Identify – Protect – Detect – Respond – Recover
Moving from a reactive to a proactive cyber resilience stance to enable and ensure systems protection, accessibility, reliability and resilience requires addressing cybersecurity from a risk-based approach; assessing maritime-specific cyber risks and interdependencies; expanding beyond the physical aspects of security and safety by integrating cyber to reflect an all-hazards approach; increasing threat, vulnerability and countermeasure solutions information exchange; and adoption and adaption of best practice supported by sustained role-based education.
Maritime and Port Security Cyber Resilience protection efforts require:
- A Public/Private Collaborative Partnership – Cooperation, coordination and a sustainable collaborative infrastructure connecting public/private sector and cross-sector stakeholders…breaking down existing silos and boundaries within and across critical infrastructure sectors.
- Defending Cyberspace – Managing risk, integrating cybersecurity throughout the enterprise including systems planning & acquisition, optimizing intelligence-driven cyber defense, and increasing operational resilience
- Enabling Operations – Recognizing cyberspace as an operational domain, operationalizing resilience by integrating cyber resilience into mission planning and execution, increasing awareness capabilities and intelligence to support cyber operations, and leveraging cyber support to protect operations.
- Protecting Infrastructure – Promoting cyber risk awareness and management, improving risk assessment tools, methodologies and real-time information sharing, reducing vulnerabilities, and incorporating cyber resilience and cyber security role-based training.
- MPS-ISAO Threat Intelligence Reports and Advisories (TLP-Green) are available to “vetted” Maritime & Port critical infrastructure stakeholders.
- The Traffic Light Protocol (TLP) was created by the US Department of Homeland Security (DHS) in order to facilitate greater sharing of information. TLP is a set of designations used to ensure that sensitive information is shared with the appropriate audience. It employs four colors (TLP-Red, TLP-Amber, TLP-Green, and TLP-White) to indicate expected sharing boundaries to be applied by the recipient(s).
- TLP-Green: Sources may use TLP-GREEN when information is useful for the awareness of all participating organizations as well as with peers within the broader community or sector. Recipients may share TLP:GREEN information with peers and partner organizations within their sector or community, but not via publicly accessible channels. Information in this category can be circulated widely within a particular community. TLP:GREEN information may not be released outside of the community.
- If you are interested in receiving MPS-ISAO TLP-Green Reports and Advisories, please contact MPS-ISAO operations, firstname.lastname@example.org.
- Automated “Actionable” Threat Intelligence Multi-Directional Information Sharing – Threat Indicators, Incidents, Observables, Threat Actors, TTPs, Exploit Targets, Campaigns, and Countermeasure Solutions (STIX/TAXII Compliant). Additional Daily Alerts + Advisories
- Automated Threat Sighting Detection – Managed platform and network appliance to automate detection of community-shared threats and to support participation in the secure and trusted information sharing community.
- Unified real-time communications management (secure response planning, exercising, and incident response) via landline, cell, text, email, secure voice, secure video, mobile app two-way radio communications.
- Advancing Cyber Risk Management – Identifying top risks, tactics/techniques/procedures (TTPs), effective controls, sector differentiation, forecasting, trending and modeling.
- Cyber Risk Assessments (Certification/Accreditation), Cyber Resilience Independent Testing, Modeling & Simulation, Cybersecurity Education, Customizable Virtual Range to Exercise Skills, and resources to support customization to meet specific Maritime organizational requirements.
Cyber resilience is dependent upon opportunities to participate and leverage investments in operationalizing standards and best practices, benefit from collaborative partnerships to transfer knowledge, resource capacity and capability supported by sustainable training.
- Engaging stakeholders to participate with a defining voice to operationalize cyber resilience best practices and standards (US Coast Guard, NIST, Port & Maritime Organizations and Association).
- Strengthening resilience by strategically focusing on people, process and technology
- Aligning with the Business Mission providing a common lexicon, and enabling organizations to easily adopt and adapt guidance into existing policies, processes and procedures
- Leveraging the U.S. Coast Guard Cyber Strategy (June 2015), the NIST Framework for Improving Critical Infrastructure Cybersecurity, the Department of Defense Service Management Framework, IT Service Management (ITSM), additional best practices, lessons learned, and Maritime security and compliance requirements
- Supporting adoption and adaption with tools, templates, resources, technologies, and role-based cyber resilience workforce education (foundational and practitioner)