARITIME SECURITY Industry guidelines on cyber security on board ships Submitted by

More information

Software Maintenance from the System Manufacturer s Perspective. Richard Doherty Chief Technical Officer CIRM

Software Maintenance from the System Manufacturer s Perspective. Richard Doherty Chief Technical Officer CIRM Software Maintenance from the System Manufacturer s Perspective Richard Doherty Chief Technical Officer CIRM Introducing CIRM Who are CIRM? CIRM (Comité International Radio-Maritime) is a non-profit trade

More information

ENSURING SECURITY IN AND FACILITATING INTERNATIONAL TRADE. Measures toward enhancing maritime cybersecurity. Submitted by Canada SUMMARY

ENSURING SECURITY IN AND FACILITATING INTERNATIONAL TRADE. Measures toward enhancing maritime cybersecurity. Submitted by Canada SUMMARY E FACILITATION COMMITTEE 39th session Agenda item 7 FAL 39/7 10 July 2014 Original: ENGLISH ENSURING SECURITY IN AND FACILITATING INTERNATIONAL TRADE Measures toward enhancing maritime cybersecurity Submitted

More information

SOMEBODY'S WATCHING YOU! Maritime Cyber Security White Paper. Safeguarding data through increased awareness

SOMEBODY'S WATCHING YOU! Maritime Cyber Security White Paper. Safeguarding data through increased awareness SOMEBODY'S WATCHING YOU! Maritime Cyber Security White Paper Safeguarding data through increased awareness November 2015 1 Contents Executive Summary 3 Introduction 4 Martime Security 5 Perimeters Breached

More information

Skibsteknisk Selskab. Standard on Software Maintenance of Shipboard Equipment. Chief marine technical officer Aron Sørensen

Skibsteknisk Selskab. Standard on Software Maintenance of Shipboard Equipment. Chief marine technical officer Aron Sørensen Skibsteknisk Selskab Standard on Software Maintenance of Shipboard Equipment Chief marine technical officer Aron Sørensen Our Members - DWT of Owner Members Our 2,300 Members by Category Owners Brokers

More information

The Guidelines on Cyber Security onboard Ships

The Guidelines on Cyber Security onboard Ships The Guidelines on Cyber Security onboard Ships (Version 1.0 January 2016) Published by BIMCO Bagsvaerdvej 161 Denmark, 2880 Bagsvaerd Marine@bimco.org www.bimco.org 1 Terms of Use The advice and information

More information

The International Chamber of Shipping (ICS) Representing the Global Shipping Industry

The International Chamber of Shipping (ICS) Representing the Global Shipping Industry The International Chamber of Shipping (ICS) Representing the Global Shipping Industry The International Chamber of Shipping (ICS) Representing the Global Shipping Industry ICS is the principal international

More information

Committees Date: Subject: Public Report of: For Information Summary

Committees Date: Subject: Public Report of: For Information Summary Committees Audit & Risk Management Committee Finance Committee Subject: Cyber Security Risks Report of: Chamberlain Date: 17 September 2015 22 September 2015 Public For Information Summary Cyber security

More information

Environmental Compliance

Environmental Compliance Shipping industry guidance on Environmental Compliance A framework for ensuring compliance with MARPOL International Chamber of Shipping and International Shipping Federation Also supported by BIMCO Oil

More information

Liability Management Evolving Cyber and Physical Security Standards and the SAFETY Act

Liability Management Evolving Cyber and Physical Security Standards and the SAFETY Act Liability Management Evolving Cyber and Physical Security Standards and the SAFETY Act JULY 17, 2014 2013 Venable LLP 1 Agenda 1. Security Risks affecting the Maritime Transportation System (MTS) 2. The

More information

THE REPUBLIC OF LIBERIA LIBERIA MARITIME AUTHORITY

THE REPUBLIC OF LIBERIA LIBERIA MARITIME AUTHORITY THE REPUBLIC OF LIBERIA LIBERIA MARITIME AUTHORITY 8619 Westwood Center Drive Suite 300 Vienna, Virginia 22182, USA Tel: +1 703 790 3434 Fax: +1 703 790 5655 Email: security@liscr.com Web: www.liscr.com

More information

Maritime cybersecurity using ISPS and ISM codes

Maritime cybersecurity using ISPS and ISM codes Maritime cybersecurity using ISPS and ISM codes Alejandro Gómez Bermejo Cybersecurity Manager and Consultant BEng, PMP, CISA, CRISC, ITIL, AMNI, Yachtmaster www.erawat.es Introduction Currently neither

