Describing Maritime Cyber Workroles Using the NICE Framework & Taking MITRE ATT&CK to Sea

Describe Maritime Cyber Workroles using the NICE Framework Abstract :

The 2020 National Maritime Cybersecurity Plan calls for the “Creation of a Maritime Cybersecurity Workforce” to address the operational technology-centric challenges facing the maritime transportation system. While many maritime organizations have been trying to develop position descriptions and workforce development programs for cybersecurity positions primarily based on traditional cybersecurity professions, an interagency Tiger Team formed in response to the 2020 Maritime Cybersecurity Plan has done an in-depth analysis of existing NICE Framework work roles, identifying key gaps in the current edition of the Framework, and drafting an initial set of proposed maritime cyber work roles along with attendant knowledge, skill, and task statements. This presentation will describe the process the interagency team took to develop these draft work roles, their key findings in doing so, as well as providing descriptions of each of the recommended work roles for further consideration by public and private sector maritime stakeholders.

Taking MITRE ATT&CK to Sea Abstract :

Using the current version of the MITRE ATT&CK for ICS Framework as a starting point, this presentation considers additional adversary techniques, tactics, and procedures (TTPs) that maritime cyber professionals need to consider when evaluating risks to afloat maritime platforms. A range of TTPs from both the ATT&CK for Enterprise and the ATT&CK for Mobile are recommended for inclusion into a notional “ATT&CK at Sea” framework, which also includes maritime-specific modifications to existing TTPs as well as novel, maritime-specific TTPs that have been recently nominated to MITRE for inclusion into a future version of the ATT&CK framework, which will be explained in-depth during this presentation. This presentation presents material that is useful for both cybersecurity evaluators and defenders, cyber threat analysts, as well as those owner-operators seeking to understand how to best leverage threat frameworks like MITRE ATT&CK to make threat-informed decisions about shipboard network architecture, operations, and resilience.