5th Annual NCMS Hampton RoadsInformation Assurance Conference
This all-day event is the premiere conference for NISPOM and DSS procedural compliance for Information Systems held at the Lockheed Martin Center for Innovation in Suffolk, VA.
Throughout the conference, John and other guest speakers touch on a lot from procedural compliance and Certification and Accreditation to threat reporting & Cyber Notifications.
In Johns presentation he explains:
- What is red teaming?
- How does it fit into a risk management program?
- How does it help catch the bad guy?
John also discussed his personal experiences he encountered during maritime red-teaming/pen testing events that he worked on for the federal government as well as the private sector. Each one has its own set of specific vulnerabilities that are unique to their respective organizations.
For example:
US Naval war ships have more industrial control systems (ICS) to handle things like turret controls and weapon reloading systems. These systems are mostly controlled by “purpose built” programs that often lack crucial security features like [redacted].
Cruise ships have have a much larger attack surface due to the services they provide in their clients rooms like Wi-Fi access and smart TVs. If these networks aren’t properly segregated from sensitive systems and services, they can be compromised.