U.S. ARF Maritime Cybersecurity Resources
In response to addressing Maritime cyber risk1, the IMO has issued MSC-FAL.1/Circ.32 Guidelines for managing cyber risk and adopted Resolution MSC.428(98)3 in June 2017 which requires the addition of a Cyber Risk Management Plan (CRMP) to vessel SMS documents by January 1, 2021. Based on the BIMCO: The Guidelines on Cyber Security Onboard Ships4 and the IMO International Safety Management (ISM) Code5.
Department of Defense (DoD)
A New Hope
U.S. Coast Guard (USCG)
National Science Foundation (NSF)
Executive Order (EO) 14028 on Improving the Nation’s Cybersecurity, May 12, 2021, directs the National Institute of Standards and Technology (NIST) to publish guidelines on vendors’ source code testing.
“Section 4(r) Within 60 days of the date of this order, the Secretary of Commerce acting through the Director of NIST, in consultation with the Secretary of Defense acting through the Director of the NSA, shall publish guidelines recommending minimum standards for vendors’ testing of their software source code, including identifying recommended types of manual or automated testing (such as code review tools, static and dynamic analysis, software composition tools, and penetration testing).”
- The Trusted CI Framework Implementation Guide v1.0.pdf
- Trusted CI Framework 16 Musts One Pager.pdf
Cybersecurity Maturity Model Certification (CMMC)
OUSD(A&S), working with DoD stakeholders, University Affiliated Research Centers (UARCs), Federally Funded Research and Development Centers (FFRDC), and industry, developed the Cybersecurity Maturity Model Certification 7 (CMMC) framework.
CMMC Level 1
ID: 1509079025126 - Title: Threatpost URL: https://threatpost.com/feed
ID: 1509039429926 - Title: Let's Encrypt - Free SSL/TLS Certificates URL: https://letsencrypt.org/feed.xml
ID: 1515767147778 - Title: Naked Security URL: https://nakedsecurity.sophos.com/feed
ID: 1515972208115 - Title: Deeplinks URL: https://www.eff.org/rss/updates.xml
ID: 1527786520049 - Title: CISA Alerts URL: https://www.us-cert.gov/ncas/alerts.xml
ID: 1500415382327 - Title: CISA Current Activity URL: https://www.us-cert.gov/ncas/current-activity.xml
ID: 1512067495365 - Title: CISA TIPS feed URL: https://www.us-cert.gov/ncas/tips.xml
ID: 1508424170390 - Title: The Hacker News URL: https://feeds.feedburner.com/TheHackersNews
ID: 1508421184358 - Title: Dark Reading: URL: http://www.darkreading.com/rss/all.xml
Security Information and Event Management (SIEM)15
Security information and event management (SIEM) is a field within the field of computer security, where software products and services combine security information management (SIM) and security event management (SEM). They provide real-time analysis of security alerts generated by applications and network hardware. Vendors sell SIEM as software, as appliances, or as managed services; these products are also used to log security data and generate reports for compliance purposes. The term and the initialism SIEM was coined by Mark Nicolett and Amrit Williams of Gartner in 2005.15
Areas of Security Monitoring
|Service Area||Service Function Description||Solution Examples|
|Systems Health Monitoring||Automation of service availability, capacity, and integrity||- https://www.zabbix.com/|
|Network Traffic Analyzer||Automation of north-south, east-west network traffic patterns, audit trails and anomaly detection||- https://zeek.org/|
|Intrusion Detection System (IDS)||A device or software application that monitors a network or systems for malicious activity or policy violations. Any intrusion activity or violation is typically reported either to an administrator or collected centrally using a security information and event management (SIEM) system.||- https://suricata-ids.org/|
|File Integrity Monitoring (FIM)||An internal control or process that performs the act of validating the integrity of operating system and application softwarefiles using a verification method between the current file state and a known, good baseline||- https://en.wikipedia.org/|
- Virus Scanning
|Log Analysis||Automated and consolidated collection of system logs, analysis and detection of anomalous security, or systems health events.||- https://www.elastic.co/|
|Regulatory Compliance||Automated detection of regulatory non-compliance events||- https://documentation.wazuh.|
|Vulnerability Scanning||Automated detection of known security vulnerabilities through active probing and penetration testing.||- https://en.wikipedia.org/|
|Patch Management and Validation||Automated management of validated and current patch levels for production software and hardware firmwares. Verification of patch status for each configuration item / asset.||- https://en.wikipedia.org/|
- APT / YUM / NPM / PIP
|Authentication Event Logging||Automated logging of all user and host bases authentication events.|
|Data Visualization and Analysis||User interface for quickly querying and visualized large amounts of data from multiple sources.||- https://|
Infrastructure as Code
|Automated integration of system configuration definition, implementation, and documentation. Repeatable, modular, scalable deployment for cyberinfrastructure.||- https://www.ansible.com/|
|Asset Management||Physical, virtual and digital asset management. Maximized Automation of Data Collection||- https://snipeitapp.com/|
|Identity Management (IdM)||Source of Truth Identity Management database and authentication services||- https://incommon.org/|
- Open LDAP
- Microsoft Active Directory
- 4 Types of Security Scans Every Organization Should Be Using
- MDR, MSSP, or SIEM-as-a-Service: Which Path Is Best for Your Organization?
