SlideShare una empresa de Scribd logo
1 de 93
Descargar para leer sin conexión
SeaCurity
Week 0
Problem: “USTRANSCOM lacks
criteria to evaluate the
prevention and resilience to
cyber-attacks of infrastructure at
US strategic seaports.”
Solution: A set of cyber security
standards.
Now
Problem: The lack of a port-
specific framework limits
USTRANSCOM’s ability to
assess cyber resilience on a
national level and prevents
commercial port partners from
efficiently identifying and
prioritizing cybersecurity
actions on the ground.
Solution: A port-specific
framework to assess cyber risk.
97 Interviews
Sponsor: USTRANSCOM
Sponsor Liaison: Col. Matthew Leard
The Team
Roi Chobadi Peter L. Higgins Darren Hau
Mentor Mentor
Benji Nguyen
Public Policy
Health Analytics
2017
Valerie Hau
Computer Science
Graphics
2018
Stanley Xie
Computer
Science AI
2019
Interview Breakdown
97 Interviewees
-Identify possible
vulnerabilities and analyze
the outcomes of these risks
if they are carried through.
-Create protocol for
personnel to follow in the
case of a cyber attack
Military Sponsor:
USTRANSCOM
Civilian/Commercial
Providers and
Contractors
Commercial Shipping
and Warehouse
Companies
Cyber Security Experts
Primary: United States
Armed Forces
Provide increased
efficiency and reliability in
transportation of
personnel and material
Secondary:
Civilian Partners
Increased reliability and
control of day-to-day
operations, improving
efficacy of seaport both
in military and
commercial sectors
Help prevent cyber
attacks:
-Provide clear
understanding of current
system capabilities
-Identify potential security
vulnerabilities
-Evaluate strength of
existing cyber defenses
Help improve resiliency
to cyber-attacks
-Assess possible effects
of a cyber attack
-Reduce response time to
cyber attacks, such as by
training seaport personnel
with a clear response
protocol
Improved understanding of current cyber defenses of U.S.
strategic seaports
Increase resilience of strategic seaports against hostile cyber
activity
-Deploy pilot system at
California port (Oakland,
Los, Angeles, San Diego
Costs:
-Personnel to update and maintain database and/or software system
-Training programs/cost of integration
-Software background will
help understand existing
seaport computer systems
-Contacts with Oakland
seaport will help
understand the needs of
commercial seaport
stakeholders
-Contacts with officers in
Israeli Defense Forces
cyber unit
-Need partnership with a
local military seaport to
understand
USTRANSCOM and the
US Armed Forces’ needs
-Need partnership with a
local commercial seaport
to test and provide
feedback on prototypes
Beneficiaries
Mission Achievement
Mission Budget/Costs
Buy-In/Support
Deployment
Value PropositionKey Activities
Key Resources
Key Partners
SeaCurity: Week 0 Mission Model Canvas
-Identify possible
vulnerabilities and analyze
the outcomes of these risks
if they are carried through.
-Create protocol for
personnel to follow in the
case of a cyber attack
Military Sponsor:
USTRANSCOM
Civilian/Commercial
Providers and
Contractors
Commercial Shipping
and Warehouse
Companies
Cyber Security Experts
Primary: United States
Armed Forces
Provide increased
efficiency and reliability in
transportation of
personnel and material
Secondary:
Civilian Partners
Increased reliability and
control of day-to-day
operations, improving
efficacy of seaport both
in military and
commercial sectors
Help prevent cyber
attacks:
-Provide clear
understanding of current
system capabilities
-Identify potential security
vulnerabilities
-Evaluate strength of
existing cyber defenses
Help improve resiliency
to cyber-attacks
-Assess possible effects
of a cyber attack
-Reduce response time to
cyber attacks, such as by
training seaport personnel
with a clear response
protocol
Improved understanding of current cyber defenses of U.S.
strategic seaports
Increase resilience of strategic seaports against hostile cyber
activity
-Deploy pilot system at
California port (Oakland,
Los, Angeles, San Diego
Costs:
-Personnel to update and maintain database and/or software system
-Training programs/cost of integration
-Software background will
help understand existing
seaport computer systems
-Contacts with Oakland
seaport will help
understand the needs of
commercial seaport
stakeholders
-Contacts with officers in
Israeli Defense Forces
cyber unit
-Need partnership with a
local military seaport to
understand
USTRANSCOM and the
US Armed Forces’ needs
-Need partnership with a
local commercial seaport
to test and provide
feedback on prototypes
Beneficiaries
Mission Achievement
Mission Budget/Costs
Buy-In/Support
Deployment
Value PropositionKey Activities
Key Resources
Key Partners
SeaCurity: Week 0 Mission Model Canvas
Primary: United States
Armed Forces
Provide increased efficiency
and reliability in
transportation of personnel
and material
Help prevent cyber
attacks:
-Provide clear
understanding of current
system capabilities
-Identify potential security
vulnerabilities
-Evaluate strength of
existing cyber defenses
Help improve resiliency to
cyber-attacks
-Assess possible effects of
a cyber attack
-Reduce response time to
cyber attacks, such as by
training seaport personnel
with a clear response
protocol
Initial Thoughts (Week 0-1)
This problem space is enormous...
Initial Thoughts (Week 0-1)
It seems like a lot of research has been done already in
cybersecurity!
DHS
Coast
Guard
NIST
Initial Thoughts (Week 0-1)
TRANSCOM lacks a clear understanding of the
consequences of cyber attacks.
-D R Kenerley (TCJ6)
Initial MVP (Week 0-1)
Identification of
critical points
Map of port
facility
Initial Thoughts (Week 0-1)
There is already an existing visualization tool : DAGGER
-D R Kenerley (TCJ6)
Initial Thoughts (Week 0-1)
Commercial partners must also be a primary beneficiary
- Industry Mentors, TRANSCOM, Coast Guard, and SDDC
Primary:
Commercial Port
Manager
Commercial Shipping
Lines Managers
Secondary:
TCCC/SDDC officers
SeaCurity: Week 1 Mission Model Canvas
-Reach out to “hobby
hackers”
-Establish legal and secure
limits for information sharing
-Design clear, easy-to-use,
and secure interface
Military Sponsor:
USTRANSCOM (TCCC
and SDDC Division)
Civilian/Commercial
Providers and
Contractors
Commercial Shipping
and Warehouse
Companies
Commercial Port
Managers/Security
Officers
Improved understanding of current cyber defenses of U.S.
strategic seaports
Increase resilience of strategic seaports against hostile cyber
activity
-Deploy pilot system at
California port (Oakland,
Los, Angeles, San Diego
Costs:
-Personnel to update and maintain database and/or software system
-Training programs/cost of integration
-Software background will
help understand existing
seaport computer systems
-Contacts with Oakland
seaport will help
understand the needs of
commercial seaport
stakeholders
-”Hobby hackers”
-Need partnership with a
local military seaport to
understand
USTRANSCOM and the
US Armed Forces’ needs
-Need partnership with a
local commercial seaport
to test and provide
feedback on prototypes
Beneficiaries
Mission Achievement
Mission Budget/Costs
Buy-In/Support
Deployment
Value PropositionKey Activities
Key Resources
Key Partners
Low-cost
identification of
vulnerabilities
Low-cost
identification of
vulnerabilities
Increased
awareness of cyber
threat space
Clearer
understanding of
commercial
capabilities
Secondary:
-TCCC/SDDC Officers
Primary:
-Commercial Port Manager
-Commercial Shipping Lines
Manager
Let’s Focus on Commercial Partners (Week 2-3)
MVP II (Week 0-1)
Bug Bounty Platform
It Already Exists?! (Week 2-3)
Red Team/Bug Bounty Platform
Visualization tool
DAGGER
Data Sharing Problem (Week 2-3)
Ports are reluctant to share sensitive info about their
systems…
Herbert Lin (Hoover Institute), TRANSCOM
Visiting the Port of Oakland (Week 4-5)
Visiting the Port of Oakland (Week 4-5)
Cranes
Cargo Mgmt System
Scanning System
Primary:
Secondary:
SeaCurity: Week 3 Mission Model Canvas
-Identify “Critical
Infrastructure” (defining it as
infrastructure that must be
available/operating in order
for ships to come in and out
of port and cargo to be
taken in/shipped out)
-Code up system for
visualizing critical
infrastructure and provide
analysis of potential patches
-Establish legal and secure
limits for information sharing
-Design clear, easy-to-use,
and secure interface
Military Sponsor:
USTRANSCOM (TCCC
and SDDC Division)
Civilian/Commercial
Providers and
Contractors
Commercial Shipping
and Warehouse
Companies
Commercial Port
Managers/Security
Officers
Improved understanding of current cyber defenses of U.S.
strategic seaports
Increase resilience of strategic seaports against hostile cyber
activity
-Deploy pilot system at
California port (Oakland,
Los, Angeles, San Diego
Costs:
-Personnel to update and maintain database and/or software system
-Training programs/cost of integration
-Software background will
help understand existing
seaport computer systems
-Contacts with Oakland
seaport will help
understand the needs of
commercial seaport
stakeholders
-”Hobby hackers”
-Need partnership with a
local military seaport to
understand
USTRANSCOM and the
US Armed Forces’ needs
-Need partnership with a
local commercial seaport
to test and provide
feedback on prototypes
Beneficiaries
Mission Achievement
Mission Budget/Costs
Buy-In/Support
Deployment
Value PropositionKey Activities
Key Resources
Key Partners
-Quicker baseline
assessment of basic cyber
hygiene
-Allow ports to assess
themselves relative to other
port facilities
-Provide baseline for
common understanding
between commercial and
military representatives
-Allows for baseline platform
for discussion between
commercial and military
organizations
Commercial Port
Security Officer
TCCC-X Officer
SDDC Officer
Mission Assurance
Officer
-Provide General McDew
with better grasp of
cybersecurity assessments
and better understanding of
cybersecurity rankings of
sea ports
- Effective UI/UX distills high
volume of information to
better understand cyber-
vulnerabilities
Coast Guard
- Better understanding
of baseline port
comparisons
Key Activity
-Identify
“Critical
Infrastructure”
Isolating the Pain Point (Week 4-5)
Week 0 Week 1 Week 2 Week 3 Week 4 Week 5
MVP
Idea
Standards?
Visualization?
Bounty platform?
Isolating the Pain Point (Week 4-5)
Week 0 Week 1 Week 2 Week 3 Week 4 Week 5
MVP
Idea
Standards?
Visualization?
Bounty platform?
Who are our
beneficiaries?
What frameworks are used now?(Week 4-5)
NIST
What frameworks are used now?(Week 4-5)
NIST
Big companies
Small
Businesses
Federal
Agencies
Private
Organizations
SeaCurity
Isolating the Pain Point (Week 4-5)
No port-specific framework baseline.
Isolating the Pain Point (Week 4-5)
Back to Square One!
Isolating the Pain Point (Week 4-5)
Finding a proxy...
MVP III (Week 4-5)
System Low Risk Medium Risk High Risk
Cargo
Management
System
● Software running on
antiquated operating
systems
● Accessible through
network
● Access limited to
central port authority or
terminal operator
● Software running on
antiquated operating
systems
● Accessible through
network
● Shared among multiple
parties
Crane ● Manually operated
● Access limited to
physical presence
● Significant human
intervention during
operation
● Mostly manually
operated
● Connections to other
systems within terminal
or port
● Automated
● High network
connectivity with other
automated systems
● Limited human
intervention
Scanning
System
● Requires human
verification of results
● Access limited to
authorized personnel
● Not connected to
broader network
● Mostly automatic (?)
● Connected to outside
network
A New Path (Week 6-Present)
For TRANSCOM, mission criticality level crucial for framework
to be utilized.
-Elizabeth Durham-Ruiz
(Deputy Director, TCJ-6)
Mission Criticality (Week 6-Present)
System Low Critical Medium Critical High Critical
Cargo
Management
System
● Communication
alternatives and
protocols in place that
would allow for
identification and
processing of military
cargo
● Shutdown of cargo
management stops all
port activities at
terminal
● No alternative method
for identifying military
outload safely and
efficiently
Crane ● Cargo being
transported is RORO
● Separate RORO
terminals available
● Multiple crane facilities
available for military
transport
● Both container and
RORO cargo, but
critical cargo is RORO
● Critical cargo is
container
Scanning
System
● Alternative
communication or
protocol in place for
identification and
verification of military
cargo
● Shutdown prevents
efficient verification
and identification of
military cargo
Mission Criticality (Week 6-Present)
Risk LevelMission Critical Level
Risk Alleviation
Guidelines
Score
A New Path (Week 6-Present)
Teaching Team: How will our framework be used?
A New Path (Week 6-Present)
USTRANSCOM
TCCC-X
TCJ6
TCJ3
SDDC
Port Authorities
A New Path (Week 6-Present)
“We would like real-time data if possible”
D R Kenerley (TCJ6), Cheryl Hepp (TCJ6)
Breakthrough : MPS-ISAO
Breakthrough : MPS-ISAO
MPS-ISAO TRANSCOM
Commercial Port
Authorities
Data
Framework
Data
Breakthrough : MPS-ISAO
MPS-ISAO TRANSCOMSeaCurity
Commercial Port
Authorities
Data
Framework
Data
Primary:
Secondary:
SeaCurity Current: Mission Model Canvas
-Identify “Critical
Infrastructure” (defining it as
infrastructure that must be
available/operating in order
for ships to come in and out
of port and cargo to be
taken in/shipped out)
- Provide general framework
for port cybersecurity and
more specific example of
cargo mangement system
-Establish legal and secure
limits for information sharing
- Create partnership
between TRANSCOM and
ISAO for valuable data
aggregation and sharing
-Work with TCJ3 and
TCJ6 officials to reach an
agreed-upon framework
-Work with SDDC or DHS
assessment teams to
integrate into an existing
pipeline
Costs:
-Personnel to update and maintain database and/or software system
-Training programs/cost of integration
- ISAO and TRANSCOM
SME
- Terminal Operating
System Software provider
SMEs
-Need partnership with a
local military seaport to
understand
USTRANSCOM and the
US Armed Forces’ needs
-Need agreement of TCJ3
and TCJ6
-SDDC officials must be
willing to work with new
assessment
Beneficiaries
Mission Achievement
Mission Budget/Costs
Buy-In/Support
Deployment
Value PropositionKey Activities
Key Resources
Key Partners
-Quicker baseline
assessment of basic cyber
hygiene
-Allow ports to assess
themselves relative to other
port facilities
-Provide baseline for
common understanding
between commercial and
military representatives
-Allows for baseline platform
for discussion between
commercial and military
organizations
Commercial Port
Security Officer
TCCC-X Officer
Mission Assurance
Officer
-Provide General McDew
with better grasp of
cybersecurity assessments
and better understanding of
cybersecurity rankings of
sea ports
- Effective UI/UX distills high
volume of information to
better understand cyber-
vulnerabilities
Coast Guard
-Method for baseline
port comparisons
TCJ6 Officer
-Provide a standard for
evaluating and an
incentive to improve
cyber readiness.
See table on next slide
ISAO
-Cooperation with
TRANSCOM and
usage of standards
could provide fruitful
new partnership with
valuable information
Military Sponsor:
USTRANSCOM (TCCC-
x, TCJ6, TCJ3, and
SDDC Division)
Military Partner:
Maritime and Port
Security ISAO
Civilian/Commercial
Providers and
Contractors
Commercial Shipping
and Warehouse
Companies
Commercial Port
Managers/Security
Officers
Primary Beneficiaries:
● TCJ6
● Port Security Officers
● MPS-ISAO
Final MVP (Week 4-5)
Mission Achievement
Beneficiary Mission Achievement
TRANSCOM Improved understanding of cyber readiness at the national level
Commercial Port Security Officer Guidelines for cybersecurity improvements
MPS-ISAO New partnership and new channel to collect data on seaport infrastructure
Internal Readiness Level & Next Steps
1. Refine and submit our framework
with a report detailing our findings
1. Foster partnership between MPS-
ISAO and USTRANSCOM
1. Eventually have TRANSCOM and
MPS-ISAO refine and expand our
framework for integration
Port Infrastructure
Identification
Research of Industry
Standards
Development of
Product
Product Demonstration
and User Feedback
Organizational
Adoption
Product Launch
Acknowledgements
Thank you to the teaching staff, our sponsor at
USTRANSCOM, Col. Leard, our mentors Roi Chobadi
and Peter Higgins, and all our interviewees who have
taken valuable time out of their day to talk with us.
Appendix
Cost Flow Diagram
Initial Refinement by MSEs: $200? Initial Refinement by MSEs: $200?
TRANSCOM MSP-ISAO
Approval Process: $50? Approval Process: $50?
Build into Integrated Platform: $500?
Monthly ISAO Subscription: $50-100/mo
Financial/Operations Timeline
1 month
1 month
1 month
1 month
1 month
1-2 weeks
2-3 months
2-3 months
Indefinitely
SME-? SME- ?
Monthly ISAO Subscription Fee- $50-100/mo
Disperse ISAO Info to Lessees- $0
Build Platform with ISAO- $500
Minimum Viable Product: Framework
Risk Level
Mission Critical Level
(TRANSCOM only)
Risk Alleviation
Guidelines
Score
Path for Integration...
Integrate framework into existing SDDC pipeline
Path for Integration...
Maritime and Port Security Information Sharing and
Analysis Organization (MPS-ISAO)
Procurement Process: Framework
TCCC-x within TRANSCOM requests framework
Approval from TCJ6
Division
Approval from TCJ3
Division
Integration into existing assessment pipeline
H4D team contacted
Framework submitted for review
Refinement by TRANSCOM SME
Integration into data collection pipeline
Framework submitted for review
Refinement by ISAO SME
Path for Integration...
● Currently MPS-ISAO does not have a partnership established
to share information with USTRANSCOM, but are working
towards secure information sharing with commercial port
partners
Christy Coffey (Director of Strategic Alliances, MPS-ISAO)
● USTRANSCOM officials are not aware of MPS-ISAO, but
desire real-time data on cyber risk
Lt. Col. Leard (TCCC-X), Cheryl Hepp (TCJ6), Phil Krueger
(SDDC)
Path for Integration...
Key Partnership Opportunity
Activities Gantt Chart
1 month
1 month
1 month
1 month
1 month
1-2 weeks
2-3 months
2-3 months
Indefinitely
Resources, Partners, Activities
Customer Discovery Outreach Review and Approval Integration Implementation
USTRANSCOM
Seaport Terminal Operators,
Commercial Partners
Maritime and Port
Security ISAO
Maritime
ISAC
Subject Matter Experts,
TCJ-6, TCJ-3
Minimum Viable Product: TRANSCOM
Framework
Risk Level
Mission Critical Level
Risk Alleviation
Guidelines
Score
Minimum Viable Product: ISAO/Commercial
Framework
Risk Level
Risk Alleviation
Guidelines
Score
Minimum Viable Product: Vulnerability Level
Low Risk
Medium Risk
High Risk
● Generally well-established practices
● Follows basic cyber hygiene
● Generally manually operated with high levels of
human intervention/authentication
● Uses antiquated software, but with good access
