United States Coast Guard Office of Port and Facility Compliance (CG-FAC) Cybersecurity and the Marine Transportation System.

Transcription

1 United States Coast Guard Office of Port and Facility Compliance (CG-FAC) Cybersecurity and the Marine Transportation System

2 Overview Coast Guard Cyber Strategy Cyber Framework (CSF) What does it mean for Industry? Cyber Suspicious Activity/Cyber Incident Reporting Cyber Resources Q & A

3 USCG Cyber Strategy USCG Cyber Strategy has three parts: Computer Network Defense Decision Advantage MTS Cyber

4 USCG Cyber Strategy MTS Cyber incorporates cyber aspects across USCG missions: Assessments Standards Response

5 Cyber Framework (CSF) CSF Consists of established and widely accepted IT industry: Standards Guidelines Best Practices Adoption is NOT mandatory, but PROMOTED by USCG Requires interface between Operations and IT leadership and management to effectively adopt. CSF adoption occurs when an organization uses the framework as a key part of its systematic process to ID, assess, prioritize, and/or communicate cyber risk

6 CSF Adoption Tools Cyber security Assessment Tools Cyber Resiliency Review (CRR) is a DHS assessment tool that measures the implementation of key cyber security capacities and capabilities. The goal of the CRR is to ensure that core process-based capabilities exist, are measureable, and are meaningful as predictors for an organization s ability to manage cyber risk.. For more information about the CRR, contact the DHS Computer Evaluation Program (CSEP) at CSE@dhs.gov. Cybersecurity Capability Maturity Model (C2M2) a self-administered or facilitated mechanism to evaluate, prioritize, and improve cyber security capabilities. The model enables organizations to score their cyber security practices against the model process. Scores are used to determined risk tolerance for each domain and influence organizational efforts to improve scoring thus improving cyber security. This model is based on the electricity subsector s model. Coast Guard is working with the Dept of Energy to retool the model for the maritime industry. Cybersecurity Evaluation Tool (CSET) is a desktop software tool that guides users through a step-by-step process for basic assessment of the cyber security posture of their industrial control system and enterprise information technology networks. CSET is available for download or in DVD format. To learn more or download a copy, visit To obtain a DVD copy, send an with your mailing address to CSET@dhs.gov.

7 What does this mean to industry? Recommends: Weighing cyber risks into assessments Take advantage of the tools that are available to you Make your concerns known to the Coast Guard and DHS Stay proactive!

8 Cyber Suspicious Activity/Incident Reporting & Mitigation Report Cyber suspicious activity and security incidents (breaches of security) to the NRC at or Reporting is REQUIRED for incidents meeting the definition in 33 CFR Industry can seek assistance from US-CERT or ICS-CERT for reducing the opportunity for & mitigating cyber attacks

9 USCG - MTS Cyber Questions? cybermts@uscg.mil