More information

Announcement of a new IAEA Co-ordinated Research Programme (CRP)

Announcement of a new IAEA Co-ordinated Research Programme (CRP) Announcement of a new IAEA Co-ordinated Research Programme (CRP) 1. Title of Co-ordinated Research Programme Design and engineering aspects of the robustness of digital instrumentation and control (I&C)

More information

NSA/DHS Centers of Academic Excellence for Information Assurance/Cyber Defense

NSA/DHS Centers of Academic Excellence for Information Assurance/Cyber Defense NSA/DHS Centers of Academic Excellence for Information Assurance/Cyber Defense Cyber Investigations Data Management Systems Security Data Security Analysis Digital Forensics Health Care Security Industrial

More information

TRANSERV GLOBAL SERVICE & SUPPORT MAINTENANCE CONTRACTS

TRANSERV GLOBAL SERVICE & SUPPORT MAINTENANCE CONTRACTS TRANSERV GLOBAL SERVICE & SUPPORT MAINTENANCE CONTRACTS TRANSAS SERVICE DEPARTMENT Worldwide Service The Transas Worldwide Service Network guarantees a rapid response to service enquiries 24 hours a day,

More information

SHIPPING BUSINESS Group One Syllabus

SHIPPING BUSINESS Group One Syllabus SHIPPING BUSINESS Group One Syllabus THE SHIPPING BUSINESS ENTITY Thoroughly understand the concept of Limited Liability as applied to commercial companies. Understand the differences between private and

More information

Cybersecurity in the maritime and offshore industry

Cybersecurity in the maritime and offshore industry Cybersecurity in the maritime and offshore industry Where do we stand today - and what is the pathway going forward? Tor E. Svensen, CEO Maritime 24 March 2015 1 DNV GL 24 March 2015 SAFER, SMARTER, GREENER

More information

An Overview of Information Security Frameworks. Presented to TIF September 25, 2013

An Overview of Information Security Frameworks. Presented to TIF September 25, 2013 An Overview of Information Security Frameworks Presented to TIF September 25, 2013 What is a framework? A framework helps define an approach to implementing, maintaining, monitoring, and improving information

More information

FURTHER TECHNICAL AND OPERATIONAL MEASURES FOR ENHANCING ENERGY EFFICIENCY OF INTERNATIONAL SHIPPING

FURTHER TECHNICAL AND OPERATIONAL MEASURES FOR ENHANCING ENERGY EFFICIENCY OF INTERNATIONAL SHIPPING MARINE ENVIRONMENT PROTECTION COMMITTEE 67th session Agenda item 5 MEPC 67/5/XX [ ] August 2014 Original: ENGLISH FURTHER TECHNICAL AND OPERATIONAL MEASURES FOR ENHANCING ENERGY EFFICIENCY OF INTERNATIONAL

More information

THE RISK OF CYBER-ATTACK TO THE MARITIME SECTOR

THE RISK OF CYBER-ATTACK TO THE MARITIME SECTOR Global Marine Practice JULY 2014 THE RISK OF CYBER-ATTACK TO THE MARITIME SECTOR CONTENT: 2 INTRODUCTION 2 WHY NOW? 4 WHY IS THE MARITIME SECTOR PARTICULARLY VULNERABLE? 5 THE COVERAGE GAP 6 CLOSING THE

More information

History of the IMO Effort to Improve Container Safety

History of the IMO Effort to Improve Container Safety History of the IMO Effort to Improve Container Safety 1. Existing Law May 2014 SOLAS Regulation VI/2 requires the shipper of containerized cargo to provide the ship s master or his representative with

More information

Secure by design: taking a strategic approach to cybersecurity

Secure by design: taking a strategic approach to cybersecurity Secure by design: taking a strategic approach to cybersecurity The cybersecurity market is overly focused on auditing policy compliance and performing vulnerability testing when the level of business risk

More information

Maritime Insurance Cyber Security Framing the Exposure. Tony Cowie May 2015

Maritime Insurance Cyber Security Framing the Exposure. Tony Cowie May 2015 Maritime Insurance Cyber Security Framing the Exposure Tony Cowie May 2015 Table of Contents / Agenda What is cyber risk? Exposures - Should we be concerned about "Cyber"? Is Cyber covered under a Marine

