In a program dating back to the March 2015 Maritime Cyber Security Learning Seminar and Symposium held at CCICADA, the center has been the research lead for a university-Coast Guard initiative on maritime cyber security. In this initiative, the USCG poses research challenges and different members of the research community, primarily at universities, take on the challenges. The researchers write white papers dealing with the challenge problems. A meeting is held during which participants break into groups and discuss the white papers, offering suggestions and advice to the authors. In plenary sessions, future research challenges are discussed.
These meetings are by invitation only. Invitees come from universities, government agencies, national labs, the private sector, etc.
Here is a list of the current Research Questions to be discussed at this meeting.
Maritime Cyber Security: Research Questions for Phases IV and V:
Q1: What are the accepted/respected cyber standards in use or in-development, that could be applied to facilities and vessels?
Q1: Additional note - do the identified standards have similar lexicon and follow the NIST Framework?
Q2: Noting that the opening step will be a self-assessment, what are the skills and credentials of credible 3rd parties that the USCG can point to, that would validate cyber plans and assessments for terminals/facilities or vessels?
Q3: How can the Coast guard, or a vessel or facility operator, identify and evaluate potential synergies between cyber and physical vulnerabilities to result in a holistic security assessment - including consequence management?
Q3: Additional note - DHS has been a proponent of 'threat indicator' sharing as a way to minimize sharing of proprietary business information that would cause businesses to be unwilling to share cyber incidents with government and industry partners. How do we socialize and facilitate threat indicator sharing between the maritime industry and other industries?
Q4: What are the minimum elements for/of a cyber assessment that will address elements of vulnerability and consequence for MTSA regulated facilities and vessels?
Q5: How can regulators and industry work together to develop consensus policies that are remain relevant despite rapidly evolving technologies and threats?
Q6: Currently human-in-the-loop redundancies have prevented loss of life or damage to the marine environment as a result of cyber incidents on vessels. For instance: Dynamically positioned vessels have had computer glitches which caused drive-offs but consequences have been mitigated by professional mariners taking manual control within seconds of the drive-off and preventing collisions or emergency break-aways. Given pressures to improve efficiencies and reduce manning, are there certain redundancies, that if they were to be reduced or removed, would result in greater consequences to cyber incidents?
For further information, email James Wojtowicz, CCICADA Managing Director (email@example.com)