legal and policy issues with maritime cybersecurity
play

Legal and Policy Issues with Maritime Cybersecurity Paula S. - PowerPoint PPT Presentation

Aug 13, 2022 •371 likes •583 views

Legal and Policy Issues with Maritime Cybersecurity Paula S. deWitte, J.D., Ph.D., P.E. Paula.dewitte@tamu.edu Associate Professor of Practice Computer Science & Engineering ENGR 461 October 10, 2017 1 Agenda Maritime assets as

  1. Legal and Policy Issues with Maritime Cybersecurity Paula S. deWitte, J.D., Ph.D., P.E. Paula.dewitte@tamu.edu Associate Professor of Practice Computer Science & Engineering ENGR 461 – October 10, 2017 1

  2. Agenda • Maritime assets as targets for cybersecurity attacks on critical infrastructure • Differentiators between maritime systems and other systems – OT (operational technology) and IT (information technology) • Status of cybersecurity legal and ethical framework • Going forward — what to expect? ENGR 461 – October 10, 2017 2

  3. What is Critical Infrastructure? • Defined by the Patriot Act as: – “ …systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters .“ [42 USC § 5195c(e)] ENGR 461 – October 10, 2017 3

  4. What are the Critical Infrastructure Sectors? • Food and Agriculture Chemical • • Government Facilities • Commercial Facilities • Healthcare & Public • Communications Health Critical Manufacturing • • Information Technology • Dams • Nuclear Reactors, • Defense Industrial Base Materials, & Waste • Emergency Services • Transportation Systems • Energy • Water & Wastewater • Financial Services Systems ENGR 461 – October 10, 2017 4

  5. Unique Maritime Environment • Underlies myriad industries Criticality • Integration of maritime- and land-based logistics chain • – Integration of OT and IT in the supplier chain • Both IT and OT target-rich environments: – Cruise ship: How many passengers/credit card numbers/nationalities? – OT/ICS/Highly automated systems Subject to multiple jurisdictions • ENGR 461 – October 10, 2017 5

  6. Critica ical l Infr fras astr truc ucture ture Attack cks • Who? – Nation-state – Hacktivists – Criminals • How? – Advanced Persistent Threats (APTs) – Synchronized attacks ENGR 461 – October 10, 2017 6

  7. IT Cybersecurity Issues Ransomware • – June 2017: Maersk by the WannaCry NotPetya variant sabotage/ransomware incident, which the company believes cost it as much as $300 million. • Phishing attack – November 2016: Europe’s largest manufacturer or wires and electrical cables, Leoni AG, lost £34 million in a whale attack, when cyber criminals tricked finance staff into transferring money to the wrong bank account. – https://www.maritime-executive.com/blog/cyber-security-at-sea-the-real-threats • General Data Protection Regulation (GDPR) – Extra- extraterritorial jurisdiction – Privacy Impact Assessments (PIA) ENGR 461 – October 10, 2017 7

  8. OT Cybersecurity Issues • Autonomous ships GPS Spoofing • Compromise operational controls • • … ENGR 461 – October 10, 2017 8

  9. Why is this so Difficult? Law always lags technology • – Precedence • Most laws relate to physical (and not electronic) assets • Cybersecurity is risk based • Legal concepts: Jurisdiction and extraterritorial jurisdiction – – Standing – Statute of Limitations – “Foreseeability” – Proving causality Proving damages – – Common law vs statutes – … < etc> • Federal vs states’ laws vs international law • Uncertainly of cyber insurance ENGR 461 – October 10, 2017 9

  10. GDPR • EU response to privacy issues. Several key changes: • – Explicit consent – Right to be forgotten – Privacy by design – 72-Hour breach notification – Differentiate “controller” and “processor” – Requirement for a qualified Data Protection Officer (DPO) – … ENGR 461 – October 10, 2017 10