More information

The home of integrated marine energy services

The home of integrated marine energy services The home of integrated marine energy services Braemar provides expert services to the shipping, marine, insurance industries. Braemar Shipping Services Plc is listed on the London Stock Exchange. With

More information

Cyber Security: Threat & The Maritime Environment Cyber Security: now byting the maritime industry

Cyber Security: Threat & The Maritime Environment Cyber Security: now byting the maritime industry Cyber Security: Threat & The Maritime Environment Cyber Security: now byting the maritime industry Templar Executives NIAS 2007 DHR 2008 IAMM 2008 1 st CSS 2009 2 nd CSS 2011 Advising Government & Industry

More information

Cybersecurity in the Maritime Domain

Cybersecurity in the Maritime Domain Cybersecurity in the Maritime Domain Shipping Company Perspective to Marine Board Spring Meeting Dave Moore Manager, Strategic Planning and Analysis Chevron Shipping Company, LLC Transportation Research

More information

QUALITY MANAGEMENT IN VTS

QUALITY MANAGEMENT IN VTS CHAPTER 18: QUALITY MANAGEMENT IN VTS Background At its twenty-fourth session, the IMO Assembly adopted resolution A.973(24) on the Code for the Implementation of Mandatory IMO Instruments and resolution

More information

PANAMA MARITIME AUTHORITY General Directorate of Merchant Marine. Merchant Marine Circular No. 193

PANAMA MARITIME AUTHORITY General Directorate of Merchant Marine. Merchant Marine Circular No. 193 PANAMA MARITIME AUTHORITY General Directorate of Merchant Marine Merchant Marine Circular No. 193 To: Subject: Owners/Operators, Legal Representatives of Panamanian Flagged Vessels, Consuls and Recognized

More information

A Guide to the Cyber Essentials Scheme

A Guide to the Cyber Essentials Scheme A Guide to the Cyber Essentials Scheme Published by: CREST Tel: 0845 686-5542 Email: admin@crest-approved.org Web: http://www.crest-approved.org/ Principal Author Jane Frankland, Managing Director, Jane

More information

Small businesses: What you need to know about cyber security

Small businesses: What you need to know about cyber security Small businesses: What you need to know about cyber security Contents Why you need to know about cyber security... 3 Understanding the risks to your business... 4 How you can manage the risks... 5 Planning

More information

OCIE CYBERSECURITY INITIATIVE

OCIE CYBERSECURITY INITIATIVE Topic: Cybersecurity Examinations Key Takeaways: OCIE will be conducting examinations of more than 50 registered brokerdealers and registered investment advisers, focusing on areas related to cybersecurity.

More information

State of the Applications : Only 11% of Information Security Managers Feel Their Applications are Secure. www.quotium.com 1/11

State of the Applications : Only 11% of Information Security Managers Feel Their Applications are Secure. www.quotium.com 1/11 State of the Applications : Only 11% of Information Security Managers Feel Their Applications are Secure www.quotium.com 1/11 Table of Contents 1 INTRODUCTION... 3 2 DO APPLICATIONS IN YOUR ORGANIZATION

More information

International Chamber of Shipping

International Chamber of Shipping International Chamber of Shipping The voice of national shipowners associations, representing all sectors and trades in the global shipping industry www.marisec.org Statement of Purpose The aim of ICS

More information

CYBER SECURITY. ADVISORY SERVICES Governance Risk & Compliance. Shemrick Rodney IT Specialist Consultant Antigua & St. Kitts

CYBER SECURITY. ADVISORY SERVICES Governance Risk & Compliance. Shemrick Rodney IT Specialist Consultant Antigua & St. Kitts CYBER SECURITY ADVISORY SERVICES Governance Risk & Compliance Shemrick Rodney IT Specialist Consultant Antigua & St. Kitts The Financial Services Industry at Crossroads: Where to From Here? WELCOME What

More information

CYBERSECURITY EXAMINATION SWEEP SUMMARY

CYBERSECURITY EXAMINATION SWEEP SUMMARY This Risk Alert provides summary observations from OCIE s examinations of registered broker-dealers and investment advisers, conducted under the Cybersecurity Examination Initiative, announced April 15,

More information

Cybersecurity Global status update. Dr. Hamadoun I. Touré Secretary-General, ITU

Cybersecurity Global status update. Dr. Hamadoun I. Touré Secretary-General, ITU Cybersecurity Global status update Dr. Hamadoun I. Touré Secretary-General, ITU Cybercrime takes a toll on the global economy - Online fraud, identity theft, and lost intellectual property; - On governments,

More information

CYBERSECURITY BEST PRACTICES FOR SMALL AND MEDIUM PENNSYLVANIA UTILITIES

CYBERSECURITY BEST PRACTICES FOR SMALL AND MEDIUM PENNSYLVANIA UTILITIES CYBERSECURITY BEST PRACTICES FOR SMALL AND MEDIUM PENNSYLVANIA UTILITIES The information provided in this document is presented as a courtesy to be used for informational purposes only. This information

More information

KUDELSKI SECURITY DEFENSE. www.kudelskisecurity.com

KUDELSKI SECURITY DEFENSE. www.kudelskisecurity.com KUDELSKI SECURITY DEFENSE Cyber Defense Center connection for remote information exchange with local monitoring consoles Satellite link Secure Data Sharing, a data-centric solution protecting documents

More information

ESKISP6054.01 Conduct security testing, under supervision

ESKISP6054.01 Conduct security testing, under supervision Overview This standard covers the competencies required to conduct security testing under supervision. In order to contribute to the determination of the level of resilience of an information system to

More information

WHITE PAPER ON SECURITY TESTING IN TELECOM NETWORK

WHITE PAPER ON SECURITY TESTING IN TELECOM NETWORK WHITE PAPER ON SECURITY TESTING IN TELECOM NETWORK DATE OF RELEASE: 27 th July 2012 Table of Contents 1. Introduction... 2 2. Need for securing Telecom Networks... 3 3. Security Assessment Techniques...

More information

A NEW APPROACH TO CYBER SECURITY

A NEW APPROACH TO CYBER SECURITY A NEW APPROACH TO CYBER SECURITY We believe cyber security should be about what you can do not what you can t. DRIVEN BY BUSINESS ASPIRATIONS We work with you to move your business forward. Positively

More information

Cyber Risk Mitigation via Security Monitoring. Enhanced by Managed Services

Cyber Risk Mitigation via Security Monitoring. Enhanced by Managed Services Cyber Risk Mitigation via Security Monitoring Enhanced by Managed Services Focus: Up to But Not Including Corporate and 3 rd Party Networks Level 4 Corporate and 3 rd Party/Vendor/Contractor/Maintenance

More information

ESKISP6053.01 Assist security testing, under supervision

ESKISP6053.01 Assist security testing, under supervision Overview This standard covers the competencies required to assist security testing under supervision. In order to contribute to the determination of the level of resilience of an information system to

More information

Code of Practice for Cyber Security in the Built Environment

Code of Practice for Cyber Security in the Built Environment Brochure More information from http://www.researchandmarkets.com/reports/3085299/ Code of Practice for Cyber Security in the Built Environment Description: This code of practice explains why and how cyber

More information

Cyber attack on Twitter, 250,000 accounts hacked

Cyber attack on Twitter, 250,000 accounts hacked HEADLINES Impact and Cost At least 19 states have introduced or are considering security breach legislation in 2014. Most of the bills would amend existing security breach laws. According to the Ponemon

More information

international centre for advancing the legal protection of seafarers SEAFARER FACT FILE Using Lawyers

international centre for advancing the legal protection of seafarers SEAFARER FACT FILE Using Lawyers international centre for advancing the legal protection of seafarers SEAFARER FACT FILE Using Lawyers Using Lawyers As a seafarer, you may need to consult a lawyer in the course of your employment if you

More information

Department of Homeland Security Control Systems Security Program

Department of Homeland Security Control Systems Security Program Department of Homeland Security Control Systems Security Program Transportation Sector David Sawin Program Manager Bob Hoaglund, CSSP - Maritime Transportation Modal Lead Control Systems Security Program

More information

Microsoft s cybersecurity commitment

Microsoft s cybersecurity commitment Microsoft s cybersecurity commitment Published January 2015 At Microsoft, we take the security and privacy of our customers data seriously. This focus has been core to our culture for more than a decade

More information

Information Technology Control Framework in the Federal Government Considerations for an Audit Strategy

Information Technology Control Framework in the Federal Government Considerations for an Audit Strategy Information Technology Control Framework in the Federal Government Considerations for an Audit Strategy Presentation to The Institute of Internal Auditors Breakfast Session February 6, 2014 Outline of