control
● Some automation
● Moderate levels of human intervention
● Uses antiquated software without good access
control
● High levels of automation
● High connectivity to outside network
● Low levels of human intervention
Things We Learned/Other Feedback
Cargo Management System
Terminal Operating System
Minimum Viable Product: Mission Critical Level
C3
C2
C1
● Minor slowdown
● Capabilities can be easily achieved through
alternative method
● Moderate time delay (hours)
● Capabilities can be achieved with significant
effort (manual, etc)
● Significant time delay (days) or complete
stoppage of goods
● Capabilities cannot be replaced
● Casualties (injuries or death)
Minimum Viable Product: Systems, Mission
System Low Critical Medium Critical High Critical
Cargo
Management
System
● Communication
alternatives and
protocols in place that
would allow for
identification and
processing of military
cargo
● Shutdown of cargo
management stops all
port activities at
terminal
● No alternative method
for identifying military
outload safely and
efficiently
Crane ● Cargo being
transported is RORO
● Separate RORO
terminals available
● Multiple crane facilities
available for military
transport
● Both container and
RORO cargo, but
critical cargo is RORO
● Critical cargo is
container
Scanning
System
● Alternative
communication or
protocol in place for
identification and
verification of military
cargo
● Shutdown prevents
efficient verification
and identification of
military cargo
Old Minimum Viable Product: Systems, Risk
System Low Risk Medium Risk High Risk
Terminal
Operating
System
Crane
Scanning
System
Old Minimum Viable Product: Systems, Risk
System Low Risk Medium Risk High Risk
Terminal
Operating
System
Crane
Scanning
System
Minimum Viable Product: Systems, Risk
Capability Score
Cyber Hygiene
Automation Level
Network Connectivity
Access Control
Software Support
Point Score
System currently
used in SDDC
assessment (Philip
Krueger, SDDC)
Minimum Viable Product: Systems, Risk
Software
Support
Low Risk Medium Risk High Risk
Software Updates Software updates offered
frequently and are utilized in
timely manner
Available, but updated
infrequently or is not on
most recent version
No longer supported, or
software updates not utilized
Monitoring Software providers or third
parties utilized to provide
monitoring system to detect
anomalies
No monitoring utilized.
Relationship with
Software Provider
Frequent connection with
software provider; software
provider plays active role in
implementation and
maintenance of system
No contact with software
provider since time of
implementation
Minimum Viable Product: Systems, Risk
Considerations
● Is the system is native to the port environment (running on port
computers vs cloud-based solution)?
● How do different parties have access to this shared database?
● What is the authentication process for logging into the
dashboard?
● How are updates carried out (through physical visits by software
provider, over the internet)
Next Steps
1. Talk to both a terminal operating system provider like NAVIS
and a terminal operator at a port to map out attack surfaces.
1. Schedule and facilitate joint meeting between USTRANSCOM
and ISAO to discuss potential possibility of partnership.
Primary:
Secondary:
SeaCurity: Mission Model Canvas
-Identify “Critical
Infrastructure” (defining it as
infrastructure that must be
available/operating in order
for ships to come in and out
of port and cargo to be
taken in/shipped out)
- Provide general framework
for port cybersecurity and
more specific example of
cargo mangement system
-Establish legal and secure
limits for information sharing
- Create partnership
between TRANSCOM and
ISAO for valuable data
aggregation and sharing
Military Sponsor:
USTRANSCOM (TCCC-
x, TCJ6, TCJ3, and
SDDC Division)
Military Partner:
Maritime and Port
Security ISAO
Civilian/Commercial
Providers and
Contractors
Commercial Shipping
and Warehouse
Companies
Commercial Port
Managers/Security
Officers
-Work with TCJ3 and
TCJ6 officials to reach an
agreed-upon framework
-Work with SDDC or DHS
assessment teams to
integrate into an existing
pipeline
Costs:
-Personnel to update and maintain database and/or software system
-Training programs/cost of integration
- ISAO and TRANSCOM
SME
- Terminal Operating
System Software provider
SMEs
-Need partnership with a
local military seaport to
understand
USTRANSCOM and the
US Armed Forces’ needs
-Need agreement of TCJ3
and TCJ6
-SDDC officials must be
willing to work with new
assessment
Beneficiaries
Mission Achievement
Mission Budget/Costs
Buy-In/Support
Deployment
Value PropositionKey Activities
Key Resources
Key Partners
-Quicker baseline
assessment of basic cyber
hygiene
-Allow ports to assess
themselves relative to other
port facilities
-Provide baseline for
common understanding
between commercial and
military representatives
-Allows for baseline platform
for discussion between
commercial and military
organizations
Commercial Port
Security Officer
TCCC-X Officer
SDDC Officer
Mission Assurance
Officer
-Provide General McDew
with better grasp of
cybersecurity assessments
and better understanding of
cybersecurity rankings of
sea ports
- Effective UI/UX distills high
volume of information to
better understand cyber-
vulnerabilities
Coast Guard
-Method for baseline
port comparisons
TCJ6 Officer
-Provide a standard for
evaluating and an
incentive to improve
cyber readiness.
See table on previous slide
ISAO
-Cooperation with
TRANSCOM and
usage of standards
could provide fruitful
new partnership with
valuable information
Deployment Timeline
1 week 2 weeks 2-3 weeks
Framework
Integration
6 months - 1 year (?)
Awareness
Interest
Consideration
Adoption
Keep
Referrals
Cross-sell
Up-Sell
Un-Bundle
Get Keep Grow
● Awareness: Problem sponsor LTC Leard @
USTRANSCOM recognizes need for better characterization
of cyber-risk at US Seaports
● Interest: Discussed problem/proposed MVPs with various
possible beneficiaries including ports, shipping lines, coast
guard, etc.
● Consideration: Iteratively improving the MVP and
validating features of the product through discussions with
beneficiaries
● Adoption: Put standards into use at various strategic ports
○ Requires buy-in from TCCC-X officers and TCJ6
officers
○ SDDC officers must be able to seamlessly integrate
framework into existing assessment pipeline
Awareness
Interest
Consideration
Adoption
Keep
Referrals
Cross-sell
Up-Sell
Un-Bundle
Get Keep Grow
● Regular customer check-ins and
feedback from ports
● TC sends representatives to each
port to increase engagement and
delegate responsibility
● Maintain updated set of
standards and risk
assessments
Awareness
Interest
Consideration
Adoption
Keep
Referrals
Cross-sell
Up-Sell
Un-Bundle
Get Keep Grow
● Grow
○ Begin with military and strategic ports
○ Spread potential through Coast Guard contacts to
other commercial seaports
○ Adoption of our standards at all U.S ports
Supporters, Saboteurs
Supporters
○ Port Security Officer
○ Coast Guard representative: Brian Griffiths
Advocates
○ USTRANSCOM
■ TJC6: D. R. Kenerley (Chief of Cyber Strategy)
■ TCCC-X (Lt. Col Leard)
Saboteurs
○ Commercial lessees (Maersk, etc)
This Week: TCCC-X Assessment Flow
TCCC-X Officer
TCCC
(General Darren W. McDew)
Wants to be able to assess
ports’ cyber capabilities in
wartime crisis, requests
method for doing so
Reports on new
ideas/research, drafts
speeches and
presentations
TCJ6 OfficerH4D
Mission
Assurance Officer
Requests Assessment Standards
Strategic Ports
Program Manager
(MARAD)
This Week: Ground Assessment Workflow
Mission
Assurance Officer
SDDC Officer
Commercial Port
Security Officer
SDDC Contractor
Coast Guard
Requests
Capabilities
Report
Requests
Cyber
Report
Compile Score Matrix
and Format Report
Accompanies SDDC to
ports (Just started doing
this/Military Ports only)
Joint Cyber
Center Officer
Request Scheduling
Schedules
Schedules
Meets with @
Port Facilities
Participates in
“tabletop exercises”
and “operation
exercises” to
evaluate port
protocol and
response
TCJ6 Officer
Accompanies SDDC
to ports to conduct
cyber research
Commercial
Cyber Company
Conduct port-specific
cyber vulnerability
assessment
= Requested by TCCC-X
This Week: Policy Assessment Workflow
Coast Guard
Strategic Ports
Program Manager
(MARAD)
TCJ6 Officer
= Requested by TCCC-X
Commercial Port
Security Officer
Meet, compile,
and discuss
research and
possible policy
solutions (NPRN)
Create committees
and subcommittees
to research port-
specific
vulnerabilities
TCJ6 Officer: Archetype
● 30-60 years
● Mix of civilian and military
background
● Cyber/Security domain experts
● Concerned with adoption of new
ideas and standards specifically
for security purposes
TCJ6 Officers: Value Proposition Canvas
Products
& Services
Seaport Security
Visualization
-Application offers easy-to-
digest framework for
assessing cyber readiness at
the port level
-Application makes it easier to
evaluate cyber readiness of
ports against each other.
Customer
Jobs
Identify and create
new, better policies
for security for DoD
transport systems
1. No national picture to
understand the port security
status as a whole
2. Ports have widely
different infrastructures and it is
difficult to compare them
Gains
Pains
Gain
Creators
Pain
Relievers
Increased understanding of port
critical infrastructure, easy
accessibility to such info, and the
ability to compare individual
seaports’ cyber readiness.
-Provide basic framework to
understand current systems in
place for critical infrastructure
- Removes need for TCJ6
Officers to manually assess
cyber readiness
-Keep focus on critical
infrastructure that is common
at all ports across the nation
ISAO Official: Archetype
● 20-40 years
● Civilian background
● Maritime domain expertise
● Concerned with adoption of
information sharing platform
ISAO Official: Value Proposition Canvas
Products
& Services
Seaport Security
Visualization
-Framework provides
detailed, port-specific
skeleton to understand the
flow of cyber information at
the national port level
Customer
Jobs
Channel ideas, risk
detection, and
standards between
commercial and
federal spheres
1. Little clarity on port-specific
needs
2. No existing way to connect
with TRANSCOM, a key player
in the maritime transportation
industry
Gains
Pains
Gain
Creators
Pain
Relievers
Good understanding of maritime
domain = ability to effectively collect
and prioritize information sharing
-Framework focuses only on
maritime port infrastructure
-Framework is split into
mission-specific and
commercial-specific sectors
for easy sharing of
information for TRANSCOM
and ISAO
SDDC Engineer: Archetype
● 30-50 years
● Civilian background
● Views role as performing “on
ground” checks based on
concerns identified from higher-up
chain of command
● Concerned with capability of ports
to support wartime military activity
SDDC Engineer: Value Proposition Canvas
-Database of common
systems in place and
corresponding vulnerabilities
= better baseline assessment
of critical infrastructure at
ports Customer
Jobs
Assess capabilities
that can be
provided to military
during wartimes at
port
1. Little domain expertise in
cyber area
2. Have to talk with many
different port and commercial
authorities who have
overlapping jurisdiction at the
port facility
Gains
Pains
Gain
Creators
Pain
Relievers
1. Expedited identification of
vulnerabilities = faster
assessment
2. Better understanding of
critical vulnerabilities in our
seaports
-Database provides
understanding of
vulnerabilities and systems of
interest
- Platform provides baseline
for common understanding
between commercial and
military representatives
Products
& Services
Seaport Security
Visualization
Landlord Port Security Officer: Archetype
● 30-50 years
● Civilian background, may have
industry security experience
● Concerned mostly with keeping
commercial operations flowing
Landlord Port Security Officer: Value Proposition Canvas
-Visualization and Database
of known common system
vulnerabilities = quicker
baseline assessment of basic
cyber hygiene Customer
Jobs
Assess security at
commercial port to
ensure continuous
commercial
business
1. Current solutions are very
high cost
2. Limited understanding of
current capabilities
3. No common platform to
compare and learn from other
ports
Gains
Pains
Gain
Creators
Pain
Relievers
Evaluation of existing cyber
defenses
+ Identification of vulnerabilities
= Safer and more reliable cargo
transport = Better reputation
and more business
- “Big-picture” vulnerabilities
allow ports to assess
themselves relative to other
port facilities
- Effective UI/UX distills high
volume of information to
better understand cyber-
vulnerabilities
Products
& Services
Seaport Security
Visualization
Coast Guard Security Officer: Archetype
● 30-40 years
● Civilian background
● Domain expert for security
measures at specific port at which
he/she is deployed
● Concerned with ensuring safety at
port facility and security of cargo
transport
● Responsible for collecting and
compiling reports on “suspicious
activities” and “security breaches”
Coast Guard Security Officer: Value Proposition Canvas
Products
& Services
Seaport Security
Visualization
-Focuses on “big-picture”
critical infrastructure as a
basic platform for discussion
Customer
Jobs
Ensure the “Safety
and Security” of
personnel and
cargo at portside
facility
1. No existing method to
evaluate ports to each other
2. Given control of cyber
domain, but may not be
technical cyber experts
Gains
Pains
Gain
Creators
Pain
Relievers
Better understanding of baseline
port comparisons = better able to
manage and create security
protocol at specific port
- Enhances Coast Guard port-
specific domain knowledge
with broader port system
visualization
Mission Assurance Officer: Archetype
● 30-50 years
● Civilian background
● Views role as synchronizer of
analysts and contractors
assessing ports “on the ground”
● Concerned mostly with identifying
risks for specific operation
plans/missions
-“Big Picture” visualization
allows for baseline platform for
discussion between commercial
and military organizations
-Increase common
understanding of current
vulnerabilities in critical
infrastructure
Customer
Jobs
Gather information
about capabilities of
facilities and
determine risks for
operation
1. Limited understanding of
current capabilities
2. Have to compile situational
awareness from various
written paper reports
Gains
Pains
Gain
Creators
Pain
Relievers
- Effective UI/UX distills high
volume of information to
better understand cyber-
vulnerabilities
Mission Assurance Officer: Value Proposition Canvas
Developing good communication with
commercial port partners = healthy
relationship with commercial port
partners and better assurance of
reliability of port facilitiesProducts
& Services
Seaport Security
Visualization
TCCC-X Officers: Archetype
● 20-30 years
● Military background
● May lack maritime domain
expertise due to different military
backgrounds (USAF)
● Concerned with facilitating the
adoption of new ideas that will
support individual division goals
within USTRANSCOM
TCCC-X Officers: Value Proposition Canvas
Products
& Services
Seaport Security
Visualization
-Application identifies
vulnerabilities without adding
another layer of bureaucracy
-Focuses on “big-picture”
critical infrastructure as a
basic platform for discussion Customer
Jobs
Channel ideas
between
TRANSCOM
divisions and
Commander
1. Little clarity on quality of
existing cyber defenses
2. Ports have widely
different infrastructures and it is
difficult to understand each one
Gains
Pains
Gain
Creators
Pain
Relievers
Good understanding of maritime
domain = increased confidence and
ability to identify and promote
valuable improvements/ideas
-Provide basic framework to
understand current systems in
place for critical infrastructure
- Removes need for TCCC
Officers to have in-depth
grasp of inner workings of
each port
Mission Achievement
Beneficiary Mission Achievement
TCJ6 Having enough understanding cyber-resiliency status of ports at a national level to make systems
and protocol that can be deployed at the national level that will increase efficacy and security of
national supply chain
TCCC-x Having enough understanding cyber-resiliency status of ports at a national level in order to portray
a holistic overview of cyber resiliency status of national supply chain to TCCC General Darren W.
McDew
Coast Guard Understanding what vulnerabilities exist at a national level that they should be looking for and trying
to fix at each port so they have a better way of ensuring all ports meet a national baseline in cyber
security
SDDC Provide an easier method to create a checklist for assessment officers to more easily check for
cyber risks
Mission Assurance Have a clear understanding of what cyber vulnerabilities may pose a direct risk to specific mission
operations
Commercial Port Officer Understand how they can improve their own systems based on status of other ports and based on
guidelines/baseline set in place by TRANSCOM
ISAO official Able to effectively collect data (i.e provide a checklist and clear categories) based on priority of
critical infrastructure as it relates to commercial and federal sectors
List of Critical Infrastructure
Critical Infrastructure Vulnerabilities D Category
Breakwater gates -
Port Channel Blockage of any kind Deny
Power Grid Facilities/Connections Failure (have backup generators though) Deny/Degrade
Cargo Movement Systems (e.g. cranes) “Closed systems” but could still be
vulnerable (Leard: airforce example)
Deny/Degrade/Destroy
RADAR Complete failure: have backup systems
Tampering (cybersecurity): can lead to
serious problems if not detected (e.g.
guiding two ships to collide together
under low visibility circumstances)
-
Cargo Management System Complete failure: paralysis of the
terminal
Tampering (cybersecurity): can lead to
serious slowdowns of the port or physical
security breaches
Deny/Degrade
Scanning System Shutdown failure: paralysis of the
terminal
Tampering: can lead to pysical security
Deny
Physical
Digital
Procurement Process: Third-Party Partnerships
Company creates/has idea for possible solution
Approach TTILO (Transportation and Technology Industry Liason Office)
Reject Accept More Information Requested
Referral to Subject Matter Expert (TCJ6, TCJ3, or SDDC officer in our case)
AcceptReject More Information Requested
Buying division adopts program/product or create CRADA for further work
From http://www.ustranscom.mil/dbw/ttilo/
Procurement Process: Within TRANSCOM
Division within TRANSCOM requests capability/tool
Product made fully available to TRANSCOM and Strategic Seaports
Division within TRANSCOM with capabilities to develop tool contacted
TRANSCOM-specific product submitted back for approval
Third Party
Subscription
Platform
2 weeks 3 weeks 1 month 6 months3 months

Más contenido relacionado

La actualidad más candente

Penetration testing reporting and methodology
Penetration testing reporting and methodologyPenetration testing reporting and methodology
Penetration testing reporting and methodologyRashad Aliyev
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Edureka!
 
Why ISO27001 For My Organisation
Why ISO27001 For My OrganisationWhy ISO27001 For My Organisation
Why ISO27001 For My OrganisationVigilant Software
 
Threat Modeling Everything
Threat Modeling EverythingThreat Modeling Everything
Threat Modeling EverythingAnne Oikarinen
 
Data Loss Prevention
Data Loss PreventionData Loss Prevention
Data Loss PreventionReza Kopaee
 
KnowBe4-Presentation-Overview.pptx
KnowBe4-Presentation-Overview.pptxKnowBe4-Presentation-Overview.pptx
KnowBe4-Presentation-Overview.pptxssuser2a8f32
 
Security and personnel bp11521
Security and personnel bp11521Security and personnel bp11521
Security and personnel bp11521Merlin Florrence
 
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...PECB
 
Cyber Security Emerging Threats
Cyber Security Emerging ThreatsCyber Security Emerging Threats
Cyber Security Emerging Threatsisc2dfw
 
A military perspective on cyber security
A military perspective on cyber securityA military perspective on cyber security
A military perspective on cyber securityJoey Hernandez
 
Understanding Cyber Attack - Cyber Kill Chain.pdf
Understanding Cyber Attack - Cyber Kill Chain.pdfUnderstanding Cyber Attack - Cyber Kill Chain.pdf
Understanding Cyber Attack - Cyber Kill Chain.pdfslametarrokhim1
 
Cyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep SinghCyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep SinghOWASP Delhi
 
ISO 27001 Training | ISMS Awareness Training
ISO 27001 Training | ISMS Awareness TrainingISO 27001 Training | ISMS Awareness Training
ISO 27001 Training | ISMS Awareness Traininghimalya sharma
 
Cyber security maturity model- IT/ITES
Cyber security maturity model- IT/ITES Cyber security maturity model- IT/ITES
Cyber security maturity model- IT/ITES Priyanka Aash
 
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
Boardroom to War Room:  Practical Application of the NIST Cybersecurity Frame...Boardroom to War Room:  Practical Application of the NIST Cybersecurity Frame...
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...robbiesamuel
 
Data Loss Prevention from Symantec
Data Loss Prevention from SymantecData Loss Prevention from Symantec
Data Loss Prevention from SymantecArrow ECS UK
 
Customer information security awareness training
Customer information security awareness trainingCustomer information security awareness training
Customer information security awareness trainingAbdalrhmanTHassan
 
Cybersecurity Employee Training
Cybersecurity Employee TrainingCybersecurity Employee Training
Cybersecurity Employee TrainingPaige Rasid
 

La actualidad más candente (20)

Penetration testing reporting and methodology
Penetration testing reporting and methodologyPenetration testing reporting and methodology
Penetration testing reporting and methodology
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
 
Why ISO27001 For My Organisation
Why ISO27001 For My OrganisationWhy ISO27001 For My Organisation
Why ISO27001 For My Organisation
 
Threat Modeling Everything
Threat Modeling EverythingThreat Modeling Everything
Threat Modeling Everything
 
Data Loss Prevention
Data Loss PreventionData Loss Prevention
Data Loss Prevention
 
IBM Security Strategy
IBM Security StrategyIBM Security Strategy
IBM Security Strategy
 
KnowBe4-Presentation-Overview.pptx
KnowBe4-Presentation-Overview.pptxKnowBe4-Presentation-Overview.pptx
KnowBe4-Presentation-Overview.pptx
 
Security and personnel bp11521
Security and personnel bp11521Security and personnel bp11521
Security and personnel bp11521
 
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...
 
NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101  NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101
 
Cyber Security Emerging Threats
Cyber Security Emerging ThreatsCyber Security Emerging Threats
Cyber Security Emerging Threats
 
A military perspective on cyber security
A military perspective on cyber securityA military perspective on cyber security
A military perspective on cyber security
 
Understanding Cyber Attack - Cyber Kill Chain.pdf
Understanding Cyber Attack - Cyber Kill Chain.pdfUnderstanding Cyber Attack - Cyber Kill Chain.pdf
Understanding Cyber Attack - Cyber Kill Chain.pdf
 
Cyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep SinghCyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep Singh
 
ISO 27001 Training | ISMS Awareness Training
ISO 27001 Training | ISMS Awareness TrainingISO 27001 Training | ISMS Awareness Training
ISO 27001 Training | ISMS Awareness Training
 
Cyber security maturity model- IT/ITES
Cyber security maturity model- IT/ITES Cyber security maturity model- IT/ITES
Cyber security maturity model- IT/ITES
 
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
Boardroom to War Room:  Practical Application of the NIST Cybersecurity Frame...Boardroom to War Room:  Practical Application of the NIST Cybersecurity Frame...
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
 
Data Loss Prevention from Symantec
Data Loss Prevention from SymantecData Loss Prevention from Symantec
Data Loss Prevention from Symantec
 
Customer information security awareness training
Customer information security awareness trainingCustomer information security awareness training
Customer information security awareness training
 
Cybersecurity Employee Training
Cybersecurity Employee TrainingCybersecurity Employee Training
Cybersecurity Employee Training
 

Destacado

Austra Lumina Hacking for Defense 2017
Austra Lumina Hacking for Defense 2017Austra Lumina Hacking for Defense 2017
Austra Lumina Hacking for Defense 2017Stanford University
 
21st Century Frogman Lessons Learned H4D Stanford 2017
21st Century Frogman Lessons Learned H4D Stanford 201721st Century Frogman Lessons Learned H4D Stanford 2017
21st Century Frogman Lessons Learned H4D Stanford 2017Stanford University
 
Surgency Hacking for Defense 2017
Surgency Hacking for Defense 2017Surgency Hacking for Defense 2017
Surgency Hacking for Defense 2017Stanford University
 
