BSides Birmingham 2023

Secure for Sea: Designing and Deploying Security Operations and Network Operations in a Mobile, Limited Bandwidth Maritime Environment
10-28, 11:00–11:50 (US/Central), Ballroom D

The speakers will discuss the challenges and solutions of deploying monitoring, detection, response, containment, and notification for commercial and government ships, including recent deployments that achieved governmental Authority to Operate (ATO). We will cover the handling of OT systems, including policies and procedures for governmental ATO.

Achieving an Authority to Operate and deploying a SOC/NOC and security solutions in government, commercial, and hybrid-environment ships has numerous intricacies and potential pitfalls. The MAD Maritime Team will provide a holistic overview of how to approach the policies, procedures, technical architecture, implementation, and monitoring of maritime systems in a global maritime environment that presents problems such as bandwidth limitations, switching between multiple WAN/transport paths, and optimizing alerts and logs to minimize and prioritize traffic over satellite communications. They will provide recent examples and an overview of their lab environment that simulates difficult conditions and resulted in the assurance that deployed systems would meet all security and availability requirements. We will also discuss multi-factor authentication considerations and solutions for the shipboard environment, which normally lacks cellular capability and requires novel solutions.

Talk Categories

Red, Blue, Purple, Beginner, Technical

Brad has 20 years of experience in the IT and Cybersecurity industries with extensive IT operations experience. Recently, Brad served as the project manager for an effort to set up a SOC and NOC for maritime vessels as part of the MAD Maritime team. Before MAD, Brad worked as an IT Manager for a defense contractor responsible for implementing compliance requirements, including CMMC. Brad spent 10 years in the MSP industry, where his vast IT operations experience was used to perform the technical implementation of cybersecurity requirements for a multitude of different operating environments. Brad brings all this experience to help defense contractors navigate the complex regulations and ever-changing cybersecurity landscape. He is a CISSP and Registered Practitioner with the Cyber AB, and holds numerous CompTIA, Microsoft, and Apple certifications.