More information

AUDIT REPORT. Cybersecurity Controls Over a Major National Nuclear Security Administration Information System

AUDIT REPORT. Cybersecurity Controls Over a Major National Nuclear Security Administration Information System U.S. Department of Energy Office of Inspector General Office of Audits and Inspections AUDIT REPORT Cybersecurity Controls Over a Major National Nuclear Security Administration Information System DOE/IG-0938

More information

Application White Listing and Privilege Management: Picking Up Where Antivirus Leaves Off

Application White Listing and Privilege Management: Picking Up Where Antivirus Leaves Off Application White Listing and Privilege Management: Picking Up Where Antivirus Leaves Off Times have Changed & A/V Executives Agree An A/V product as your sole endpoint protection solution isn t enough.

More information

KEY STEPS FOLLOWING A DATA BREACH

KEY STEPS FOLLOWING A DATA BREACH KEY STEPS FOLLOWING A DATA BREACH Introduction This document provides key recommended steps to be taken following the discovery of a data breach. The document does not constitute an exhaustive guideline,

More information

MSC Security Program Security in the Logistics Supply Chain

MSC Security Program Security in the Logistics Supply Chain Maritime Security Council L MSC Security Program Security in the Logistics Supply Chain First Hemispheric Convention on Port Logistics and Competitiveness Ixtapa-Zihuatanejo November 3-5, 2010 Talking

More information

Building a More Secure and Prosperous Texas through Expanded Cybersecurity

Building a More Secure and Prosperous Texas through Expanded Cybersecurity Building a More Secure and Prosperous Texas through Expanded Cybersecurity Bob Butler Chairman, Texas Cybersecurity, Education and Economic Development Council April 2013 About the Texas Cybersecurity

More information

Oily Water Separators

Oily Water Separators Shipping industry guidance on the use of Oily Water Separators Ensuring compliance with MARPOL Shipping industry guidance on the use of Oily Water Separators Ensuring compliance with MARPOL The global

More information

An Overview of Large US Military Cybersecurity Organizations

An Overview of Large US Military Cybersecurity Organizations An Overview of Large US Military Cybersecurity Organizations Colonel Bruce D. Caulkins, Ph.D. Chief, Cyber Strategy, Plans, Policy, and Exercises Division United States Pacific Command 2 Agenda United

More information

ESKISP6055.01 Manage security testing

ESKISP6055.01 Manage security testing Overview This standard covers the competencies concerning with managing security testing activities. Including managing resources activities and deliverables. This includes planning, conducting and reporting

More information

Data Access Request Service

Data Access Request Service Data Access Request Service Guidance Notes on Security Version: 4.0 Date: 01/04/2015 1 Copyright 2014, Health and Social Care Information Centre. Introduction This security guidance is for organisations

More information

Security. round table debate

Security. round table debate Security round table debate In the latest of our industry round table debates, SMI drew together the leaders in global shipping to debate the one issue which is dominating discussion on the future role

More information

GUIDELINES ON THE DESIGN AND USE OF PORTABLE PILOT UNITS

GUIDELINES ON THE DESIGN AND USE OF PORTABLE PILOT UNITS IMPA 2009 1 GUIDELINES ON THE DESIGN AND USE OF PORTABLE PILOT UNITS Prepared by IMPA With Technical Input from CIRM IMPA 2009 2 GUIDELINES ON THE DESIGN AND USE OF PORTABLE PILOT UNITS FOREWORD With the

More information

The State of Industrial Control Systems Security and National Critical Infrastructure Protection

The State of Industrial Control Systems Security and National Critical Infrastructure Protection The State of Industrial Control Systems Security and National Critical Infrastructure Protection Emerging Threats Tinuade Adesina, Lulea University of Technology Sweden IT Security for the Next Generation

More information

SAFECode Security Development Lifecycle (SDL)

SAFECode Security Development Lifecycle (SDL) SAFECode Security Development Lifecycle (SDL) Michael Howard Microsoft Matthew Coles EMC 15th Semi-annual Software Assurance Forum, September 12-16, 2011 Agenda Introduction to SAFECode Security Training

More information

By: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015

By: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015 Community Bank Auditors Group Cybersecurity What you need to do now June 9, 2015 By: Gerald Gagne MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2015 Wolf & Company, P.C. Cybersecurity

More information

Cyber Security :: Insights & Recommendations for Secure Operations. N-Dimension Solutions, Inc.