Notable Software Solutions
- https://www.sikuliaq.alaska.edu/git/skq/skq-it-am - Sikuliaq IT Asset Management Data Collection Tool
- SnipeIT - Snipe-IT is open source software. Transparency, security and oversight is at the heart of everything we do. No vendor lock-in again, ever.
About U.S. ARF
Please see more about UNOLS and the U.S ARF
Cyberinfrastructure Working Group (CIWG)
The CIWG is a team of loosely federated participants from UNOLS member institutions who's focus is on the shared governance
- Contact: firstname.lastname@example.org
Satellite Network Advisory Group (SatNAG)
SatNAG is a team of technical experts who's mission is:
To steward the objective, effective and efficient use of ship to shore network resources and optimize positive customer experiences for the UNOLS fleet.
Cloning These Docs
git clone https://satnag.unols.org/scm/git/cybersec/arf-cybersec
Point your browser to
- ARF - Academic Research Fleet
- ARF’s designated risk acceptor(s) - TBD
- ARF incident response teams - TBD
- ARF Network - A general term for any ARF Vessel or Institutional Owned / Operated Network segments.
- CISO - Chief Information Security Officer
- CIWG - The US ARF Cyberinfrastructure Working Group provides fleetwide oversight for - Cyberinfrastructure and Cybersecurity related issues.
- Cyber Security Plan - A formal set of documentation, policies and procedures focused on delivering defined desired outcomes in regards to all aspects of cybersecurity.
- Cyber Security Policy - A set of policy documents which define permitted, prohibited and required activities in regards to cybersecurity.
- Cyber Security Program - Those activities which take place to implement a Cybersecurity Plan.
- Cyber Security Strategy - TBD
- IP - Intellectual Property
- IP - Internet Protocol
- IT - Information Technology
- NSF - National Science Foundation
- OmniSOC - is a security operations center (SOC) that provides trusted and actionable intelligence to higher education institutions.
- OT - Operational Technology; A subset of IT dedicated to integrated feedback and control systems typically operated and maintained by the crew onboard research vessels. OT systems may or may not be connected to internal networks or the Internet. (Necessary for the safe operation of a vessel, Permanently installed on the vessel)
- Red Phone IR Service - Is a short-duration burst-capacity of skilled cybersecurity staff available to aid in Incident Response once per year for one incident up to 25 person/hours at no additional charge, and may be leveraged thereafter on a fee-per-hour basis.
- ResearchSOC - The NSF-funded ResearchSOC helps make scientific computing resilient to cyberattacks and capable of supporting trustworthy, productive research through operational cybersecurity services, training, and information sharing necessary to a community as unique and variable as research and education (R&E).
- SatNAG - Satellite Network Advisory Group, a team of technical SMEs who consult on technical decision making for the ARF, initially focused specifically on Satellite Network Communications.
- SIEM - Security Information and Event Management: Proactive, automated, security event monitoring and reporting.
- SME - Subject Matter Expert
- SOC - Security Operations Center
- vCISO - Virtual CISO - partial-FTE CISO who acts as organizational CISO
- Virtual Security Team - full operational security team made up of partial-FTE engineers and/or analysts
- VIS - Vulnerability Identification Service
Links to be added: