ExecTech Webinar: HACK the SHIP - the Security, Functionality, Usability Triangle Gone Wrong
Wed., Sep. 30, 2020, 11am to Noon
MTUG thanks Josh Moss and Jockel Carter for bringing this unique presentation to the MTUG audience: "HACK the SHIP: An overview of Shipboard ICS Cybersecurity... OR... the Security, Functionality, Usability Triangle Gone Wrong."
In this session, presenter Joshua Moss explores the lack of applied security across the Maritime Transportation System (MTS). Merchant shipping is especially vulnerable due to the insecure protocols used in the Industrial Control Systems (ICS) aboard large merchant ships. Josh walks users through the network layout of a merchant ship, and discusses how a malicious attacker can take control of ships similar to the large, liquid natural gas, and bulk carriers that come to port here in Portland, Maine. The lack of "baked in" security is then used as an analogy and a reminder to Maine technology users to have foresight when designing processes and technologies, and ensure that security is always a thought, not an afterthought.
Participants are exposed to a common security situation that is typical for naval systems, industrial controls systems, and other infrastructure that is often considered beyond the reach of cyber-attack but is not. Co-collaborator in this session, Jockel Carter, represents the layman's voice, assisting in clarifying concepts and questions to key sections of Josh's presentation, and how similar issues impact a variety of environments.
To get involved with Hack the Ship and similar events, please visit https://HackTheMachine.ai
MTUG thanks our volunteer board member Kristen Kucera, who coordinated this event's speakers and topic.
Joshua Moss, OSCP, GXPN, GWAPT, GPEN, CEH, Sec+
Cyberspace Operations Officer, U.S. Coast Guard Reserve
Lieutenant Junior Grade Josh Moss is a Coast Guard Reserve Cyberspace Operations Officer and former US Cyber Command Operator with over ten years of technical experience in the offensive security domain. He leads a team of security experts to secure Coast Guard and National Maritime Transportation System infrastructure.
His certifications include Offensive Security Certified Professional (OSCP), GIAC Exploit Researcher and Advanced Penetration Tester (GXPN), GIAC Web Application Penetration Tester (GWAPT), GIAC Penetration Tester (GPEN), EC Council Certified Ethical Hacker (CEH), and Comptia's Security Plus (Sec+).
When not hacking for the Coast Guard, Josh is a Senior Cloud Security Consultant for a top-of-industry cloud provider where he leads teams of consultants and customers to deliver security outcomes. He is a frequent speaker at local security groups, participant in local and national Capture the Flag (CTF) challenges, and a cat enthusiast.
Jockel Carter, CISSP, CCSP, PCIP, PCI-ISA, CISA
Senior Cybersecurity Advisor, Tyler Cybersecurity, Tyler Technologies
Jockel Carter is an experienced Cybersecurity professional. He has worked multiple Cybersecurity domains with a focus on technology, incident response, and governance for thirteen years. Before that he worked in information technology for twelve years. He has earned multiple certifications and currently holds the CISSP, CCSP, PCIP, PCI-ISA, and CISA designations, and most recently, the IAPP certification for CIPP/US. These certifications cover cybersecurity, cloud security, Payment Card Industry audits and assessments, and IT System Auditing. He earned a Master of Science in Information Technology in 2006.
Jockel is active in the Cybersecurity community. He is founding president of the (ISC2) chapter in Maine and held that position from 2009 until 2017. He is the InfraGard Member Alliance Maine Chapter Secretary.
He is currently a senior advisor for clients at Tyler Cybersecurity. In that role he provides guidance on security programs, performs assessments, IT Audits, and training for senior managers and Boards. He is the subject matter expert at Tyler Cybersecurity for multiple technologies and frameworks.
MTUG Thanks our ExecTech Webinar Series Sponsors for September!
Please help us appreciate our ExecTech Sponsors this month - you may click below to visit their websites and learn more about their organizations. MTUG's programming and tech community resources are made possible by these generous supporters:
For the Autumn 2020 Season MTUG will present the Best-of-the-Best of our constituents Workshop Proposals that couldn't be presented at the canceled 2020 Summit. These will be online Webinars, free to the public, and recorded for continued constituent access (unlike traditional Summit Workshops). These Webinars will touch on the key issues executives in Maine businesses must consider in this rapidly changing technology and security landscape.
Video & Download(All presenter content is posted "as-is" and does not reflect the opinions of or any endorsement by MTUG, its board members, or constituents.)
[PDF] Joshua Moss - "HACK the SHIP - the Security, Functionality, Usability Triangle Gone Wrong"
Watch the VideoText quality in webinar recording may vary. If needed, change settings in video frame below (gear icon) or reference the slide deck PDF (above).
(All presenter content is posted "as-is" and does not reflect the opinions of or any endorsement by MTUG, its board members, or constituents.)