Cyber Security :: Insights & Recommendations for Secure Operations. N-Dimension Solutions, Inc. Cyber Security :: Insights & Recommendations for Secure Operations N-Dimension Solutions, Inc. Cyber Security Protection for Critical Infrastructure Assets Agenda: Cyber Landscape Cyber Threats to Your

More information

WRITTEN TESTIMONY OF

WRITTEN TESTIMONY OF WRITTEN TESTIMONY OF KEVIN MANDIA CHIEF EXECUTIVE OFFICER MANDIANT CORPORATION BEFORE THE SUBCOMMITTEE ON CRIME AND TERRORISM JUDICIARY COMMITTEE UNITED STATES SENATE May 8, 2013 Introduction Thank you

More information

TLP WHITE. Denial of service attacks: what you need to know

TLP WHITE. Denial of service attacks: what you need to know Denial of service attacks: what you need to know Contents Introduction... 2 What is DOS and how does it work?... 2 DDOS... 4 Why are they used?... 5 Take action... 6 Firewalls, antivirus and updates...

More information

BRIDGING THE GAP BETWEEN EMERGENCY MANAGEMENT AND TRANSPORTATION. Sheena Connolly Open Roads Consulting

BRIDGING THE GAP BETWEEN EMERGENCY MANAGEMENT AND TRANSPORTATION. Sheena Connolly Open Roads Consulting BRIDGING THE GAP BETWEEN EMERGENCY MANAGEMENT AND TRANSPORTATION Sheena Connolly Open Roads Consulting Your Perspective on Transportation 1. What s your perspective on transportation? (e.g. experience,

More information

How small and medium-sized enterprises can formulate an information security management system

How small and medium-sized enterprises can formulate an information security management system How small and medium-sized enterprises can formulate an information security management system Royal Holloway Information Security Thesis Series Information security for SMEs Vadim Gordas, MSc (RHUL) and

More information

Implementing a Ship Energy Efficiency Management Plan (SEEMP) Guidance for shipowners and operators

Implementing a Ship Energy Efficiency Management Plan (SEEMP) Guidance for shipowners and operators Implementing a Ship Energy Efficiency Management Plan (SEEMP) Guidance for shipowners and operators Lloyd s Register, its affiliates and subsidiaries and their respective officers, employees or agents

More information

Attachment A. Identification of Risks/Cybersecurity Governance

Attachment A. Identification of Risks/Cybersecurity Governance Attachment A Identification of Risks/Cybersecurity Governance 1. For each of the following practices employed by the Firm for management of information security assets, please provide the month and year

More information

The President s Critical Infrastructure Protection Board. Office of Energy Assurance U.S. Department of Energy 202/ 287-1808

The President s Critical Infrastructure Protection Board. Office of Energy Assurance U.S. Department of Energy 202/ 287-1808 cover_comp_01 9/9/02 5:01 PM Page 1 For further information, please contact: The President s Critical Infrastructure Protection Board Office of Energy Assurance U.S. Department of Energy 202/ 287-1808

More information

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES. www.kaspersky.com

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES. www.kaspersky.com KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES www.kaspersky.com EXPERT SERVICES Expert Services from Kaspersky Lab are exactly that the services of our in-house experts, many of them global

More information

93% of large organisations and 76% of small businesses

93% of large organisations and 76% of small businesses innersecurity INFORMATION SECURITY Information Security Services 93% of large organisations and 76% of small businesses suffered security breaches in the last year. * Cyber attackers were the main cause.

More information

U.S. Office of Personnel Management. Actions to Strengthen Cybersecurity and Protect Critical IT Systems

U.S. Office of Personnel Management. Actions to Strengthen Cybersecurity and Protect Critical IT Systems U.S. Office of Personnel Management Actions to Strengthen Cybersecurity and Protect Critical IT Systems June 2015 1 I. Introduction The recent intrusions into U.S. Office of Personnel Management (OPM)

More information

Looking at the SANS 20 Critical Security Controls

Looking at the SANS 20 Critical Security Controls Looking at the SANS 20 Critical Security Controls Mapping the SANS 20 to NIST 800-53 to ISO 27002 by Brad C. Johnson The SANS 20 Overview SANS has created the 20 Critical Security Controls as a way of

More information

Cybersecurity and internal audit. August 15, 2014

Cybersecurity and internal audit. August 15, 2014 Cybersecurity and internal audit August 15, 2014 arket insights: what we are seeing so far? 60% of organizations see increased risk from using social networking, cloud computing and personal mobile devices