  11. Applicable Laws, EOs, and PPDs… Federal Laws • – FISMA (Federal Information Security Management Act) under the 2002 Homeland Security Act; Enhanced in 2014 – CISA (Computer Information Sharing Act) or the Cybersecurity Act; 2015 – CFAA (Computer Fraud and Abuse Act) under Comprehensive Crime Control Act 1984 – GLB (Gramm-Leach-Bliley); HIPAA (Health Information Portability and Protection Act) Who governs? • – OMB, NIST, … – Regulatory/guidance agencies vs investigative agencies • Who regulates? – SEC, FTC, … ENGR 461 – October 10, 2017 11

  12. Applicable Laws, EOs, and PPDs… • Presidential Executive Orders – President Obama: • Executive Order 13636: Improving Critical Infrastructure Cybersecurity (February 12, 2013) Paired with PPD-21: Critical Infrastructure Security and Resilience • • Executive Order 13691 Creation of Information Sharing Analysis Organizations (ISAOs) (February 13, 2015) – Started with UT-SA for non-governmental entities • Information Sharing Analysis Centers (ISACs) created EO 12472/PPD-63 (May 22, 1998) – Risk mitigation, incident response, alert and information sharing • Executive Order 13694 (April 1, 2015) “Blocking the Property of Certain Persons Engaging in Significant Malicious Cyber- Enabled Activities” – President Trump: • 13800: Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure ENGR 461 – October 10, 2017 12

  13. Executive Order 13636/Presidential Directive 21 (February 12, 2013) Develop a technol hnology ogy-neu neutra tral l volun untar tary y cyber ersecurit curity frame mework ork • – NIST Cybersecurity Framework V1 released (February 12, 2014) and revised (April 14, 2018) • Promote and incentivize the adoption of cybersecurity practices • Increase the volume, timeliness and quality of cyber threat information sharing • Incorporate strong privacy and civil liberties protections into every initiative to secure our critical infrastructure Explore plore the use of existin ting g regulati ulation on to promote cyber security • → Lacking other standards, U.S. Courts are looking at the NIST Standards as “reasonable” practices and the de facto legal standard ENGR 461 – October 10, 2017 13

  14. Presid sidential ential Polic icy y Directiv ive e 21: Critic ical al Infrast astruc uctu ture re Security ity and nd Resilie esilience nce • Develop a situational awareness capability that addresses both physical and cyber aspects of how infrastructure is functioning in near-real time • Understand the cascading consequences of infrastructure failures Evaluate and mature the public-private partnership • • Update the National Infrastructure Protection Plan (NIPP) • Develop comprehensive research and development plan ENGR 461 – October 10, 2017 14

  15. The NIST Cyb ybersec secur urity ity Fra ramewor work • Included industry experts who have battled cyber attacks Conducted working groups in conjunction with other standards • organizations Appeals to the best interests of companies & their shareholders • • Considers total supplier chain -- enterprises, suppliers, partners, & customers ENGR 461 – October 10, 2017 15

  16. How Implemented: NIST Cybersecurity Framework United States Coast Guard Draft Navigation and Vessel Inspection Circular No 5-17 • – Define cyber risk management policy – Protection of computer systems – Detection – Response – Recovery • Maps to other laws (e.g., MTSA – Maritime Transportation Security Act) • “ It represents the Coast Guard’s current thinking on this topic and may assist industry, mariners, the general public, and the Coast Guard, as well as other federal and state regulators, in applying statutory and regulatory requirements.” – http://www.iadc.org/wp-content/uploads/2017/10/DRAFT-Cyber-NVIC-05- 17.pdf ENGR 461 – October 10, 2017 16

  17. What Laws May Apply? • International maritime law? GDPR with “extra - territorial jurisdiction” for protecting privacy? • U.S. laws on critical infrastructure? • • And now we have … ENGR 461 – October 10, 2017 17

  18. Why the uncertainty? • Last year – introduction of CFAA ACDC (Active Cyber Defense Certainty) Act – Legalize “hacking back” • National Cyber Strategy (Sept 20, 2018) released by the White House “Defense forward” • – Outside of US networks – Target critical infrastructure – "We will respond offensively as well as defensively." • Actually two strategies released: DoD National Cyber Strategy – • DoD readiness to support offensive operations • Push on the defense supplier chain – Cost + Schedule + Performance → Security + Cost + Schedule + Performance PPD-20 • ENGR 461 – October 10, 2017 18

