1 / 9

Overview __________________________________________________

United States Coast Guard Office of Port and Facility Compliance (CG-FAC) Cyber Security and the Marine Transportation System. Overview __________________________________________________. Coast Guard Cyber Security Strategy Cyber Security Framework (CSF) What does it mean for Industry?

uriel
Download Presentation

Overview __________________________________________________

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. United States Coast GuardOffice of Port and Facility Compliance (CG-FAC)Cyber Security and the Marine Transportation System

  2. Overview __________________________________________________ • Coast Guard Cyber Security Strategy • Cyber Security Framework (CSF) • What does it mean for Industry? • Cyber Suspicious Activity/Cyber Incident Reporting • Cyber Security Resources • Q & A

  3. USCG Cyber Security Strategy • USCG Cyber Security Strategy has three parts: • Computer Network Defense • Decision Advantage • MTS Cyber Security

  4. USCG Cyber Security Strategy • MTS Cyber Security incorporates cyber aspects across USCG missions: • Assessments • Standards • Response

  5. Cyber Security Framework (CSF) __________________________________________________ • CSF Consists of established and widely accepted IT industry: • Standards • Guidelines • Best Practices • Adoption is NOT mandatory, but PROMOTED by USCG • Requires interface between Operations and IT leadership and management to effectively adopt. • CSF adoption occurs when an organization uses the framework as a key part of its systematic process to ID, assess, prioritize, and/or communicate cyber risk

  6. CSF Adoption Tools __________________________________________________ • Cyber security Assessment Tools • Cyber Resiliency Review (CRR) is a DHS assessment tool that measures the implementation of key cyber security capacities and capabilities. The goal of the CRR is to ensure that core process-based capabilities exist, are measureable, and are meaningful as predictors for an organization‘s ability to manage cyber risk.. For more information about the CRR, contact the DHS Computer Security Evaluation Program (CSEP) at CSE@dhs.gov. • Cybersecurity Capability Maturity Model (C2M2) a self-administered or facilitated mechanism to evaluate, prioritize, and improve cyber security capabilities. The model enables organizations to score their cyber security practices against the model process. Scores are used to determined risk tolerance for each domain and influence organizational efforts to improve scoring thus improving cyber security. This model is based on the electricity subsector’s model. Coast Guard is working with the Dept of Energy to retool the model for the maritime industry. • Cybersecurity Evaluation Tool (CSET) is a desktop software tool that guides users through a step-by-step process for basic assessment of the cyber security posture of their industrial control system and enterprise information technology networks. CSET is available for download or in DVD format. To learn more or download a copy, visit http://www.us-cert.gov/control_systems/satool.html. To obtain a DVD copy, send an e-mail with your mailing address to CSET@dhs.gov.

  7. What does this mean to industry? • Recommends: • Weighing cyber risks into assessments • Take advantage of the tools that are available to you • Make your concerns known to the Coast Guard and DHS • Stay proactive!

  8. Cyber Suspicious Activity/Incident Reporting & Mitigation __________________________________________________ • Report Cyber suspicious activity and security incidents (breaches of security) to the NRC at 800-424-8802. • Reporting is REQUIRED for incidents meeting the definition in 33 CFR 101.305 • (a) Notification of suspicious activities. • (b) Notification of breaches of security. • (c) Notification of transportation security incident (TSI). • Industry can seek assistance from US-CERT or ICS-CERT for reducing the opportunity for & mitigating cyber attacks

  9. USCG - MTS Cyber Security __________________________________________________ • Questions? • cyberCIP@uscg.mil

More Related