More information

Cybersecurity..Is your PE Firm Ready? October 30, 2014

Cybersecurity..Is your PE Firm Ready? October 30, 2014 Cybersecurity..Is your PE Firm Ready? October 30, 2014 The Panel Melinda Scott, Founding Partner, Scott Goldring Eric Feldman, Chief Information Officer, The Riverside Company Joe Campbell, CTO, PEF Services

More information

i Network, Inc Technology Solutions, Products & Services Providing the right information, to the right customer, at the right time.

i Network, Inc Technology Solutions, Products & Services Providing the right information, to the right customer, at the right time. Technology Solutions, Products & Services Providing the right information, to the right customer, at the right time. 2 Barry Brueseke (619) 401 7334 www.inetwork west.com 4/3/2014 IEEE Cyber Security Workshop

More information

The Emergence of the ISO in Community Banking Patrick H. Whelan CISA IT Security & Compliance Consultant

The Emergence of the ISO in Community Banking Patrick H. Whelan CISA IT Security & Compliance Consultant THE MARKET LEADER IN IT, SECURITY AND COMPLIANCE SERVICES FOR COMMUNITY FINANCIAL INSTITUTIONS The Emergence of the ISO in Community Banking Patrick H. Whelan CISA IT Security & Compliance Consultant Agenda

More information

Storage Cloud Infrastructures

Storage Cloud Infrastructures Storage Cloud Infrastructures Detection and Mitigation of MITM Attacks Presenter: Jaqueline Carmilema CyberSecurity for the Next Generation South American Round, Quito 31 January 1 February, 2013 PAGE

More information

Course 4202: Fraud Awareness and Cyber Security Workshop (3 days)

Course 4202: Fraud Awareness and Cyber Security Workshop (3 days) Course introduction It is vital to ensure that your business is protected against the threats of fraud and cyber crime and that operational risk processes are in place. This three-day course provides an

More information

CLASSIFICATION SOCIETIES - their key role

CLASSIFICATION SOCIETIES - their key role CLASSIFICATION SOCIETIES - their key role Leading the way: dedicated to safe ships and clean seas, IACS Members make a unique contribution to maritime safety and regulation through technical support, compliance

More information

How we see malware introduced Phishing Targeted Phishing Water hole Download (software (+ free ), music, films, serialz)

How we see malware introduced Phishing Targeted Phishing Water hole Download (software (+ free ), music, films, serialz) How we see malware introduced Phishing Targeted Phishing Water hole Download (software (+ free ), music, films, serialz) Domain.Local DC Client DomainAdmin Attack Operator Advise Protect Detect Respond

More information

Cloak and Secure Your Critical Infrastructure, ICS and SCADA Systems

Cloak and Secure Your Critical Infrastructure, ICS and SCADA Systems Cloak and Secure Your Critical Infrastructure, ICS and SCADA Systems Building Security into Your Industrial Internet Phillip Allison Tempered Networks Discussion topics Threats to network security TCP/IP

More information

N-Dimension Solutions Cyber Security for Utilities

N-Dimension Solutions Cyber Security for Utilities AGENDA ITEM NO.: 3.A. MEETING DATE; 08/18/2014 N-Dimension Solutions Cyber Security for Utilities Cyber Security Protection for Critical Infrastructure Assets The cyber threat is escalating - Confidential

More information

Company Security Officer (CSO) Training course brochure

Company Security Officer (CSO) Training course brochure Company Security Officer (CSO) Training course brochure Company Security Officer (CSO) A four day course aimed at Company senior operational ship managers who may be designated to perform the duties and

More information

PACB One-Day Cybersecurity Workshop

PACB One-Day Cybersecurity Workshop PACB One-Day Cybersecurity Workshop WHAT IS CYBERSECURITY? PRESENTED BY: JON WALDMAN, SBS CISA, CRISC 1 Contact Information Jon Waldman Partner, Senior IS Consultant CISA, CRISC Masters of Info Assurance

More information

Progressive training techniques; meeting the change by a possible solution

Progressive training techniques; meeting the change by a possible solution Progressive training techniques; meeting the change by a possible solution History by Captain S.V.Subhedar, ExC, B.Sc. (Marine Tech.) U.K. MIQA, Individual Member Formal training of seafarers began early

More information

As global mobile internet penetration increases the cybercrime and cyberterrorism vector is extended