  19. What’s Ahead? • More regulation. Uncertainty in the U.S. federal courts: • – U.S. federal circuit courts split on important cybersecurity legal issues: • What constitutes “standing?” 3 rd vs 7 th • 11 th Circuit invalidated an FTC order two years after issued • GDPR court cases • ??? ENGR 461 – October 10, 2017 19

  20. ENGR 461 – October 10, 2017 20

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

LIABILITY ISSUES 101 LIABILITY ISSUES 101 The legal information and assistance provided in this

LIABILITY ISSUES 101 LIABILITY ISSUES 101 The legal information and assistance provided in this

PARKS AND RECREATION POLICY AND LEGAL TOOLS FOR A HEALTHIER FUTURE LEGAL TOOLS FOR A HEALTHIER FUTURE LIABILITY ISSUES 101 LIABILITY ISSUES 101 The legal information and assistance provided in this workshop does not constitute legal advice or

515 views • 39 slides
Cybersecurity Status regarding traditional vulnerabilities Some grand

Cybersecurity Status regarding traditional vulnerabilities Some grand

Topics Cybersecurity Status regarding traditional vulnerabilities Some grand challenges IT and counterterrorism Some legal and regulatory issues Ed Lazowska Security in open vs. closed systems IT &amp; Public

301 views • 7 slides
EU Integrated Maritime Policy and the Netherlands EU presidency program Information for the

EU Integrated Maritime Policy and the Netherlands EU presidency program Information for the

EU Integrated Maritime Policy and the Netherlands EU presidency program Information for the MSEG IMP and IMP attachs 20 Januari 2016 EU Integrated Maritime Policy The EU Integrated Maritime Policy seeks to provide a more coherent

357 views • 9 slides
Maritime Cybersecurity: Anticipating, Kate B. Belmont preventing and mitigating a growing threat

Maritime Cybersecurity: Anticipating, Kate B. Belmont preventing and mitigating a growing threat

December 10, 2015 Maritime Cybersecurity: Anticipating, Kate B. Belmont preventing and mitigating a growing threat Blank Rome LLP The Chrysler Building NY, NY 10174 (212) 885-5075 KBelmont@BlankRome.com DISCLAIMER The information

672 views • 38 slides
So What If We Are All Getting Older? Legal and Policy Issues in Aging By: Roger Manus Director,

So What If We Are All Getting Older? Legal and Policy Issues in Aging By: Roger Manus Director,

10/26/2017 So What If We Are All Getting Older? Legal and Policy Issues in Aging By: Roger Manus Director, Senior Law Clinic Campbell University, School of Law Demographic Context (aka Silver Tsunami) # of adults over 65 will increase

396 views • 15 slides
Cybersecurity: Contractual guidelines and other recommendations to maximise the legal security

Cybersecurity: Contractual guidelines and other recommendations to maximise the legal security

Cybersecurity: Contractual guidelines and other recommendations to maximise the legal security of the space activities Avv. Francesco Amicucci Thales Alenia Space Italia S.p.A., Rome, Italy 1 Cybersecurity The state of being protected

589 views • 31 slides
Advising the C-Suite and Boards of Directors on Cybersecurity February 11, 2015 Agenda

Advising the C-Suite and Boards of Directors on Cybersecurity February 11, 2015 Agenda

Advising the C-Suite and Boards of Directors on Cybersecurity February 11, 2015 Agenda Introductions / Administrative Cybersecurity risk legal landscape Cyber threats Legal risks in the aftermath of a breach The role of the

207 views • 19 slides
The Grass Isnt Always The Grass Isn t Always Greener: Legal Issues for Greener: Legal Issues

The Grass Isnt Always The Grass Isn t Always Greener: Legal Issues for Greener: Legal Issues

