Post on 24-Feb-2018
7/25/2019 Understanding & Mitigating Cyber Threats in the Maritime Domain - NATO NMIOTC June 2015
1/35
Robert Hayes
Senior DirectorMicrosoft Global Cyber Security & Data Protection Group
7/25/2019 Understanding & Mitigating Cyber Threats in the Maritime Domain - NATO NMIOTC June 2015
2/35
Presentation Objectives
IntroductionsCyber security context
Cyber security in the maritime sector
Developing cybersecurity maturity
What does success look like?
Characteristics of Successful Organisations
Quick wins
7/25/2019 Understanding & Mitigating Cyber Threats in the Maritime Domain - NATO NMIOTC June 2015
3/35
Introductions
7/25/2019 Understanding & Mitigating Cyber Threats in the Maritime Domain - NATO NMIOTC June 2015
4/35
7/25/2019 Understanding & Mitigating Cyber Threats in the Maritime Domain - NATO NMIOTC June 2015
5/35
7/25/2019 Understanding & Mitigating Cyber Threats in the Maritime Domain - NATO NMIOTC June 2015
6/35
Context
Organisations cannot ignore the potentialbenefits of emerging technologies
Efficiency savings & effectiveness gains
Dynamic data driven decision making
Context specific data to myriad of devices
Optimise business processes
Understand & predict behaviour
Innovate or go out of business
7/25/2019 Understanding & Mitigating Cyber Threats in the Maritime Domain - NATO NMIOTC June 2015
7/35
7/25/2019 Understanding & Mitigating Cyber Threats in the Maritime Domain - NATO NMIOTC June 2015
8/35
Context
However, using these technologies changesyour security environment
A new security model is needed
Concept of perimeter changes
Detection & Response becomes as importanceas Defence
Security exists within and enables an agreedorganizational risk model
7/25/2019 Understanding & Mitigating Cyber Threats in the Maritime Domain - NATO NMIOTC June 2015
9/35
Context
Cyber-attacks are growing in scale, scope,and sophistication
Hardware & software are targeted, often in
the supply chainAttackers range from disaffectedemployees, single-issue activists, hobby-
hackers, criminals, terrorists, and nationstates
It is safe to assume that you are a target
7/25/2019 Understanding & Mitigating Cyber Threats in the Maritime Domain - NATO NMIOTC June 2015
10/35
Context
Getting it wrong is expensive & can kill yourbusiness
5 % of business-related privacy and securitybreaches result in more $20 million in directcosts and damages
Those costs include legal expenses and legalsettlements, business interruption costs,
investigating and remediating problems, aswell as possibly paying for crisiscommunications and other specialized services
Aon Corp
7/25/2019 Understanding & Mitigating Cyber Threats in the Maritime Domain - NATO NMIOTC June 2015
11/35
Context
Just having insurance isnt enoughThe average cost for a breach is $7 million.Yet, the average portion of that cost borne bycyber-risk insurance is just $3 million
If you consider all revenue classes, only 8percent (of U.S. businesses) buy cybercoverage
Aon Corp
7/25/2019 Understanding & Mitigating Cyber Threats in the Maritime Domain - NATO NMIOTC June 2015
12/35
Context
This isnt just a data protection & privacyissue
What harm could an attacker do if they
chose to disrupt your infrastructure?Manipulate your connected equipment?
Disrupt GPS & navigation systems
Remotely change the mixing formula in yoursuppliers factory?
7/25/2019 Understanding & Mitigating Cyber Threats in the Maritime Domain - NATO NMIOTC June 2015
13/35
7/25/2019 Understanding & Mitigating Cyber Threats in the Maritime Domain - NATO NMIOTC June 2015
14/35
7/25/2019 Understanding & Mitigating Cyber Threats in the Maritime Domain - NATO NMIOTC June 2015
15/35
Cyber Security in the Maritime Sector
The maritime sector is particularlyvulnerable to a successful cyber attack
Reliance on complex embedded systems
Complex hardware & software supply chainwith dependence on remote management
Challenges of achieving skilled 1st, 2nd& 3rd
line supportLack of proximate third party or emergencysupport
7/25/2019 Understanding & Mitigating Cyber Threats in the Maritime Domain - NATO NMIOTC June 2015
16/35
7/25/2019 Understanding & Mitigating Cyber Threats in the Maritime Domain - NATO NMIOTC June 2015
17/35
Impact Assessment
Regulators, Markets & Media will judge yourorganization based on:How long it took to detect a breach
How long the attacker had been in the system
& level of access obtainedThe quality of control, monitoring & cyberhygiene measures in place & supported bypolicy
The effectiveness of the response planThe time taken to resume key services
The effectiveness & speed of the post breachcommunication
7/25/2019 Understanding & Mitigating Cyber Threats in the Maritime Domain - NATO NMIOTC June 2015
18/35
Impact Assessment
An increasing number of governments,insurance companies & enterprises areestablishing minimum standards of cybersecurity if your organization is to be part of
their supply chain or to seek insuranceOnly 1 in 3 supply chain vendor contractscontain security provisions
Only 1 in 3 supply chain vendors have anysecurity certification or accreditation
7/25/2019 Understanding & Mitigating Cyber Threats in the Maritime Domain - NATO NMIOTC June 2015
19/35
7/25/2019 Understanding & Mitigating Cyber Threats in the Maritime Domain - NATO NMIOTC June 2015
20/35
7/25/2019 Understanding & Mitigating Cyber Threats in the Maritime Domain - NATO NMIOTC June 2015
21/35
Developing Cybersecurity Maturity
The key here is to strike the right balanceenabling your organization to exploit thepotential of emerging technologieseffectively & securely?