Broadcom - Hacking for Defense - Stanford 2017
Broadcom - Hacking for Defense - Stanford 2017Broadcom - Hacking for Defense - Stanford 2017
Broadcom - Hacking for Defense - Stanford 2017Stanford University
 
Peacekeeping Lessons Learned H4Dip Stanford 2016
Peacekeeping Lessons Learned H4Dip Stanford 2016Peacekeeping Lessons Learned H4Dip Stanford 2016
Peacekeeping Lessons Learned H4Dip Stanford 2016Stanford University
 
Aggregate db Lessons Learned H4Dip Stanford 2016
Aggregate db Lessons Learned H4Dip Stanford 2016Aggregate db Lessons Learned H4Dip Stanford 2016
Aggregate db Lessons Learned H4Dip Stanford 2016Stanford University
 
Trace Lessons Learned H4Dip Stanford 2016
Trace Lessons Learned H4Dip Stanford 2016 Trace Lessons Learned H4Dip Stanford 2016
Trace Lessons Learned H4Dip Stanford 2016 Stanford University
 
Fatal journeys (Team 621) Lessons Learned H4Dip Stanford 2016
Fatal journeys (Team 621) Lessons Learned H4Dip Stanford 2016Fatal journeys (Team 621) Lessons Learned H4Dip Stanford 2016
Fatal journeys (Team 621) Lessons Learned H4Dip Stanford 2016Stanford University
 
Exodus Lessons Learned H4Dip Stanford 2016
Exodus Lessons Learned H4Dip Stanford 2016Exodus Lessons Learned H4Dip Stanford 2016
Exodus Lessons Learned H4Dip Stanford 2016Stanford University
 
Space Evaders Lessons Learned H4Dip Stanford 2016
Space Evaders Lessons Learned H4Dip Stanford 2016Space Evaders Lessons Learned H4Dip Stanford 2016
Space Evaders Lessons Learned H4Dip Stanford 2016Stanford University
 
Hacking CT Lessons Learned H4Dip Stanford 2016
Hacking CT Lessons Learned H4Dip Stanford 2016Hacking CT Lessons Learned H4Dip Stanford 2016
Hacking CT Lessons Learned H4Dip Stanford 2016Stanford University
 
Customer Development Methodology
Customer Development MethodologyCustomer Development Methodology
Customer Development MethodologyVenture Hacks
 
Lean Startups in Japanese Companies takashi tsutsumi_masato_iino
Lean Startups in Japanese Companies takashi tsutsumi_masato_iinoLean Startups in Japanese Companies takashi tsutsumi_masato_iino
Lean Startups in Japanese Companies takashi tsutsumi_masato_iinoStanford University
 
Why accountants don’t run startups sllc
Why accountants don’t run startups sllcWhy accountants don’t run startups sllc
Why accountants don’t run startups sllcStanford University
 
Team 621 Hacking for Diplomacy week 8
Team 621 Hacking for Diplomacy week 8Team 621 Hacking for Diplomacy week 8
Team 621 Hacking for Diplomacy week 8Stanford University
 

Destacado (20)

Austra Lumina Hacking for Defense 2017
Austra Lumina Hacking for Defense 2017Austra Lumina Hacking for Defense 2017
Austra Lumina Hacking for Defense 2017
 
Xplomo Hacking for Defense 2017
Xplomo Hacking for Defense 2017Xplomo Hacking for Defense 2017
Xplomo Hacking for Defense 2017
 
21st Century Frogman Lessons Learned H4D Stanford 2017
21st Century Frogman Lessons Learned H4D Stanford 201721st Century Frogman Lessons Learned H4D Stanford 2017
21st Century Frogman Lessons Learned H4D Stanford 2017
 
Surgency Hacking for Defense 2017
Surgency Hacking for Defense 2017Surgency Hacking for Defense 2017
Surgency Hacking for Defense 2017
 
Broadcom - Hacking for Defense - Stanford 2017
Broadcom - Hacking for Defense - Stanford 2017Broadcom - Hacking for Defense - Stanford 2017
Broadcom - Hacking for Defense - Stanford 2017
 
Peacekeeping Lessons Learned H4Dip Stanford 2016
Peacekeeping Lessons Learned H4Dip Stanford 2016Peacekeeping Lessons Learned H4Dip Stanford 2016
Peacekeeping Lessons Learned H4Dip Stanford 2016
 
Aggregate db Lessons Learned H4Dip Stanford 2016
Aggregate db Lessons Learned H4Dip Stanford 2016Aggregate db Lessons Learned H4Dip Stanford 2016
Aggregate db Lessons Learned H4Dip Stanford 2016
 
Trace Lessons Learned H4Dip Stanford 2016
Trace Lessons Learned H4Dip Stanford 2016 Trace Lessons Learned H4Dip Stanford 2016
Trace Lessons Learned H4Dip Stanford 2016
 
Fatal journeys (Team 621) Lessons Learned H4Dip Stanford 2016
Fatal journeys (Team 621) Lessons Learned H4Dip Stanford 2016Fatal journeys (Team 621) Lessons Learned H4Dip Stanford 2016
Fatal journeys (Team 621) Lessons Learned H4Dip Stanford 2016
 
Exodus Lessons Learned H4Dip Stanford 2016
Exodus Lessons Learned H4Dip Stanford 2016Exodus Lessons Learned H4Dip Stanford 2016
Exodus Lessons Learned H4Dip Stanford 2016
 
Space Evaders Lessons Learned H4Dip Stanford 2016
Space Evaders Lessons Learned H4Dip Stanford 2016Space Evaders Lessons Learned H4Dip Stanford 2016
Space Evaders Lessons Learned H4Dip Stanford 2016
 
Hacking CT Lessons Learned H4Dip Stanford 2016
Hacking CT Lessons Learned H4Dip Stanford 2016Hacking CT Lessons Learned H4Dip Stanford 2016
Hacking CT Lessons Learned H4Dip Stanford 2016
 
Delphi Berkeley 2016
Delphi Berkeley 2016Delphi Berkeley 2016
Delphi Berkeley 2016
 
HomeSlice Berkeley 2016
HomeSlice Berkeley 2016HomeSlice Berkeley 2016
HomeSlice Berkeley 2016
 
SalesStash Berkeley 2016
SalesStash Berkeley 2016SalesStash Berkeley 2016
SalesStash Berkeley 2016
 
Exit strategy Berkeley 2016
Exit strategy Berkeley 2016Exit strategy Berkeley 2016
Exit strategy Berkeley 2016
 
Customer Development Methodology
Customer Development MethodologyCustomer Development Methodology
Customer Development Methodology
 
Lean Startups in Japanese Companies takashi tsutsumi_masato_iino
Lean Startups in Japanese Companies takashi tsutsumi_masato_iinoLean Startups in Japanese Companies takashi tsutsumi_masato_iino
Lean Startups in Japanese Companies takashi tsutsumi_masato_iino
 
Why accountants don’t run startups sllc
Why accountants don’t run startups sllcWhy accountants don’t run startups sllc
Why accountants don’t run startups sllc
 
Team 621 Hacking for Diplomacy week 8
Team 621 Hacking for Diplomacy week 8Team 621 Hacking for Diplomacy week 8
Team 621 Hacking for Diplomacy week 8
 

Similar a Seacurity Hacking for Defense 2017

Sentinel Week 8 H4D Stanford 2016
Sentinel Week 8 H4D Stanford 2016Sentinel Week 8 H4D Stanford 2016
Sentinel Week 8 H4D Stanford 2016Stanford University
 
Unit 7 Assignment Group Assignment – Risk Analysis and Ident
Unit 7 Assignment Group Assignment – Risk Analysis and IdentUnit 7 Assignment Group Assignment – Risk Analysis and Ident
Unit 7 Assignment Group Assignment – Risk Analysis and Identcorbing9ttj
 
Sentinel Week 9 H4D Stanford 2016
Sentinel Week 9 H4D Stanford 2016Sentinel Week 9 H4D Stanford 2016
Sentinel Week 9 H4D Stanford 2016Stanford University
 
Maritime Surveillance PG24 MTR Sept 15 ARTICLE ONLY
Maritime Surveillance PG24 MTR Sept 15 ARTICLE ONLYMaritime Surveillance PG24 MTR Sept 15 ARTICLE ONLY
Maritime Surveillance PG24 MTR Sept 15 ARTICLE ONLYMarianne Molchan
 
Jose Davila Cv 060309
Jose Davila Cv 060309Jose Davila Cv 060309
Jose Davila Cv 060309jdavila04
 
Supply Chain Threats to the US Energy Sector
Supply Chain Threats to the US Energy SectorSupply Chain Threats to the US Energy Sector
Supply Chain Threats to the US Energy SectorKaspersky
 
Criterios Minimos de Seguridad CTPAT 2019 conference
Criterios Minimos de Seguridad CTPAT 2019 conferenceCriterios Minimos de Seguridad CTPAT 2019 conference
Criterios Minimos de Seguridad CTPAT 2019 conferenceJoe Garza
 
Maritime Cybersecurity Developments maritimeoutlook.wordpress.com
Maritime Cybersecurity Developments maritimeoutlook.wordpress.comMaritime Cybersecurity Developments maritimeoutlook.wordpress.com
Maritime Cybersecurity Developments maritimeoutlook.wordpress.comNihal Peter Moraes
 
A Case Study of the Capital One Data Breach
A Case Study of the Capital One Data BreachA Case Study of the Capital One Data Breach
A Case Study of the Capital One Data BreachAnchises Moraes
 
Critical Infrastructure and Cybersecurity Transportation Sector
Critical Infrastructure and Cybersecurity Transportation SectorCritical Infrastructure and Cybersecurity Transportation Sector
Critical Infrastructure and Cybersecurity Transportation SectorEuropean Services Institute
 
Cyber Sec Project Proposal
Cyber Sec Project ProposalCyber Sec Project Proposal
Cyber Sec Project ProposalChris Young
 
2Cloud computing threats One of the biggest challenges informa.docx
2Cloud computing threats One of the biggest challenges informa.docx2Cloud computing threats One of the biggest challenges informa.docx
2Cloud computing threats One of the biggest challenges informa.docxlorainedeserre
 
24 Feb 2016, Soldiers Five Presentation and Photos
24 Feb 2016, Soldiers Five Presentation and Photos24 Feb 2016, Soldiers Five Presentation and Photos
24 Feb 2016, Soldiers Five Presentation and PhotosBlake Barrett CSC
 
For Critical Infrastructure Protection
For Critical Infrastructure ProtectionFor Critical Infrastructure Protection
For Critical Infrastructure ProtectionPriyanka Aash
 

Similar a Seacurity Hacking for Defense 2017 (20)

Sea++ H4D Stanford 2018
Sea++ H4D Stanford 2018Sea++ H4D Stanford 2018
Sea++ H4D Stanford 2018
 
Sentinel Week 8 H4D Stanford 2016
Sentinel Week 8 H4D Stanford 2016Sentinel Week 8 H4D Stanford 2016
Sentinel Week 8 H4D Stanford 2016
 
Unit 7 Assignment Group Assignment – Risk Analysis and Ident
Unit 7 Assignment Group Assignment – Risk Analysis and IdentUnit 7 Assignment Group Assignment – Risk Analysis and Ident
Unit 7 Assignment Group Assignment – Risk Analysis and Ident
 
Sentinel Week 9 H4D Stanford 2016
Sentinel Week 9 H4D Stanford 2016Sentinel Week 9 H4D Stanford 2016
Sentinel Week 9 H4D Stanford 2016
 
Maritime Surveillance PG24 MTR Sept 15 ARTICLE ONLY
Maritime Surveillance PG24 MTR Sept 15 ARTICLE ONLYMaritime Surveillance PG24 MTR Sept 15 ARTICLE ONLY
Maritime Surveillance PG24 MTR Sept 15 ARTICLE ONLY
 
CSI capsize - salvage
CSI capsize - salvageCSI capsize - salvage
CSI capsize - salvage
 
Jose Davila Cv 060309
Jose Davila Cv 060309Jose Davila Cv 060309
Jose Davila Cv 060309
 
Supply Chain Threats to the US Energy Sector
Supply Chain Threats to the US Energy SectorSupply Chain Threats to the US Energy Sector
Supply Chain Threats to the US Energy Sector
 
Criterios Minimos de Seguridad CTPAT 2019 conference
Criterios Minimos de Seguridad CTPAT 2019 conferenceCriterios Minimos de Seguridad CTPAT 2019 conference
Criterios Minimos de Seguridad CTPAT 2019 conference
 
Maritime Cybersecurity Developments maritimeoutlook.wordpress.com
Maritime Cybersecurity Developments maritimeoutlook.wordpress.comMaritime Cybersecurity Developments maritimeoutlook.wordpress.com
Maritime Cybersecurity Developments maritimeoutlook.wordpress.com
 
A Case Study of the Capital One Data Breach
A Case Study of the Capital One Data BreachA Case Study of the Capital One Data Breach
A Case Study of the Capital One Data Breach
 
Cisco
CiscoCisco
Cisco
 
Critical Infrastructure and Cybersecurity Transportation Sector
Critical Infrastructure and Cybersecurity Transportation SectorCritical Infrastructure and Cybersecurity Transportation Sector
Critical Infrastructure and Cybersecurity Transportation Sector
 
Cyber Sec Project Proposal
Cyber Sec Project ProposalCyber Sec Project Proposal
Cyber Sec Project Proposal
 
Tgs capabilities brief
Tgs capabilities briefTgs capabilities brief
Tgs capabilities brief
 
Critical Infrastructure and Cybersecurity
Critical Infrastructure and Cybersecurity Critical Infrastructure and Cybersecurity
Critical Infrastructure and Cybersecurity
 
2Cloud computing threats One of the biggest challenges informa.docx
2Cloud computing threats One of the biggest challenges informa.docx2Cloud computing threats One of the biggest challenges informa.docx
2Cloud computing threats One of the biggest challenges informa.docx
 
24 Feb 2016, Soldiers Five Presentation and Photos
24 Feb 2016, Soldiers Five Presentation and Photos24 Feb 2016, Soldiers Five Presentation and Photos
24 Feb 2016, Soldiers Five Presentation and Photos
 
Holtzlander Resume1-23-16
Holtzlander Resume1-23-16Holtzlander Resume1-23-16
Holtzlander Resume1-23-16
 