The Grass Isnt Always The Grass Isn t Always Greener: Legal Issues for Greener: Legal Issues for Insurers of Vehicles Post Legalization Jim Tomlinson Partner A New Legislative Landscape Federal legislation passed on June 21, 2018:

510 views • 22 slides
The Legal Framework relating to Security in the Ports of Nautical Tourism 2 nd ADRIATIC MARITIME

The Legal Framework relating to Security in the Ports of Nautical Tourism 2 nd ADRIATIC MARITIME

The Legal Framework relating to Security in the Ports of Nautical Tourism 2 nd ADRIATIC MARITIME LAW CONFERENCE, May 2017, Opatija, Croatia Assistant Professor Mio Mudri Department for Maritime and Transport Law, Faculty of Law, University

142 views • 10 slides
What The Hack! Aldo Leiva Jorge Rey Agenda Introduction Cybersecurity Trends Legal

What The Hack! Aldo Leiva Jorge Rey Agenda Introduction Cybersecurity Trends Legal

What The Hack! Aldo Leiva Jorge Rey Agenda Introduction Cybersecurity Trends Legal Framework For Cybersecurity Compliance How Are Organizations Getting Hacked Oops, you clicked on the link. Now what? Best Practices and

1.09k views • 36 slides
Legal Update Legal Update Legal Update Legal Update Title Issues Conveyances of causes of

Legal Update Legal Update Legal Update Legal Update Title Issues Conveyances of causes of

Legal Update Legal Update Legal Update Legal Update Title Issues Conveyances of causes of action Injury occurred before Plaintiff owned the property Prior owners did not convey the cause of action in deed Discovery Rule

437 views • 18 slides
1 Maritime Piracy A global threat 2 Source: International Maritime Bureau Piracy Defined

1 Maritime Piracy A global threat 2 Source: International Maritime Bureau Piracy Defined

A Presentation on Indias efforts in providing a Domestic Legal Framework to address Maritime Piracy Vishwesh Negi Director, Ministry of External Affairs 03 March 2015 Tokyo 1 Maritime Piracy A global threat 2 Source: International

518 views • 20 slides
EU in action about cybersecurity NIS Directive 5G Cybersecurity Act GDPR Contractual ISACs

EU in action about cybersecurity NIS Directive 5G Cybersecurity Act GDPR Contractual ISACs

EU Cybersecurity European policy overview e-IRG e-IRG 4 December 2019 Brussels Anni Hellman, Senior Expert, Permanent Representation of Finland to the European Union Seconded for the Finnish Presidency from the Directorate General

320 views • 28 slides
State Capitalism and the Chinese Firm: Legal and Policy Issues Curtis J. Milhaupt Columbia Law

State Capitalism and the Chinese Firm: Legal and Policy Issues Curtis J. Milhaupt Columbia Law

State Capitalism and the Chinese Firm: Legal and Policy Issues Curtis J. Milhaupt Columbia Law School Lin &amp; Milhaupt, Stanford Law Review (2013) Milhaupt &amp; Zheng, Georgetown Law Journal (2015) Milhaupt, in Cambridge Univ. Press

513 views • 24 slides
A Legal Framework for Cybersecurity Deirdre K. Mulligan Fred B. Schneider School of Information

A Legal Framework for Cybersecurity Deirdre K. Mulligan Fred B. Schneider School of Information

A Legal Framework for Cybersecurity Deirdre K. Mulligan Fred B. Schneider School of Information Computer Science UC Berkeley Cornell University Outline of Talk Brief background Why shift in legal framework is appropriate

764 views • 27 slides
Smart Factories, Dumb Policy? Prof. Scott Shackelford JD, PhD IU Cybersecurity Risk Management

Smart Factories, Dumb Policy? Prof. Scott Shackelford JD, PhD IU Cybersecurity Risk Management

Smart Factories, Dumb Policy? Prof. Scott Shackelford JD, PhD IU Cybersecurity Risk Management Multidisciplinary Program (Law, Secure Computing, &amp; Business) Built on IUs Cybersecurity Certificates Applied Cybersecurity Risk

391 views • 21 slides
North Carolina Cybersecurity Awareness Month (NCSAM) Maria S. Thompson State Chief Risk

North Carolina Cybersecurity Awareness Month (NCSAM) Maria S. Thompson State Chief Risk

North Carolina Cybersecurity Awareness Month (NCSAM) Maria S. Thompson State Chief Risk Officer WHY CYBERSECURITY AWARENESS IS CRITICAL https://www.youtube.com/watch?v=Ru0y5rCETqc&amp;feature=youtu.be AGENDA 0900 09:45 Opening

342 views • 9 slides
Understanding Federal Circuit Scrutiny To Date THURSDAY, MARCH 30, 2017 1pm Eastern | 12pm

Understanding Federal Circuit Scrutiny To Date THURSDAY, MARCH 30, 2017 1pm Eastern | 12pm

Presenting a live 90-minute webinar with interactive Q&amp;A Latest PTAB Decisions: Leveraging Trends in Institution and Final Written Decisions, Understanding Federal Circuit Scrutiny To Date THURSDAY, MARCH 30, 2017 1pm Eastern | 12pm

1.07k views • 95 slides
Information Security in a Wireless World Dennis D. Steinauer Computer Security Division

Information Security in a Wireless World Dennis D. Steinauer Computer Security Division

Information Security in a Wireless World Dennis D. Steinauer Computer Security Division Information Technology Laboratory National Institute of Standards and Technology Gaithersburg, MD Information Security in a Wireless World Basic

554 views • 30 slides
United States Court of Appeals for the Federal Circuit ______________________ JOHN C. BRISBIN,

United States Court of Appeals for the Federal Circuit ______________________ JOHN C. BRISBIN,

N OTE : This disposition is nonprecedential. United States Court of Appeals for the Federal Circuit ______________________ JOHN C. BRISBIN, DBA CONSTRUCTION DEVELOPMENT SYSTEMS, Plaintiff-Appellant v. UNITED STATES , Defendant-Appellee

246 views • 10 slides
#Hacked How safe is your city? Mike Sturm, IT Director, City of San Marcos Beth Ann Unger, IS

#Hacked How safe is your city? Mike Sturm, IT Director, City of San Marcos Beth Ann Unger, IS

2/28/2019 #Hacked How safe is your city? Mike Sturm, IT Director, City of San Marcos Beth Ann Unger, IS Manager, City of Frisco How frequently are local governments under cyberattack? 70 60 50 40 30 20 10 0 Hourly or more At least

437 views • 18 slides
Cyber Security Threats y y Shehzad Mirza Director of the MS ISAC SOC Will Pelgrin CIS

Cyber Security Threats y y Shehzad Mirza Director of the MS ISAC SOC Will Pelgrin CIS

Cyber Security Threats y y Shehzad Mirza Director of the MS ISAC SOC Will Pelgrin CIS President and CEO CIS President and CEO MS ISAC Chair 2.6 Billion Internet Users 2.6 Billion Internet Users 1% Asia 44% 3% 6% Europe 22 7% Europe

972 views • 64 slides
National Protection and Programs Directorate Office of Cyber and Infrastructure Analysis (OCIA)

National Protection and Programs Directorate Office of Cyber and Infrastructure Analysis (OCIA)

National Protection and Programs Directorate Office of Cyber and Infrastructure Analysis (OCIA) Director John Murphy Virginia Tech Science &amp; Technology &amp; Policy Leadership Seminar Series October 9, 2014 National Protection and Programs

374 views • 20 slides
Beazley Breach Response Select p g Making the connection on data breach complexities P

Beazley Breach Response Select p g Making the connection on data breach complexities P

1 Making the connection on data breach complexities Beazley Breach Response Select p g Making the connection on data breach complexities P Presented by d b Jeffrey Norton underwriter Jeffrey Norton, underwriter, Beazley US Private

533 views • 25 slides

More recommend