« CCICADA Working Group Meeting: University/USCG Working Meeting on Maritime Cyber Security
March 07, 2018
Location:
DIMACS Center
Rutgers University
CoRE Building
96 Frelinghuysen Road
Piscataway, NJ 08854
Click here for map.
Organizer(s):
Fred Roberts, DIMACS
Contact(s):
James Wojtowicz, CCICADA
CoRE Building
96 Frelinghuysen Road
Piscataway, NJ 08854
E: wojtowic@dimacs.rutgers.edu
V: 848-445-4576
In a program dating back to the March 2015 Maritime Cyber Security Learning Seminar and Symposium held at CCICADA, the center has been the research lead for a university-Coast Guard initiative on maritime cyber security. In this initiative, the USCG poses research challenges and different members of the research community, primarily at universities, take on the challenges. The researchers write white papers dealing with the challenge problems. A meeting is held during which participants break into groups and discuss the white papers, offering suggestions and advice to the authors. In plenary sessions, future research challenges are discussed.
These meetings are by invitation only. Invitees come from universities, government agencies, national labs, the private sector, etc.
Here is a list of the current Research Questions to be discussed at this meeting.
Maritime Cyber Security: Research Questions for Phases IV and V:
Q1: What are the accepted/respected cyber standards in use or in-development, that could be applied to facilities and vessels?
Q1: Additional note - do the identified standards have similar lexicon and follow the NIST Framework?
Q2: Noting that the opening step will be a self-assessment, what are the skills and credentials of credible 3rd parties that the USCG can point to, that would validate cyber plans and assessments for terminals/facilities or vessels?
Q3: How can the Coast guard, or a vessel or facility operator, identify and evaluate potential synergies between cyber and physical vulnerabilities to result in a holistic security assessment - including consequence management?
Q3: Additional note - DHS has been a proponent of 'threat indicator' sharing as a way to minimize sharing of proprietary business information that would cause businesses to be unwilling to share cyber incidents with government and industry partners. How do we socialize and facilitate threat indicator sharing between the maritime industry and other industries?
Q4: What are the minimum elements for/of a cyber assessment that will address elements of vulnerability and consequence for MTSA regulated facilities and vessels?
Q5: How can regulators and industry work together to develop consensus policies that are remain relevant despite rapidly evolving technologies and threats?
Q6: Currently human-in-the-loop redundancies have prevented loss of life or damage to the marine environment as a result of cyber incidents on vessels. For instance: Dynamically positioned vessels have had computer glitches which caused drive-offs but consequences have been mitigated by professional mariners taking manual control within seconds of the drive-off and preventing collisions or emergency break-aways. Given pressures to improve efficiencies and reduce manning, are there certain redundancies, that if they were to be reduced or removed, would result in greater consequences to cyber incidents?
Attendance at the working group meeting is by invitation only. Invitees come from universities, government agencies, national labs, the private sector, etc.
The working group is presented with additional support and collaboration from the AEGIS project. AEGIS is a EU-US cooperation project in Cybersecurity and Privacy funded by Horizon 2020 EU Framework Programme for Research and Innovation.
Presented in association with the CCICADA Center.