Proceedings Of The Marine

44 Proceedings Winter 2014 – 2015 www.uscg.mil/proceedings scenarios included injecting invalid AIS data such as posi- tion, course, speed, name, cargo, fag, etc., or creating and modifying aids to navigation entities. 5 Finally, another well documented vulnerability is the vessel Electronic Chart Display and Information System (ECDIS), a computer-based navigation information system used as an alternate to paper nautical charts. 6 While system use is gen- erally restricted, the use of USB sticks, sensor infltration, or intrusion into the vessel's local area network could cause them to be compromised. Vulnerabilities include access to modify ECDIS fles and insert malicious content. Cyber Defenses and Resources The Brookings Institute Policy Paper provided a number of recommendations and conclusions to close the gap in cyber vulnerabilities. One highly underutilized program that all facilities should consider is the Federal Emergency Management Agency's Port Security Grant Program (PSGP). At the time of publication of the Brooking Policy Paper, the PSGP had appropriated more than $2.6 billion, with only just less than $6 million (or 2 percent) of those dol- lars going to directly fund cybersecurity projects. Given the national focus on cybersecurity, the PSGP is a highly recommended program for facility operators to pursue to fund cybersecurity projects. 7 Additional recommendations include conducting cyber- security assessments and response plans. Basic cybersecurity An Electronic Chart Display and Information System. U.S. Coast Guard photo. hygiene needs to become fundamental. Companies should create a culture of awareness and incorporate procedures for strong passwords with consistent changes, prevent the connection of unknown devices and equipment to their sys- tems, and develop education in common-sense practices. Such practices should include not clicking on unknown links or opening suspicious emails. About the author: LCDR Marshall Newberry is a U.S. Coast Guard Academy and Univer sity of Washington graduate. He holds a bachelor's degree and an M.S. in mechanical engineering. He has served the Coast Guard for more than 14 years, most recently in the 11 th District Offce of Inspections and Investi gations, where he provides program oversight and has been instrumental in implementing Coast Guard cybersecurity initiatives throughout California, Arizona, Nevada, and Utah. Endnotes: 1. Fed Approaches to Cyber Security (2013). Available at www.fedcyber.com/fed-cyber- reference-library/federal-approaches-to-cyber-security. 2. Industrial Control Systems Cyber Emergency Response Team. Cyber Threat Source Descriptions. Available at http://ics-cert.us-cert.gov/content/cyber-threat-source- descriptions. 3. Kramek, Joseph, Commander, U.S. Coast Guard, Federal Executive Fellow. (2013). The Critical Infrastructure Gap: U.S. Port Facilities and Cyber Vulnerabilities. Center for 21 st Century Security and Intelligence. Foreign Policy at Brookings. Available at www.brookings.edu/research/papers/2013/07/03-cyber-ports-security-kramek. 4. Todd Humphreys' Research Team Demonstrates First Successful GPS Spoofng of UAV. Available at www.ae.utexas.edu/news/features/todd-humphreys-research-team- demonstrates-frst-successful-gps-spoofng-of-uav. 5. Trend Micro Warns of Vulnerabilities in Global Vessel Tracking Systems. 2013 Press Release. Available at http://apac.trendmicro.com/apac/about-us/newsroom/ releases/articles/20131022085503.html. 6. Dyryavyy, Yevgen (2014). Preparing for Cyber Battleships — Electronic Chart Display and Information System Security. NCC Group. Available at www.nccgroup.com/ en/learning-and-research-centre/white-papers/preparing-for-cyber-battleships- electronic-chart-display-and-information-system-security. 7. Kramek, Joseph, Commander, U.S. Coast Guard, Federal Executive Fellow. (2013). The Critical Infrastructure Gap: U.S. Port Facilities and Cyber Vulnerabilities. Center for 21st Century Security and Intelligence. Foreign Policy at Brookings. Available at www.brookings.edu/research/papers/2013/07/03-cyber-ports-security-kramek. For more information: The Coast Guard has developed a cybersecurity page on homeport. Access via www.homeport. uscg.mil and click on "cybersecurity" on the left side of the page. Additionally, a Homeport cybersecurity community has been developed for real-time information sharing. Directions for joining are on the Web page above.

• G3PMSS_Z1
• G3PMSS_Z2
• G3PMSS_blank
• G3PMSS_1
• G3PMSS_2
• G3PMSS_3
• G3PMSS_4
• G3PMSS_5
• G3PMSS_6
• G3PMSS_7
• G3PMSS_8
• G3PMSS_9
• G3PMSS_10
• G3PMSS_11
• G3PMSS_12
• G3PMSS_13
• G3PMSS_14
• G3PMSS_15
• G3PMSS_16
• G3PMSS_17
• G3PMSS_18
• G3PMSS_19
• G3PMSS_20
• G3PMSS_21
• G3PMSS_22
• G3PMSS_23
• G3PMSS_24
• G3PMSS_25
• G3PMSS_26
• G3PMSS_27
• G3PMSS_28
• G3PMSS_29
• G3PMSS_30
• G3PMSS_31
• G3PMSS_32
• G3PMSS_33
• G3PMSS_34
• G3PMSS_35
• G3PMSS_36
• G3PMSS_37
• G3PMSS_38
• G3PMSS_39
• G3PMSS_40
• G3PMSS_41
• G3PMSS_42
• G3PMSS_43
• G3PMSS_44
• G3PMSS_45
• G3PMSS_46
• G3PMSS_47
• G3PMSS_48
• G3PMSS_49
• G3PMSS_50
• G3PMSS_51
• G3PMSS_52
• G3PMSS_53
• G3PMSS_54
• G3PMSS_55
• G3PMSS_56
• G3PMSS_57
• G3PMSS_58
• G3PMSS_59
• G3PMSS_60
• G3PMSS_61
• G3PMSS_62
• G3PMSS_63
• G3PMSS_64
• G3PMSS_65
• G3PMSS_66
• G3PMSS_67
• G3PMSS_68
• G3PMSS_69
• G3PMSS_70
• G3PMSS_71
• G3PMSS_72
• G3PMSS_73
• G3PMSS_74
• G3PMSS_75
• G3PMSS_76
• G3PMSS_77
• G3PMSS_78
• G3PMSS_79
• G3PMSS_80
• G3PMSS_81
• G3PMSS_82
• G3PMSS_83
• G3PMSS_84
• G3PMSS_85
• G3PMSS_86
• G3PMSS_87
• G3PMSS_88
• G3PMSS_89
• G3PMSS_90
• G3PMSS_91
• G3PMSS_92