For Critical Infrastructure Protection
For Critical Infrastructure ProtectionFor Critical Infrastructure Protection
For Critical Infrastructure Protection
 

Más de Stanford University

Team Networks - 2022 Technology, Innovation & Great Power Competition
Team Networks  - 2022 Technology, Innovation & Great Power CompetitionTeam Networks  - 2022 Technology, Innovation & Great Power Competition
Team Networks - 2022 Technology, Innovation & Great Power CompetitionStanford University
 
Team LiOn Batteries - 2022 Technology, Innovation & Great Power Competition
Team LiOn Batteries  - 2022 Technology, Innovation & Great Power CompetitionTeam LiOn Batteries  - 2022 Technology, Innovation & Great Power Competition
Team LiOn Batteries - 2022 Technology, Innovation & Great Power CompetitionStanford University
 
Team Quantum - 2022 Technology, Innovation & Great Power Competition
Team Quantum  - 2022 Technology, Innovation & Great Power CompetitionTeam Quantum  - 2022 Technology, Innovation & Great Power Competition
Team Quantum - 2022 Technology, Innovation & Great Power CompetitionStanford University
 
Team Disinformation - 2022 Technology, Innovation & Great Power Competition
Team Disinformation  - 2022 Technology, Innovation & Great Power CompetitionTeam Disinformation  - 2022 Technology, Innovation & Great Power Competition
Team Disinformation - 2022 Technology, Innovation & Great Power CompetitionStanford University
 
Team Wargames - 2022 Technology, Innovation & Great Power Competition
Team Wargames  - 2022 Technology, Innovation & Great Power CompetitionTeam Wargames  - 2022 Technology, Innovation & Great Power Competition
Team Wargames - 2022 Technology, Innovation & Great Power CompetitionStanford University
 
Team Acquistion - 2022 Technology, Innovation & Great Power Competition
Team Acquistion  - 2022 Technology, Innovation & Great Power Competition Team Acquistion  - 2022 Technology, Innovation & Great Power Competition
Team Acquistion - 2022 Technology, Innovation & Great Power Competition Stanford University
 
Team Climate Change - 2022 Technology, Innovation & Great Power Competition
Team Climate Change - 2022 Technology, Innovation & Great Power Competition Team Climate Change - 2022 Technology, Innovation & Great Power Competition
Team Climate Change - 2022 Technology, Innovation & Great Power Competition Stanford University
 
Altuna Engr245 2022 Lessons Learned
Altuna Engr245 2022 Lessons LearnedAltuna Engr245 2022 Lessons Learned
Altuna Engr245 2022 Lessons LearnedStanford University
 
Invisa Engr245 2022 Lessons Learned
Invisa Engr245 2022 Lessons LearnedInvisa Engr245 2022 Lessons Learned
Invisa Engr245 2022 Lessons LearnedStanford University
 
ānanda Engr245 2022 Lessons Learned
ānanda Engr245 2022 Lessons Learnedānanda Engr245 2022 Lessons Learned
ānanda Engr245 2022 Lessons LearnedStanford University
 
Gordian Knot Center Roundtable w/Depty SecDef
Gordian Knot Center Roundtable w/Depty SecDef Gordian Knot Center Roundtable w/Depty SecDef
Gordian Knot Center Roundtable w/Depty SecDef Stanford University
 
Team Army venture capital - 2021 Technology, Innovation & Great Power Competi...
Team Army venture capital - 2021 Technology, Innovation & Great Power Competi...Team Army venture capital - 2021 Technology, Innovation & Great Power Competi...
Team Army venture capital - 2021 Technology, Innovation & Great Power Competi...Stanford University
 
Team Army venture capital - 2021 Technology, Innovation & Great Power Competi...
Team Army venture capital - 2021 Technology, Innovation & Great Power Competi...Team Army venture capital - 2021 Technology, Innovation & Great Power Competi...
Team Army venture capital - 2021 Technology, Innovation & Great Power Competi...Stanford University
 
Team Catena - 2021 Technology, Innovation & Great Power Competition
Team Catena - 2021 Technology, Innovation & Great Power CompetitionTeam Catena - 2021 Technology, Innovation & Great Power Competition
Team Catena - 2021 Technology, Innovation & Great Power CompetitionStanford University
 
Team Apollo - 2021 Technology, Innovation & Great Power Competition
Team Apollo - 2021 Technology, Innovation & Great Power CompetitionTeam Apollo - 2021 Technology, Innovation & Great Power Competition
Team Apollo - 2021 Technology, Innovation & Great Power CompetitionStanford University
 
Team Drone - 2021 Technology, Innovation & Great Power Competition
Team Drone - 2021 Technology, Innovation & Great Power CompetitionTeam Drone - 2021 Technology, Innovation & Great Power Competition
Team Drone - 2021 Technology, Innovation & Great Power CompetitionStanford University
 
Team Short Circuit - 2021 Technology, Innovation & Great Power Competition
Team Short Circuit - 2021 Technology, Innovation & Great Power CompetitionTeam Short Circuit - 2021 Technology, Innovation & Great Power Competition
Team Short Circuit - 2021 Technology, Innovation & Great Power CompetitionStanford University
 
Team Aurora - 2021 Technology, Innovation & Great Power Competition
Team Aurora - 2021 Technology, Innovation & Great Power CompetitionTeam Aurora - 2021 Technology, Innovation & Great Power Competition
Team Aurora - 2021 Technology, Innovation & Great Power CompetitionStanford University
 
Team Conflicted Capital Team - 2021 Technology, Innovation & Great Power Comp...
Team Conflicted Capital Team - 2021 Technology, Innovation & Great Power Comp...Team Conflicted Capital Team - 2021 Technology, Innovation & Great Power Comp...
Team Conflicted Capital Team - 2021 Technology, Innovation & Great Power Comp...Stanford University
 
Lecture 8 - Technology, Innovation and Great Power Competition - Cyber
Lecture 8 - Technology, Innovation and Great Power Competition - CyberLecture 8 - Technology, Innovation and Great Power Competition - Cyber
Lecture 8 - Technology, Innovation and Great Power Competition - CyberStanford University
 

Más de Stanford University (20)

Team Networks - 2022 Technology, Innovation & Great Power Competition
Team Networks  - 2022 Technology, Innovation & Great Power CompetitionTeam Networks  - 2022 Technology, Innovation & Great Power Competition
Team Networks - 2022 Technology, Innovation & Great Power Competition
 
Team LiOn Batteries - 2022 Technology, Innovation & Great Power Competition
Team LiOn Batteries  - 2022 Technology, Innovation & Great Power CompetitionTeam LiOn Batteries  - 2022 Technology, Innovation & Great Power Competition
Team LiOn Batteries - 2022 Technology, Innovation & Great Power Competition
 
Team Quantum - 2022 Technology, Innovation & Great Power Competition
Team Quantum  - 2022 Technology, Innovation & Great Power CompetitionTeam Quantum  - 2022 Technology, Innovation & Great Power Competition
Team Quantum - 2022 Technology, Innovation & Great Power Competition
 
Team Disinformation - 2022 Technology, Innovation & Great Power Competition
Team Disinformation  - 2022 Technology, Innovation & Great Power CompetitionTeam Disinformation  - 2022 Technology, Innovation & Great Power Competition
Team Disinformation - 2022 Technology, Innovation & Great Power Competition
 
Team Wargames - 2022 Technology, Innovation & Great Power Competition
Team Wargames  - 2022 Technology, Innovation & Great Power CompetitionTeam Wargames  - 2022 Technology, Innovation & Great Power Competition
Team Wargames - 2022 Technology, Innovation & Great Power Competition
 
Team Acquistion - 2022 Technology, Innovation & Great Power Competition
Team Acquistion  - 2022 Technology, Innovation & Great Power Competition Team Acquistion  - 2022 Technology, Innovation & Great Power Competition
Team Acquistion - 2022 Technology, Innovation & Great Power Competition
 
Team Climate Change - 2022 Technology, Innovation & Great Power Competition
Team Climate Change - 2022 Technology, Innovation & Great Power Competition Team Climate Change - 2022 Technology, Innovation & Great Power Competition
Team Climate Change - 2022 Technology, Innovation & Great Power Competition
 
Altuna Engr245 2022 Lessons Learned
Altuna Engr245 2022 Lessons LearnedAltuna Engr245 2022 Lessons Learned
Altuna Engr245 2022 Lessons Learned
 
Invisa Engr245 2022 Lessons Learned
Invisa Engr245 2022 Lessons LearnedInvisa Engr245 2022 Lessons Learned
Invisa Engr245 2022 Lessons Learned
 
ānanda Engr245 2022 Lessons Learned
ānanda Engr245 2022 Lessons Learnedānanda Engr245 2022 Lessons Learned
ānanda Engr245 2022 Lessons Learned
 
Gordian Knot Center Roundtable w/Depty SecDef
Gordian Knot Center Roundtable w/Depty SecDef Gordian Knot Center Roundtable w/Depty SecDef
Gordian Knot Center Roundtable w/Depty SecDef
 
Team Army venture capital - 2021 Technology, Innovation & Great Power Competi...
Team Army venture capital - 2021 Technology, Innovation & Great Power Competi...Team Army venture capital - 2021 Technology, Innovation & Great Power Competi...
Team Army venture capital - 2021 Technology, Innovation & Great Power Competi...
 
Team Army venture capital - 2021 Technology, Innovation & Great Power Competi...
Team Army venture capital - 2021 Technology, Innovation & Great Power Competi...Team Army venture capital - 2021 Technology, Innovation & Great Power Competi...
Team Army venture capital - 2021 Technology, Innovation & Great Power Competi...
 
Team Catena - 2021 Technology, Innovation & Great Power Competition
Team Catena - 2021 Technology, Innovation & Great Power CompetitionTeam Catena - 2021 Technology, Innovation & Great Power Competition
Team Catena - 2021 Technology, Innovation & Great Power Competition
 
Team Apollo - 2021 Technology, Innovation & Great Power Competition
Team Apollo - 2021 Technology, Innovation & Great Power CompetitionTeam Apollo - 2021 Technology, Innovation & Great Power Competition
Team Apollo - 2021 Technology, Innovation & Great Power Competition
 
Team Drone - 2021 Technology, Innovation & Great Power Competition
Team Drone - 2021 Technology, Innovation & Great Power CompetitionTeam Drone - 2021 Technology, Innovation & Great Power Competition
Team Drone - 2021 Technology, Innovation & Great Power Competition
 
Team Short Circuit - 2021 Technology, Innovation & Great Power Competition
Team Short Circuit - 2021 Technology, Innovation & Great Power CompetitionTeam Short Circuit - 2021 Technology, Innovation & Great Power Competition
Team Short Circuit - 2021 Technology, Innovation & Great Power Competition
 
Team Aurora - 2021 Technology, Innovation & Great Power Competition
Team Aurora - 2021 Technology, Innovation & Great Power CompetitionTeam Aurora - 2021 Technology, Innovation & Great Power Competition
Team Aurora - 2021 Technology, Innovation & Great Power Competition
 
Team Conflicted Capital Team - 2021 Technology, Innovation & Great Power Comp...
Team Conflicted Capital Team - 2021 Technology, Innovation & Great Power Comp...Team Conflicted Capital Team - 2021 Technology, Innovation & Great Power Comp...
Team Conflicted Capital Team - 2021 Technology, Innovation & Great Power Comp...
 
Lecture 8 - Technology, Innovation and Great Power Competition - Cyber
Lecture 8 - Technology, Innovation and Great Power Competition - CyberLecture 8 - Technology, Innovation and Great Power Competition - Cyber
Lecture 8 - Technology, Innovation and Great Power Competition - Cyber
 

Último

Quantitative research methodology and survey design
Quantitative research methodology and survey designQuantitative research methodology and survey design
Quantitative research methodology and survey designBalelaBoru
 
LEAD6001 - Introduction to Advanced Stud
LEAD6001 - Introduction to Advanced StudLEAD6001 - Introduction to Advanced Stud
LEAD6001 - Introduction to Advanced StudDr. Bruce A. Johnson
 
30-de-thi-vao-lop-10-mon-tieng-anh-co-dap-an.doc
30-de-thi-vao-lop-10-mon-tieng-anh-co-dap-an.doc30-de-thi-vao-lop-10-mon-tieng-anh-co-dap-an.doc
30-de-thi-vao-lop-10-mon-tieng-anh-co-dap-an.docdieu18
 
Plant Tissue culture., Plasticity, Totipotency, pptx
Plant Tissue culture., Plasticity, Totipotency, pptxPlant Tissue culture., Plasticity, Totipotency, pptx
Plant Tissue culture., Plasticity, Totipotency, pptxHimansu10
 
Awards Presentation 2024 - March 12 2024
Awards Presentation 2024 - March 12 2024Awards Presentation 2024 - March 12 2024
Awards Presentation 2024 - March 12 2024bsellato
 
The OERs: Transforming Education for Sustainable Future by Dr. Sarita Anand
The OERs: Transforming Education for Sustainable Future by Dr. Sarita AnandThe OERs: Transforming Education for Sustainable Future by Dr. Sarita Anand
The OERs: Transforming Education for Sustainable Future by Dr. Sarita AnandDr. Sarita Anand
 
Metabolism , Metabolic Fate& disorders of cholesterol.pptx
Metabolism , Metabolic Fate& disorders of cholesterol.pptxMetabolism , Metabolic Fate& disorders of cholesterol.pptx
Metabolism , Metabolic Fate& disorders of cholesterol.pptxDr. Santhosh Kumar. N
 
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - HK2 (...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - HK2 (...HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - HK2 (...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - HK2 (...Nguyen Thanh Tu Collection
 
3.14.24 Gender Discrimination and Gender Inequity.pptx
3.14.24 Gender Discrimination and Gender Inequity.pptx3.14.24 Gender Discrimination and Gender Inequity.pptx
3.14.24 Gender Discrimination and Gender Inequity.pptxmary850239
 
The basics of sentences session 8pptx.pptx
The basics of sentences session 8pptx.pptxThe basics of sentences session 8pptx.pptx
The basics of sentences session 8pptx.pptxheathfieldcps1
 
BÀI TẬP BỔ TRỢ TIẾNG ANH 11 THEO ĐƠN VỊ BÀI HỌC - CẢ NĂM - CÓ FILE NGHE (GLOB...
BÀI TẬP BỔ TRỢ TIẾNG ANH 11 THEO ĐƠN VỊ BÀI HỌC - CẢ NĂM - CÓ FILE NGHE (GLOB...BÀI TẬP BỔ TRỢ TIẾNG ANH 11 THEO ĐƠN VỊ BÀI HỌC - CẢ NĂM - CÓ FILE NGHE (GLOB...
BÀI TẬP BỔ TRỢ TIẾNG ANH 11 THEO ĐƠN VỊ BÀI HỌC - CẢ NĂM - CÓ FILE NGHE (GLOB...Nguyen Thanh Tu Collection
 
ICS2208 Lecture4 Intelligent Interface Agents.pdf
ICS2208 Lecture4 Intelligent Interface Agents.pdfICS2208 Lecture4 Intelligent Interface Agents.pdf
ICS2208 Lecture4 Intelligent Interface Agents.pdfVanessa Camilleri
 
VIT336 – Recommender System - Unit 3.pdf
VIT336 – Recommender System - Unit 3.pdfVIT336 – Recommender System - Unit 3.pdf
VIT336 – Recommender System - Unit 3.pdfArthyR3
 
DLL Catch Up Friday March 22.docx CATCH UP FRIDAYS
DLL Catch Up Friday March 22.docx CATCH UP FRIDAYSDLL Catch Up Friday March 22.docx CATCH UP FRIDAYS
DLL Catch Up Friday March 22.docx CATCH UP FRIDAYSTeacherNicaPrintable
 
PHARMACOGNOSY CHAPTER NO 5 CARMINATIVES AND G.pdf
PHARMACOGNOSY CHAPTER NO 5 CARMINATIVES AND G.pdfPHARMACOGNOSY CHAPTER NO 5 CARMINATIVES AND G.pdf
PHARMACOGNOSY CHAPTER NO 5 CARMINATIVES AND G.pdfSumit Tiwari
 
Alamkara theory by Bhamaha Indian Poetics (1).pptx
Alamkara theory by Bhamaha Indian Poetics (1).pptxAlamkara theory by Bhamaha Indian Poetics (1).pptx
Alamkara theory by Bhamaha Indian Poetics (1).pptxDhatriParmar
 
LEAD5623 The Economics of Community Coll
LEAD5623 The Economics of Community CollLEAD5623 The Economics of Community Coll
LEAD5623 The Economics of Community CollDr. Bruce A. Johnson
 
3.12.24 Freedom Summer in Mississippi.pptx
3.12.24 Freedom Summer in Mississippi.pptx3.12.24 Freedom Summer in Mississippi.pptx
3.12.24 Freedom Summer in Mississippi.pptxmary850239
 
ASTRINGENTS.pdf Pharmacognosy chapter 5 diploma in Pharmacy
ASTRINGENTS.pdf Pharmacognosy chapter 5 diploma in PharmacyASTRINGENTS.pdf Pharmacognosy chapter 5 diploma in Pharmacy
ASTRINGENTS.pdf Pharmacognosy chapter 5 diploma in PharmacySumit Tiwari
 

Último (20)

Quantitative research methodology and survey design
Quantitative research methodology and survey designQuantitative research methodology and survey design
Quantitative research methodology and survey design
 
LEAD6001 - Introduction to Advanced Stud
LEAD6001 - Introduction to Advanced StudLEAD6001 - Introduction to Advanced Stud
LEAD6001 - Introduction to Advanced Stud
 
30-de-thi-vao-lop-10-mon-tieng-anh-co-dap-an.doc
30-de-thi-vao-lop-10-mon-tieng-anh-co-dap-an.doc30-de-thi-vao-lop-10-mon-tieng-anh-co-dap-an.doc
30-de-thi-vao-lop-10-mon-tieng-anh-co-dap-an.doc
 
Plant Tissue culture., Plasticity, Totipotency, pptx
Plant Tissue culture., Plasticity, Totipotency, pptxPlant Tissue culture., Plasticity, Totipotency, pptx
Plant Tissue culture., Plasticity, Totipotency, pptx
 
Awards Presentation 2024 - March 12 2024
Awards Presentation 2024 - March 12 2024Awards Presentation 2024 - March 12 2024
Awards Presentation 2024 - March 12 2024
 
The OERs: Transforming Education for Sustainable Future by Dr. Sarita Anand
The OERs: Transforming Education for Sustainable Future by Dr. Sarita AnandThe OERs: Transforming Education for Sustainable Future by Dr. Sarita Anand
The OERs: Transforming Education for Sustainable Future by Dr. Sarita Anand
 
Metabolism , Metabolic Fate& disorders of cholesterol.pptx
Metabolism , Metabolic Fate& disorders of cholesterol.pptxMetabolism , Metabolic Fate& disorders of cholesterol.pptx
Metabolism , Metabolic Fate& disorders of cholesterol.pptx
 
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - HK2 (...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - HK2 (...HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - HK2 (...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - HK2 (...
 
3.14.24 Gender Discrimination and Gender Inequity.pptx
3.14.24 Gender Discrimination and Gender Inequity.pptx3.14.24 Gender Discrimination and Gender Inequity.pptx
3.14.24 Gender Discrimination and Gender Inequity.pptx
 
The basics of sentences session 8pptx.pptx
The basics of sentences session 8pptx.pptxThe basics of sentences session 8pptx.pptx
The basics of sentences session 8pptx.pptx
 
BÀI TẬP BỔ TRỢ TIẾNG ANH 11 THEO ĐƠN VỊ BÀI HỌC - CẢ NĂM - CÓ FILE NGHE (GLOB...
BÀI TẬP BỔ TRỢ TIẾNG ANH 11 THEO ĐƠN VỊ BÀI HỌC - CẢ NĂM - CÓ FILE NGHE (GLOB...BÀI TẬP BỔ TRỢ TIẾNG ANH 11 THEO ĐƠN VỊ BÀI HỌC - CẢ NĂM - CÓ FILE NGHE (GLOB...
BÀI TẬP BỔ TRỢ TIẾNG ANH 11 THEO ĐƠN VỊ BÀI HỌC - CẢ NĂM - CÓ FILE NGHE (GLOB...
 
ICS2208 Lecture4 Intelligent Interface Agents.pdf
ICS2208 Lecture4 Intelligent Interface Agents.pdfICS2208 Lecture4 Intelligent Interface Agents.pdf
ICS2208 Lecture4 Intelligent Interface Agents.pdf
 
VIT336 – Recommender System - Unit 3.pdf
VIT336 – Recommender System - Unit 3.pdfVIT336 – Recommender System - Unit 3.pdf
VIT336 – Recommender System - Unit 3.pdf
 
DLL Catch Up Friday March 22.docx CATCH UP FRIDAYS
DLL Catch Up Friday March 22.docx CATCH UP FRIDAYSDLL Catch Up Friday March 22.docx CATCH UP FRIDAYS
DLL Catch Up Friday March 22.docx CATCH UP FRIDAYS
 
ANOVA Parametric test: Biostatics and Research Methodology
ANOVA Parametric test: Biostatics and Research MethodologyANOVA Parametric test: Biostatics and Research Methodology
ANOVA Parametric test: Biostatics and Research Methodology
 
PHARMACOGNOSY CHAPTER NO 5 CARMINATIVES AND G.pdf
PHARMACOGNOSY CHAPTER NO 5 CARMINATIVES AND G.pdfPHARMACOGNOSY CHAPTER NO 5 CARMINATIVES AND G.pdf
PHARMACOGNOSY CHAPTER NO 5 CARMINATIVES AND G.pdf
 
Alamkara theory by Bhamaha Indian Poetics (1).pptx
Alamkara theory by Bhamaha Indian Poetics (1).pptxAlamkara theory by Bhamaha Indian Poetics (1).pptx
Alamkara theory by Bhamaha Indian Poetics (1).pptx
 
LEAD5623 The Economics of Community Coll
LEAD5623 The Economics of Community CollLEAD5623 The Economics of Community Coll
LEAD5623 The Economics of Community Coll
 
3.12.24 Freedom Summer in Mississippi.pptx
3.12.24 Freedom Summer in Mississippi.pptx3.12.24 Freedom Summer in Mississippi.pptx
3.12.24 Freedom Summer in Mississippi.pptx
 
ASTRINGENTS.pdf Pharmacognosy chapter 5 diploma in Pharmacy
ASTRINGENTS.pdf Pharmacognosy chapter 5 diploma in PharmacyASTRINGENTS.pdf Pharmacognosy chapter 5 diploma in Pharmacy
ASTRINGENTS.pdf Pharmacognosy chapter 5 diploma in Pharmacy
 