Most organizations lack the skills at boardlevel to do this effectively & in-house ITalone is not enough
Who is advising you?
7/25/2019 Understanding & Mitigating Cyber Threats in the Maritime Domain - NATO NMIOTC June 2015
22/35
Organizations which regularly review cyberthreat & response planning at Board levelare subject to fewer successful attacks, andrespond more effectively when attacked
This is not a technology issue, it is abusiness change issue driven by strategicrisk & organizational imperatives
It has to be enshrined in policy & process tosucceed
Developing Cybersecurity Maturity
7/25/2019 Understanding & Mitigating Cyber Threats in the Maritime Domain - NATO NMIOTC June 2015
23/35
7/25/2019 Understanding & Mitigating Cyber Threats in the Maritime Domain - NATO NMIOTC June 2015
24/35
7/25/2019 Understanding & Mitigating Cyber Threats in the Maritime Domain - NATO NMIOTC June 2015
25/35
Attackers ROI = (G x T) (CV + CW)
Goal: increase attacker costs
Cyber Economics
7/25/2019 Understanding & Mitigating Cyber Threats in the Maritime Domain - NATO NMIOTC June 2015
26/35
7/25/2019 Understanding & Mitigating Cyber Threats in the Maritime Domain - NATO NMIOTC June 2015
27/35
Assume Breach is the operating principle& systems are tested against this
Situational awareness & assessment informstrategy & operational decision making
Supply chain & dependencies areunderstood & mapped
Coherent & rehearsed dynamic response
planEnshrined in policy, training, and process
Owned & reviewed at Board level
Characteristics of Successful Organisations
7/25/2019 Understanding & Mitigating Cyber Threats in the Maritime Domain - NATO NMIOTC June 2015
28/35
7/25/2019 Understanding & Mitigating Cyber Threats in the Maritime Domain - NATO NMIOTC June 2015
29/35
7/25/2019 Understanding & Mitigating Cyber Threats in the Maritime Domain - NATO NMIOTC June 2015
30/35
Reduce the number of privileged adminaccounts to the absolute minimum, reducethe scope of the ones left, and use multi-factor authentication
Patch & Update promptly
Cyberkeel Maritime Sector survey April 2015
37% failure rate
Control physical access to your network &devices and establish gateway identity &health checks for network connections
Quick Wins
7/25/2019 Understanding & Mitigating Cyber Threats in the Maritime Domain - NATO NMIOTC June 2015
31/35
Application whitelist
Baseline normal activity on your network& look for outlier behaviour
Have an alternative communication systemready for when you are attacked
Understand who will help you on tactical &
strategic recovery & have the relationshipin place. Have 24/7 contact numbers forkey personnel & vendors
Quick Wins
7/25/2019 Understanding & Mitigating Cyber Threats in the Maritime Domain - NATO NMIOTC June 2015
32/35
Most attacks require some user interaction.Writing clear policy, training & educatingstaff, combined with visible sanctions forbreaching policy works!
Quick Wins
7/25/2019 Understanding & Mitigating Cyber Threats in the Maritime Domain - NATO NMIOTC June 2015
33/35
7/25/2019 Understanding & Mitigating Cyber Threats in the Maritime Domain - NATO NMIOTC June 2015
34/35
The maritime sector is particularlyvulnerable to cyber attack, and theconsequences of a successful attack couldbe more severe than other domains
Organisations in the maritime sector shouldbe treating this as a high priority
The processes of Protect, Detect, Respondare mature in other sectors & will workequally effectively in the maritime sector.
Conclusion
7/25/2019 Understanding & Mitigating Cyber Threats in the Maritime Domain - NATO NMIOTC June 2015
35/35
Robert Hayes
Microsoft Global Cyber Security Group
robert.hayes@microsoft.com
The difficulty lies not in the new ideas,but in escaping from the old ones
John Maynard Keynes1883 - 1946