As global mobile internet penetration increases the cybercrime and cyberterrorism vector is extended As global mobile internet penetration increases the cybercrime and cyberterrorism vector is extended Global Cybercrime has an estimated cost of US$ 110 Billion per year Every second, 18 adults become a

More information

Vulnerability Management in Software: Before Patch Tuesday KYMBERLEE PRICE BUGCROWD

Vulnerability Management in Software: Before Patch Tuesday KYMBERLEE PRICE BUGCROWD Vulnerability Management in Software: Before Patch Tuesday KYMBERLEE PRICE BUGCROWD whoami? Senior Director of a Red Team PSIRT Case Manager Data Analyst Internet Crime Investigator Security Evangelist

More information

Piracy and Sea Robbery Conference Sharing Information, Enhancing Response

Piracy and Sea Robbery Conference Sharing Information, Enhancing Response Piracy and Sea Robbery Conference Sharing Information, Enhancing Response Update on the Industry s Best Management Practices (BMP) Singapore 14 April 2011 Tim Wilkins INTERTANKO Regional Manager Asia Pacific

More information

NERC Cyber Security. Compliance Consulting. Services. HCL Governance, Risk & Compliance Practice

NERC Cyber Security. Compliance Consulting. Services. HCL Governance, Risk & Compliance Practice NERC Cyber Security Compliance Consulting Services HCL Governance, Risk & Compliance Practice Overview The North American Electric Reliability Corporation (NERC) is a nonprofit corporation designed to

More information

Metasploit The Elixir of Network Security

Metasploit The Elixir of Network Security Metasploit The Elixir of Network Security Harish Chowdhary Software Quality Engineer, Aricent Technologies Shubham Mittal Penetration Testing Engineer, Iviz Security And Your Situation Would Be Main Goal

More information

Aalborg Universitet. Cyber Assurance - what should the IT auditor focus on? Berthing, Hans Henrik Aabenhus. Publication date: 2014

Aalborg Universitet. Cyber Assurance - what should the IT auditor focus on? Berthing, Hans Henrik Aabenhus. Publication date: 2014 Aalborg Universitet Cyber Assurance - what should the IT auditor focus on? Berthing, Hans Henrik Aabenhus Publication date: 2014 Document Version Early version, also known as pre-print Link to publication

More information

Erik Johansson, 091027, erik.z.johansson@se.abb.com Virtualization in Control Systems Possibilities and Challenges

Erik Johansson, 091027, erik.z.johansson@se.abb.com Virtualization in Control Systems Possibilities and Challenges Erik Johansson, 091027, erik.z.johansson@se.abb.com Virtualization in Control Systems Possibilities and Challenges ABB Group October 19, 2009 Slide 1 Possibilities and Challenges The open debate of virtualization

More information

Critical Security Controls

Critical Security Controls Critical Security Controls Session 2: The Critical Controls v1.0 Chris Beal Chief Security Architect MCNC chris.beal@mcnc.org @mcncsecurity on Twitter The Critical Security Controls The Critical Security

More information

Experience the commitment WHITE PAPER. Information Security Continuous Monitoring. Charting the Right Course. cgi.com 2014 CGI GROUP INC.

Experience the commitment WHITE PAPER. Information Security Continuous Monitoring. Charting the Right Course. cgi.com 2014 CGI GROUP INC. Experience the commitment WHITE PAPER Information Security Continuous Monitoring Charting the Right Course May 2014 cgi.com 2014 CGI GROUP INC. During the last few months of 2013, six federal agencies

More information

External Supplier Control Requirements

External Supplier Control Requirements External Supplier Control s Cyber Security For Suppliers Categorised as Low Cyber Risk 1. Asset Protection and System Configuration Barclays Data and the assets or systems storing or processing it must

More information

The Nautical Institute Seminar on Cargo liquefaction- Hazards and developments

The Nautical Institute Seminar on Cargo liquefaction- Hazards and developments The Nautical Institute Seminar on Cargo liquefaction- Hazards and developments London, December 3rd, 2012 Moin Ahmed, FNI Issues to address What can liquefaction can do to a ship? Which cargoes are prone,

More information

Who s next after TalkTalk?

Who s next after TalkTalk? Who s next after TalkTalk? Frequently Asked Questions on Cyber Risk Fraud threat to millions of TalkTalk customers TalkTalk cyber-attack: website hit by significant breach These are just two of the many

More information