Seacurity Hacking for Defense 2017

  • 1. SeaCurity Week 0 Problem: “USTRANSCOM lacks criteria to evaluate the prevention and resilience to cyber-attacks of infrastructure at US strategic seaports.” Solution: A set of cyber security standards. Now Problem: The lack of a port- specific framework limits USTRANSCOM’s ability to assess cyber resilience on a national level and prevents commercial port partners from efficiently identifying and prioritizing cybersecurity actions on the ground. Solution: A port-specific framework to assess cyber risk. 97 Interviews Sponsor: USTRANSCOM Sponsor Liaison: Col. Matthew Leard
  • 2. The Team Roi Chobadi Peter L. Higgins Darren Hau Mentor Mentor Benji Nguyen Public Policy Health Analytics 2017 Valerie Hau Computer Science Graphics 2018 Stanley Xie Computer Science AI 2019
  • 4. -Identify possible vulnerabilities and analyze the outcomes of these risks if they are carried through. -Create protocol for personnel to follow in the case of a cyber attack Military Sponsor: USTRANSCOM Civilian/Commercial Providers and Contractors Commercial Shipping and Warehouse Companies Cyber Security Experts Primary: United States Armed Forces Provide increased efficiency and reliability in transportation of personnel and material Secondary: Civilian Partners Increased reliability and control of day-to-day operations, improving efficacy of seaport both in military and commercial sectors Help prevent cyber attacks: -Provide clear understanding of current system capabilities -Identify potential security vulnerabilities -Evaluate strength of existing cyber defenses Help improve resiliency to cyber-attacks -Assess possible effects of a cyber attack -Reduce response time to cyber attacks, such as by training seaport personnel with a clear response protocol Improved understanding of current cyber defenses of U.S. strategic seaports Increase resilience of strategic seaports against hostile cyber activity -Deploy pilot system at California port (Oakland, Los, Angeles, San Diego Costs: -Personnel to update and maintain database and/or software system -Training programs/cost of integration -Software background will help understand existing seaport computer systems -Contacts with Oakland seaport will help understand the needs of commercial seaport stakeholders -Contacts with officers in Israeli Defense Forces cyber unit -Need partnership with a local military seaport to understand USTRANSCOM and the US Armed Forces’ needs -Need partnership with a local commercial seaport to test and provide feedback on prototypes Beneficiaries Mission Achievement Mission Budget/Costs Buy-In/Support Deployment Value PropositionKey Activities Key Resources Key Partners SeaCurity: Week 0 Mission Model Canvas
  • 5. -Identify possible vulnerabilities and analyze the outcomes of these risks if they are carried through. -Create protocol for personnel to follow in the case of a cyber attack Military Sponsor: USTRANSCOM Civilian/Commercial Providers and Contractors Commercial Shipping and Warehouse Companies Cyber Security Experts Primary: United States Armed Forces Provide increased efficiency and reliability in transportation of personnel and material Secondary: Civilian Partners Increased reliability and control of day-to-day operations, improving efficacy of seaport both in military and commercial sectors Help prevent cyber attacks: -Provide clear understanding of current system capabilities -Identify potential security vulnerabilities -Evaluate strength of existing cyber defenses Help improve resiliency to cyber-attacks -Assess possible effects of a cyber attack -Reduce response time to cyber attacks, such as by training seaport personnel with a clear response protocol Improved understanding of current cyber defenses of U.S. strategic seaports Increase resilience of strategic seaports against hostile cyber activity -Deploy pilot system at California port (Oakland, Los, Angeles, San Diego Costs: -Personnel to update and maintain database and/or software system -Training programs/cost of integration -Software background will help understand existing seaport computer systems -Contacts with Oakland seaport will help understand the needs of commercial seaport stakeholders -Contacts with officers in Israeli Defense Forces cyber unit -Need partnership with a local military seaport to understand USTRANSCOM and the US Armed Forces’ needs -Need partnership with a local commercial seaport to test and provide feedback on prototypes Beneficiaries Mission Achievement Mission Budget/Costs Buy-In/Support Deployment Value PropositionKey Activities Key Resources Key Partners SeaCurity: Week 0 Mission Model Canvas Primary: United States Armed Forces Provide increased efficiency and reliability in transportation of personnel and material Help prevent cyber attacks: -Provide clear understanding of current system capabilities -Identify potential security vulnerabilities -Evaluate strength of existing cyber defenses Help improve resiliency to cyber-attacks -Assess possible effects of a cyber attack -Reduce response time to cyber attacks, such as by training seaport personnel with a clear response protocol
  • 6. Initial Thoughts (Week 0-1) This problem space is enormous...
  • 7. Initial Thoughts (Week 0-1) It seems like a lot of research has been done already in cybersecurity! DHS Coast Guard NIST
  • 8. Initial Thoughts (Week 0-1) TRANSCOM lacks a clear understanding of the consequences of cyber attacks. -D R Kenerley (TCJ6)
  • 9. Initial MVP (Week 0-1) Identification of critical points Map of port facility
  • 10. Initial Thoughts (Week 0-1) There is already an existing visualization tool : DAGGER -D R Kenerley (TCJ6)
  • 11. Initial Thoughts (Week 0-1) Commercial partners must also be a primary beneficiary - Industry Mentors, TRANSCOM, Coast Guard, and SDDC
  • 12. Primary: Commercial Port Manager Commercial Shipping Lines Managers Secondary: TCCC/SDDC officers SeaCurity: Week 1 Mission Model Canvas -Reach out to “hobby hackers” -Establish legal and secure limits for information sharing -Design clear, easy-to-use, and secure interface Military Sponsor: USTRANSCOM (TCCC and SDDC Division) Civilian/Commercial Providers and Contractors Commercial Shipping and Warehouse Companies Commercial Port Managers/Security Officers Improved understanding of current cyber defenses of U.S. strategic seaports Increase resilience of strategic seaports against hostile cyber activity -Deploy pilot system at California port (Oakland, Los, Angeles, San Diego Costs: -Personnel to update and maintain database and/or software system -Training programs/cost of integration -Software background will help understand existing seaport computer systems -Contacts with Oakland seaport will help understand the needs of commercial seaport stakeholders -”Hobby hackers” -Need partnership with a local military seaport to understand USTRANSCOM and the US Armed Forces’ needs -Need partnership with a local commercial seaport to test and provide feedback on prototypes Beneficiaries Mission Achievement Mission Budget/Costs Buy-In/Support Deployment Value PropositionKey Activities Key Resources Key Partners Low-cost identification of vulnerabilities Low-cost identification of vulnerabilities Increased awareness of cyber threat space Clearer understanding of commercial capabilities Secondary: -TCCC/SDDC Officers Primary: -Commercial Port Manager -Commercial Shipping Lines Manager
  • 13. Let’s Focus on Commercial Partners (Week 2-3)
  • 14. MVP II (Week 0-1) Bug Bounty Platform
  • 15. It Already Exists?! (Week 2-3) Red Team/Bug Bounty Platform Visualization tool DAGGER
  • 16. Data Sharing Problem (Week 2-3) Ports are reluctant to share sensitive info about their systems… Herbert Lin (Hoover Institute), TRANSCOM
  • 17. Visiting the Port of Oakland (Week 4-5)
  • 18. Visiting the Port of Oakland (Week 4-5) Cranes Cargo Mgmt System Scanning System
  • 19. Primary: Secondary: SeaCurity: Week 3 Mission Model Canvas -Identify “Critical Infrastructure” (defining it as infrastructure that must be available/operating in order for ships to come in and out of port and cargo to be taken in/shipped out) -Code up system for visualizing critical infrastructure and provide analysis of potential patches -Establish legal and secure limits for information sharing -Design clear, easy-to-use, and secure interface Military Sponsor: USTRANSCOM (TCCC and SDDC Division) Civilian/Commercial Providers and Contractors Commercial Shipping and Warehouse Companies Commercial Port Managers/Security Officers Improved understanding of current cyber defenses of U.S. strategic seaports Increase resilience of strategic seaports against hostile cyber activity -Deploy pilot system at California port (Oakland, Los, Angeles, San Diego Costs: -Personnel to update and maintain database and/or software system -Training programs/cost of integration -Software background will help understand existing seaport computer systems -Contacts with Oakland seaport will help understand the needs of commercial seaport stakeholders -”Hobby hackers” -Need partnership with a local military seaport to understand USTRANSCOM and the US Armed Forces’ needs -Need partnership with a local commercial seaport to test and provide feedback on prototypes Beneficiaries Mission Achievement Mission Budget/Costs Buy-In/Support Deployment Value PropositionKey Activities Key Resources Key Partners -Quicker baseline assessment of basic cyber hygiene -Allow ports to assess themselves relative to other port facilities -Provide baseline for common understanding between commercial and military representatives -Allows for baseline platform for discussion between commercial and military organizations Commercial Port Security Officer TCCC-X Officer SDDC Officer Mission Assurance Officer -Provide General McDew with better grasp of cybersecurity assessments and better understanding of cybersecurity rankings of sea ports - Effective UI/UX distills high volume of information to better understand cyber- vulnerabilities Coast Guard - Better understanding of baseline port comparisons Key Activity -Identify “Critical Infrastructure”
  • 20. Isolating the Pain Point (Week 4-5) Week 0 Week 1 Week 2 Week 3 Week 4 Week 5 MVP Idea Standards? Visualization? Bounty platform?
  • 21. Isolating the Pain Point (Week 4-5) Week 0 Week 1 Week 2 Week 3 Week 4 Week 5 MVP Idea Standards? Visualization? Bounty platform? Who are our beneficiaries?
  • 22. What frameworks are used now?(Week 4-5) NIST
  • 23. What frameworks are used now?(Week 4-5) NIST Big companies Small Businesses Federal Agencies Private Organizations
  • 25. Isolating the Pain Point (Week 4-5) No port-specific framework baseline.
  • 26. Isolating the Pain Point (Week 4-5) Back to Square One!
  • 27. Isolating the Pain Point (Week 4-5) Finding a proxy...
  • 28. MVP III (Week 4-5) System Low Risk Medium Risk High Risk Cargo Management System ● Software running on antiquated operating systems ● Accessible through network ● Access limited to central port authority or terminal operator ● Software running on antiquated operating systems ● Accessible through network ● Shared among multiple parties Crane ● Manually operated ● Access limited to physical presence ● Significant human intervention during operation ● Mostly manually operated ● Connections to other systems within terminal or port ● Automated ● High network connectivity with other automated systems ● Limited human intervention Scanning System ● Requires human verification of results ● Access limited to authorized personnel ● Not connected to broader network ● Mostly automatic (?) ● Connected to outside network
  • 29. A New Path (Week 6-Present) For TRANSCOM, mission criticality level crucial for framework to be utilized. -Elizabeth Durham-Ruiz (Deputy Director, TCJ-6)
  • 30. Mission Criticality (Week 6-Present) System Low Critical Medium Critical High Critical Cargo Management System ● Communication alternatives and protocols in place that would allow for identification and processing of military cargo ● Shutdown of cargo management stops all port activities at terminal ● No alternative method for identifying military outload safely and efficiently Crane ● Cargo being transported is RORO ● Separate RORO terminals available ● Multiple crane facilities available for military transport ● Both container and RORO cargo, but critical cargo is RORO ● Critical cargo is container Scanning System ● Alternative communication or protocol in place for identification and verification of military cargo ● Shutdown prevents efficient verification and identification of military cargo
  • 31. Mission Criticality (Week 6-Present) Risk LevelMission Critical Level Risk Alleviation Guidelines Score
  • 32. A New Path (Week 6-Present) Teaching Team: How will our framework be used?
  • 33. A New Path (Week 6-Present) USTRANSCOM TCCC-X TCJ6 TCJ3 SDDC Port Authorities
  • 34. A New Path (Week 6-Present) “We would like real-time data if possible” D R Kenerley (TCJ6), Cheryl Hepp (TCJ6)
  • 36. Breakthrough : MPS-ISAO MPS-ISAO TRANSCOM Commercial Port Authorities Data Framework Data
  • 37. Breakthrough : MPS-ISAO MPS-ISAO TRANSCOMSeaCurity Commercial Port Authorities Data Framework Data
  • 38. Primary: Secondary: SeaCurity Current: Mission Model Canvas -Identify “Critical Infrastructure” (defining it as infrastructure that must be available/operating in order for ships to come in and out of port and cargo to be taken in/shipped out) - Provide general framework for port cybersecurity and more specific example of cargo mangement system -Establish legal and secure limits for information sharing - Create partnership between TRANSCOM and ISAO for valuable data aggregation and sharing -Work with TCJ3 and TCJ6 officials to reach an agreed-upon framework -Work with SDDC or DHS assessment teams to integrate into an existing pipeline Costs: -Personnel to update and maintain database and/or software system -Training programs/cost of integration - ISAO and TRANSCOM SME - Terminal Operating System Software provider SMEs -Need partnership with a local military seaport to understand USTRANSCOM and the US Armed Forces’ needs -Need agreement of TCJ3 and TCJ6 -SDDC officials must be willing to work with new assessment Beneficiaries Mission Achievement Mission Budget/Costs Buy-In/Support Deployment Value PropositionKey Activities Key Resources Key Partners -Quicker baseline assessment of basic cyber hygiene -Allow ports to assess themselves relative to other port facilities -Provide baseline for common understanding between commercial and military representatives -Allows for baseline platform for discussion between commercial and military organizations Commercial Port Security Officer TCCC-X Officer Mission Assurance Officer -Provide General McDew with better grasp of cybersecurity assessments and better understanding of cybersecurity rankings of sea ports - Effective UI/UX distills high volume of information to better understand cyber- vulnerabilities Coast Guard -Method for baseline port comparisons TCJ6 Officer -Provide a standard for evaluating and an incentive to improve cyber readiness. See table on next slide ISAO -Cooperation with TRANSCOM and usage of standards could provide fruitful new partnership with valuable information Military Sponsor: USTRANSCOM (TCCC- x, TCJ6, TCJ3, and SDDC Division) Military Partner: Maritime and Port Security ISAO Civilian/Commercial Providers and Contractors Commercial Shipping and Warehouse Companies Commercial Port Managers/Security Officers Primary Beneficiaries: ● TCJ6 ● Port Security Officers ● MPS-ISAO
  • 40. Mission Achievement Beneficiary Mission Achievement TRANSCOM Improved understanding of cyber readiness at the national level Commercial Port Security Officer Guidelines for cybersecurity improvements MPS-ISAO New partnership and new channel to collect data on seaport infrastructure
  • 41. Internal Readiness Level & Next Steps 1. Refine and submit our framework with a report detailing our findings 1. Foster partnership between MPS- ISAO and USTRANSCOM 1. Eventually have TRANSCOM and MPS-ISAO refine and expand our framework for integration Port Infrastructure Identification Research of Industry Standards Development of Product Product Demonstration and User Feedback Organizational Adoption Product Launch
  • 42. Acknowledgements Thank you to the teaching staff, our sponsor at USTRANSCOM, Col. Leard, our mentors Roi Chobadi and Peter Higgins, and all our interviewees who have taken valuable time out of their day to talk with us.
  • 44. Cost Flow Diagram Initial Refinement by MSEs: $200? Initial Refinement by MSEs: $200? TRANSCOM MSP-ISAO Approval Process: $50? Approval Process: $50? Build into Integrated Platform: $500? Monthly ISAO Subscription: $50-100/mo
  • 45. Financial/Operations Timeline 1 month 1 month 1 month 1 month 1 month 1-2 weeks 2-3 months 2-3 months Indefinitely SME-? SME- ? Monthly ISAO Subscription Fee- $50-100/mo Disperse ISAO Info to Lessees- $0 Build Platform with ISAO- $500
  • 46. Minimum Viable Product: Framework Risk Level Mission Critical Level (TRANSCOM only) Risk Alleviation Guidelines Score
  • 47. Path for Integration... Integrate framework into existing SDDC pipeline
  • 48. Path for Integration... Maritime and Port Security Information Sharing and Analysis Organization (MPS-ISAO)
  • 49. Procurement Process: Framework TCCC-x within TRANSCOM requests framework Approval from TCJ6 Division Approval from TCJ3 Division Integration into existing assessment pipeline H4D team contacted Framework submitted for review Refinement by TRANSCOM SME Integration into data collection pipeline Framework submitted for review Refinement by ISAO SME
  • 50. Path for Integration... ● Currently MPS-ISAO does not have a partnership established to share information with USTRANSCOM, but are working towards secure information sharing with commercial port partners Christy Coffey (Director of Strategic Alliances, MPS-ISAO) ● USTRANSCOM officials are not aware of MPS-ISAO, but desire real-time data on cyber risk Lt. Col. Leard (TCCC-X), Cheryl Hepp (TCJ6), Phil Krueger (SDDC)
  • 51. Path for Integration... Key Partnership Opportunity
  • 52. Activities Gantt Chart 1 month 1 month 1 month 1 month 1 month 1-2 weeks 2-3 months 2-3 months Indefinitely
  • 53. Resources, Partners, Activities Customer Discovery Outreach Review and Approval Integration Implementation USTRANSCOM Seaport Terminal Operators, Commercial Partners Maritime and Port Security ISAO Maritime ISAC Subject Matter Experts, TCJ-6, TCJ-3
  • 54. Minimum Viable Product: TRANSCOM Framework Risk Level Mission Critical Level Risk Alleviation Guidelines Score
  • 55. Minimum Viable Product: ISAO/Commercial Framework Risk Level Risk Alleviation Guidelines Score
  • 56. Minimum Viable Product: Vulnerability Level Low Risk Medium Risk High Risk ● Generally well-established practices ● Follows basic cyber hygiene ● Generally manually operated with high levels of human intervention/authentication ● Uses antiquated software, but with good access control ● Some automation ● Moderate levels of human intervention ● Uses antiquated software without good access control ● High levels of automation ● High connectivity to outside network ● Low levels of human intervention
  • 57. Things We Learned/Other Feedback Cargo Management System Terminal Operating System
  • 58. Minimum Viable Product: Mission Critical Level C3 C2 C1 ● Minor slowdown ● Capabilities can be easily achieved through alternative method ● Moderate time delay (hours) ● Capabilities can be achieved with significant effort (manual, etc) ● Significant time delay (days) or complete stoppage of goods ● Capabilities cannot be replaced ● Casualties (injuries or death)
  • 59. Minimum Viable Product: Systems, Mission System Low Critical Medium Critical High Critical Cargo Management System ● Communication alternatives and protocols in place that would allow for identification and processing of military cargo ● Shutdown of cargo management stops all port activities at terminal ● No alternative method for identifying military outload safely and efficiently Crane ● Cargo being transported is RORO ● Separate RORO terminals available ● Multiple crane facilities available for military transport ● Both container and RORO cargo, but critical cargo is RORO ● Critical cargo is container Scanning System ● Alternative communication or protocol in place for identification and verification of military cargo ● Shutdown prevents efficient verification and identification of military cargo
  • 60. Old Minimum Viable Product: Systems, Risk System Low Risk Medium Risk High Risk Terminal Operating System Crane Scanning System
  • 61. Old Minimum Viable Product: Systems, Risk System Low Risk Medium Risk High Risk Terminal Operating System Crane Scanning System
  • 62. Minimum Viable Product: Systems, Risk Capability Score Cyber Hygiene Automation Level Network Connectivity Access Control Software Support Point Score System currently used in SDDC assessment (Philip Krueger, SDDC)
  • 63. Minimum Viable Product: Systems, Risk Software Support Low Risk Medium Risk High Risk Software Updates Software updates offered frequently and are utilized in timely manner Available, but updated infrequently or is not on most recent version No longer supported, or software updates not utilized Monitoring Software providers or third parties utilized to provide monitoring system to detect anomalies No monitoring utilized. Relationship with Software Provider Frequent connection with software provider; software provider plays active role in implementation and maintenance of system No contact with software provider since time of implementation
  • 64. Minimum Viable Product: Systems, Risk Considerations ● Is the system is native to the port environment (running on port computers vs cloud-based solution)? ● How do different parties have access to this shared database? ● What is the authentication process for logging into the dashboard? ● How are updates carried out (through physical visits by software provider, over the internet)
  • 65. Next Steps 1. Talk to both a terminal operating system provider like NAVIS and a terminal operator at a port to map out attack surfaces. 1. Schedule and facilitate joint meeting between USTRANSCOM and ISAO to discuss potential possibility of partnership.
  • 66. Primary: Secondary: SeaCurity: Mission Model Canvas -Identify “Critical Infrastructure” (defining it as infrastructure that must be available/operating in order for ships to come in and out of port and cargo to be taken in/shipped out) - Provide general framework for port cybersecurity and more specific example of cargo mangement system -Establish legal and secure limits for information sharing - Create partnership between TRANSCOM and ISAO for valuable data aggregation and sharing Military Sponsor: USTRANSCOM (TCCC- x, TCJ6, TCJ3, and SDDC Division) Military Partner: Maritime and Port Security ISAO Civilian/Commercial Providers and Contractors Commercial Shipping and Warehouse Companies Commercial Port Managers/Security Officers -Work with TCJ3 and TCJ6 officials to reach an agreed-upon framework -Work with SDDC or DHS assessment teams to integrate into an existing pipeline Costs: -Personnel to update and maintain database and/or software system -Training programs/cost of integration - ISAO and TRANSCOM SME - Terminal Operating System Software provider SMEs -Need partnership with a local military seaport to understand USTRANSCOM and the US Armed Forces’ needs -Need agreement of TCJ3 and TCJ6 -SDDC officials must be willing to work with new assessment Beneficiaries Mission Achievement Mission Budget/Costs Buy-In/Support Deployment Value PropositionKey Activities Key Resources Key Partners -Quicker baseline assessment of basic cyber hygiene -Allow ports to assess themselves relative to other port facilities -Provide baseline for common understanding between commercial and military representatives -Allows for baseline platform for discussion between commercial and military organizations Commercial Port Security Officer TCCC-X Officer SDDC Officer Mission Assurance Officer -Provide General McDew with better grasp of cybersecurity assessments and better understanding of cybersecurity rankings of sea ports - Effective UI/UX distills high volume of information to better understand cyber- vulnerabilities Coast Guard -Method for baseline port comparisons TCJ6 Officer -Provide a standard for evaluating and an incentive to improve cyber readiness. See table on previous slide ISAO -Cooperation with TRANSCOM and usage of standards could provide fruitful new partnership with valuable information
  • 67. Deployment Timeline 1 week 2 weeks 2-3 weeks Framework Integration 6 months - 1 year (?)
  • 68. Awareness Interest Consideration Adoption Keep Referrals Cross-sell Up-Sell Un-Bundle Get Keep Grow ● Awareness: Problem sponsor LTC Leard @ USTRANSCOM recognizes need for better characterization of cyber-risk at US Seaports ● Interest: Discussed problem/proposed MVPs with various possible beneficiaries including ports, shipping lines, coast guard, etc. ● Consideration: Iteratively improving the MVP and validating features of the product through discussions with beneficiaries ● Adoption: Put standards into use at various strategic ports ○ Requires buy-in from TCCC-X officers and TCJ6 officers ○ SDDC officers must be able to seamlessly integrate framework into existing assessment pipeline
  • 69. Awareness Interest Consideration Adoption Keep Referrals Cross-sell Up-Sell Un-Bundle Get Keep Grow ● Regular customer check-ins and feedback from ports ● TC sends representatives to each port to increase engagement and delegate responsibility ● Maintain updated set of standards and risk assessments
  • 70. Awareness Interest Consideration Adoption Keep Referrals Cross-sell Up-Sell Un-Bundle Get Keep Grow ● Grow ○ Begin with military and strategic ports ○ Spread potential through Coast Guard contacts to other commercial seaports ○ Adoption of our standards at all U.S ports
  • 71. Supporters, Saboteurs Supporters ○ Port Security Officer ○ Coast Guard representative: Brian Griffiths Advocates ○ USTRANSCOM ■ TJC6: D. R. Kenerley (Chief of Cyber Strategy) ■ TCCC-X (Lt. Col Leard) Saboteurs ○ Commercial lessees (Maersk, etc)
  • 72. This Week: TCCC-X Assessment Flow TCCC-X Officer TCCC (General Darren W. McDew) Wants to be able to assess ports’ cyber capabilities in wartime crisis, requests method for doing so Reports on new ideas/research, drafts speeches and presentations TCJ6 OfficerH4D Mission Assurance Officer Requests Assessment Standards Strategic Ports Program Manager (MARAD)
  • 73. This Week: Ground Assessment Workflow Mission Assurance Officer SDDC Officer Commercial Port Security Officer SDDC Contractor Coast Guard Requests Capabilities Report Requests Cyber Report Compile Score Matrix and Format Report Accompanies SDDC to ports (Just started doing this/Military Ports only) Joint Cyber Center Officer Request Scheduling Schedules Schedules Meets with @ Port Facilities Participates in “tabletop exercises” and “operation exercises” to evaluate port protocol and response TCJ6 Officer Accompanies SDDC to ports to conduct cyber research Commercial Cyber Company Conduct port-specific cyber vulnerability assessment = Requested by TCCC-X
  • 74. This Week: Policy Assessment Workflow Coast Guard Strategic Ports Program Manager (MARAD) TCJ6 Officer = Requested by TCCC-X Commercial Port Security Officer Meet, compile, and discuss research and possible policy solutions (NPRN) Create committees and subcommittees to research port- specific vulnerabilities
  • 75. TCJ6 Officer: Archetype ● 30-60 years ● Mix of civilian and military background ● Cyber/Security domain experts ● Concerned with adoption of new ideas and standards specifically for security purposes
  • 76. TCJ6 Officers: Value Proposition Canvas Products & Services Seaport Security Visualization -Application offers easy-to- digest framework for assessing cyber readiness at the port level -Application makes it easier to evaluate cyber readiness of ports against each other. Customer Jobs Identify and create new, better policies for security for DoD transport systems 1. No national picture to understand the port security status as a whole 2. Ports have widely different infrastructures and it is difficult to compare them Gains Pains Gain Creators Pain Relievers Increased understanding of port critical infrastructure, easy accessibility to such info, and the ability to compare individual seaports’ cyber readiness. -Provide basic framework to understand current systems in place for critical infrastructure - Removes need for TCJ6 Officers to manually assess cyber readiness -Keep focus on critical infrastructure that is common at all ports across the nation
  • 77. ISAO Official: Archetype ● 20-40 years ● Civilian background ● Maritime domain expertise ● Concerned with adoption of information sharing platform
  • 78. ISAO Official: Value Proposition Canvas Products & Services Seaport Security Visualization -Framework provides detailed, port-specific skeleton to understand the flow of cyber information at the national port level Customer Jobs Channel ideas, risk detection, and standards between commercial and federal spheres 1. Little clarity on port-specific needs 2. No existing way to connect with TRANSCOM, a key player in the maritime transportation industry Gains Pains Gain Creators Pain Relievers Good understanding of maritime domain = ability to effectively collect and prioritize information sharing -Framework focuses only on maritime port infrastructure -Framework is split into mission-specific and commercial-specific sectors for easy sharing of information for TRANSCOM and ISAO
  • 79. SDDC Engineer: Archetype ● 30-50 years ● Civilian background ● Views role as performing “on ground” checks based on concerns identified from higher-up chain of command ● Concerned with capability of ports to support wartime military activity
  • 80. SDDC Engineer: Value Proposition Canvas -Database of common systems in place and corresponding vulnerabilities = better baseline assessment of critical infrastructure at ports Customer Jobs Assess capabilities that can be provided to military during wartimes at port 1. Little domain expertise in cyber area 2. Have to talk with many different port and commercial authorities who have overlapping jurisdiction at the port facility Gains Pains Gain Creators Pain Relievers 1. Expedited identification of vulnerabilities = faster assessment 2. Better understanding of critical vulnerabilities in our seaports -Database provides understanding of vulnerabilities and systems of interest - Platform provides baseline for common understanding between commercial and military representatives Products & Services Seaport Security Visualization
  • 81. Landlord Port Security Officer: Archetype ● 30-50 years ● Civilian background, may have industry security experience ● Concerned mostly with keeping commercial operations flowing
  • 82. Landlord Port Security Officer: Value Proposition Canvas -Visualization and Database of known common system vulnerabilities = quicker baseline assessment of basic cyber hygiene Customer Jobs Assess security at commercial port to ensure continuous commercial business 1. Current solutions are very high cost 2. Limited understanding of current capabilities 3. No common platform to compare and learn from other ports Gains Pains Gain Creators Pain Relievers Evaluation of existing cyber defenses + Identification of vulnerabilities = Safer and more reliable cargo transport = Better reputation and more business - “Big-picture” vulnerabilities allow ports to assess themselves relative to other port facilities - Effective UI/UX distills high volume of information to better understand cyber- vulnerabilities Products & Services Seaport Security Visualization
  • 83. Coast Guard Security Officer: Archetype ● 30-40 years ● Civilian background ● Domain expert for security measures at specific port at which he/she is deployed ● Concerned with ensuring safety at port facility and security of cargo transport ● Responsible for collecting and compiling reports on “suspicious activities” and “security breaches”
  • 84. Coast Guard Security Officer: Value Proposition Canvas Products & Services Seaport Security Visualization -Focuses on “big-picture” critical infrastructure as a basic platform for discussion Customer Jobs Ensure the “Safety and Security” of personnel and cargo at portside facility 1. No existing method to evaluate ports to each other 2. Given control of cyber domain, but may not be technical cyber experts Gains Pains Gain Creators Pain Relievers Better understanding of baseline port comparisons = better able to manage and create security protocol at specific port - Enhances Coast Guard port- specific domain knowledge with broader port system visualization
  • 85. Mission Assurance Officer: Archetype ● 30-50 years ● Civilian background ● Views role as synchronizer of analysts and contractors assessing ports “on the ground” ● Concerned mostly with identifying risks for specific operation plans/missions
  • 86. -“Big Picture” visualization allows for baseline platform for discussion between commercial and military organizations -Increase common understanding of current vulnerabilities in critical infrastructure Customer Jobs Gather information about capabilities of facilities and determine risks for operation 1. Limited understanding of current capabilities 2. Have to compile situational awareness from various written paper reports Gains Pains Gain Creators Pain Relievers - Effective UI/UX distills high volume of information to better understand cyber- vulnerabilities Mission Assurance Officer: Value Proposition Canvas Developing good communication with commercial port partners = healthy relationship with commercial port partners and better assurance of reliability of port facilitiesProducts & Services Seaport Security Visualization
  • 87. TCCC-X Officers: Archetype ● 20-30 years ● Military background ● May lack maritime domain expertise due to different military backgrounds (USAF) ● Concerned with facilitating the adoption of new ideas that will support individual division goals within USTRANSCOM
  • 88. TCCC-X Officers: Value Proposition Canvas Products & Services Seaport Security Visualization -Application identifies vulnerabilities without adding another layer of bureaucracy -Focuses on “big-picture” critical infrastructure as a basic platform for discussion Customer Jobs Channel ideas between TRANSCOM divisions and Commander 1. Little clarity on quality of existing cyber defenses 2. Ports have widely different infrastructures and it is difficult to understand each one Gains Pains Gain Creators Pain Relievers Good understanding of maritime domain = increased confidence and ability to identify and promote valuable improvements/ideas -Provide basic framework to understand current systems in place for critical infrastructure - Removes need for TCCC Officers to have in-depth grasp of inner workings of each port
  • 89. Mission Achievement Beneficiary Mission Achievement TCJ6 Having enough understanding cyber-resiliency status of ports at a national level to make systems and protocol that can be deployed at the national level that will increase efficacy and security of national supply chain TCCC-x Having enough understanding cyber-resiliency status of ports at a national level in order to portray a holistic overview of cyber resiliency status of national supply chain to TCCC General Darren W. McDew Coast Guard Understanding what vulnerabilities exist at a national level that they should be looking for and trying to fix at each port so they have a better way of ensuring all ports meet a national baseline in cyber security SDDC Provide an easier method to create a checklist for assessment officers to more easily check for cyber risks Mission Assurance Have a clear understanding of what cyber vulnerabilities may pose a direct risk to specific mission operations Commercial Port Officer Understand how they can improve their own systems based on status of other ports and based on guidelines/baseline set in place by TRANSCOM ISAO official Able to effectively collect data (i.e provide a checklist and clear categories) based on priority of critical infrastructure as it relates to commercial and federal sectors
  • 90. List of Critical Infrastructure Critical Infrastructure Vulnerabilities D Category Breakwater gates - Port Channel Blockage of any kind Deny Power Grid Facilities/Connections Failure (have backup generators though) Deny/Degrade Cargo Movement Systems (e.g. cranes) “Closed systems” but could still be vulnerable (Leard: airforce example) Deny/Degrade/Destroy RADAR Complete failure: have backup systems Tampering (cybersecurity): can lead to serious problems if not detected (e.g. guiding two ships to collide together under low visibility circumstances) - Cargo Management System Complete failure: paralysis of the terminal Tampering (cybersecurity): can lead to serious slowdowns of the port or physical security breaches Deny/Degrade Scanning System Shutdown failure: paralysis of the terminal Tampering: can lead to pysical security Deny Physical Digital
  • 91. Procurement Process: Third-Party Partnerships Company creates/has idea for possible solution Approach TTILO (Transportation and Technology Industry Liason Office) Reject Accept More Information Requested Referral to Subject Matter Expert (TCJ6, TCJ3, or SDDC officer in our case) AcceptReject More Information Requested Buying division adopts program/product or create CRADA for further work From http://www.ustranscom.mil/dbw/ttilo/
  • 92. Procurement Process: Within TRANSCOM Division within TRANSCOM requests capability/tool Product made fully available to TRANSCOM and Strategic Seaports Division within TRANSCOM with capabilities to develop tool contacted TRANSCOM-specific product submitted back for approval
  • 93. Third Party Subscription Platform 2 weeks 3 weeks 1 month 6 months3 months