33
Winter 2014 – 2015 Proceedings
www.uscg.mil/proceedings
A seaport is part of a complex mari-
time transportation system with many
types of assets, operations, and infra-
structure as well as a widely diverse
set of stakeholders. These components
share critical interfaces with each other
and are often a part of a computerized
network. The seaport security regime
should likewise be built upon layers
of protection and a defense-in-depth
strategy that effectively mitigates criti-
cal system security risks, while pre-
serving the functionality and effciency
of the seaport. All port stakeholders
must work together to improve seaport
cybersecurity awareness, mitigation,
response, and recovery.
About the authors:
Mr. Xiuwen Liu is a computer science professor at Florida State University.
His research interests include developing novel ways to secure cyber/physical
systems and critical infrastructures and to detect zeroday exploits.
Mr. Mike Burmester is a computer science professor at Florida State Univer
sity and director of the Center for Security and Assurance in IT. After more
than 30 years of research and teaching, he joined the FSU faculty and has
more than 120 publications on security topics, including privacy/anonymity,
pervasive/ubiquitous systems, and cybersecurity.
Mr. W. Owen Redwood is a vulnerability researcher and Ph.D. student at
Florida State University. He teaches students to fnd and disclose zero-day
vulnerabilities in one of the nation's leading classes on offense/defense secu
rity. Owen's research interests are zeroday vulnerabilities, exploit develop
ment, critical infrastructure, and security visualization.
Mr. Fred Wilder, USCG Ret., spent 27 years as an offcer in the U.S. Coast
Guard. After being selected for Atlantic Area chief of staff, he retired to move
into the commercial business world and currently works as a maritime tech
nology and port security consultant.
Mr. Judd Butler holds an M.S. in educational psychology and learning sys
tems from Florida State University where he worked for 10 years as an asso
ciate in research and project manager. He has 18 years of experience as an
instructional designer and performance improvement consultant.
Endnotes:
1.
See http://heartbleed.com/.
2.
Control Systems Security the Protection of National Infrastructure (CPNI). Available
at http://ics-cert.us-cert.gov/sites/default/files/documents/Cyber_Security _
Assessments_of_Industrial_Control_Systems.pdf.
3.
L. Bilge and T. Dumitras. Before we knew it: an empirical study of zeroday attacks in
the real world. Proceedings, CCS '12 Proceedings of the 2012 ACM conference on
Computer and communication security, pp. 833–844, ACM, 2012. Available at
http://dl.acm.org/citation.cfm?id=2382284.
4.
Available at www.nsa.gov/ia/_fles/factsheets/I43V_Slick_Sheets/SlickSheet_
ApplicationWhitelisting_Standard.pdf.
5.
NIST SP 800-63-2, http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.
SP.800-63-2.pdf.
6.
K. Scarfone, T. Grance, and K. Masone. Computer security incident handling guide.
7.
RSA Advanced Threat Intelligence Team, July 20, 2012, https://blogs.rsa.com/lions-
at-the-watering-hole-the-voho-affair/.
8.
McAfee Threats Report: First Quarter 2013. McAfee® Labs.
For more information:
US-CERT website
https://www.us-cert.gov/
and
ICS-CERT website
https://ics-cert.us-cert.gov/
Any networked device associated with the seaport infrastructure is a potential zero-day vulnerability
hotspot. U.S. Coast Guard photo by Petty Offcer Tara Molle.