The MITIGATE project has an extensive scientific background. Two previous interrelated EC-projects named CYSM (Collaborative Cyber-Physical Security Management System) and MEDUSA (Multi-order Dependency approaches for managing cascading Effects in ports’ global Supply-Chain and their Integration in Risk Assessment Frameworks) created the groundwork on which MITIGATE is based.
Collaborative Cyber-Physical Security Management System (CYSM)
The first project regarding security issues alongside the maritime critical information infrastructure (CII) was CYSM. It started in 2013 and ended in 2015 and was as well cofounded by the EU. The overall aim of CYSM was to substantially enhance the protection of the ports’ CIIs, on the basis of a holistic approach, which takes into account their dual cyber physical view. In detail the whole spectrum of CII threats on ports was analyzed. Furthermore a dynamic risk management methodology for ports’ CII, which evaluates physical and cyber risks against the requirements specified in the International Ship and Port Facility Security (ISPS) Code (physical) and ISO27001 (cyber), was given. Finally a web based collaborative security management system was developed which enables ports’ CII operators to:
- Model physical and cyber assets and interdependencies
- Analyse and manage internal/external/interdependent physical and cyber threats/vulnerabilities
- Evaluate/manage risks (using CYSM -Risk Management)
- Build crisis scenarios and prevention approaches assuring a minimum availability for the critical port services and procedures during emergency mode of operation
- Forecast and monitor attacks, direct and indirect threats and their impact on operations and service provisioning
- Automatically generate and update security docs (e.g., threats/counter measures/crisis scenarios/prevention mechanisms/ security policies/disaster recovery plans)
- Increase collaboration among ports’ CII participants towards sharing Security/safety/maritime knowledge (standards/legislation/best practices/ guidelines) and enabling collaborative resolution of issues.
CYSM emphasizes on the protection of the physical or/and information and communication technology -based Port facilities that support a number of operations and business processes that are complex, diverse and involve many entities operating inside or outside of the ports infrastructure, thus establishing a dynamic port supply chain. This port supply chain is a globally distributed, interconnected set of organizations (port authorities, ministries, maritime companies, ship industry, customs agencies, maritime/ insurance companies other transport Critical Infrastructures (CIs) (e.g. airports) and other CIs (e.g. transport networks , energy networks, telco networks), people, processes, services, products, and other elements) that rely upon an interconnected web of transportation infrastructure and pathways, information technology, and cyber and energy networks. However, CYSM does not adequately address the various cascading effects that are associated with security incidents occurring from these interacting entities. This is a very critical issue in the case of ports’ security, given their various dependencies.
Multi-order Dependency approaches for managing cascading Effects in ports’ global Supply-Chain and their Integration in Risk Assessment Frameworks (MEDUSA)
The ongoing MEDUSA project has the goal to alleviate the gap between risk assessment frameworks and various cascading effects that are associated with security incidents occurring from interacting entities. Therefore multi-dependency approaches to risk assessment are introduced, specified and validated, while also using them in the scope of risk assessment frameworks for ports’ CIIs. The MEDUSA project aims to alleviate the abovementioned gap, through introducing, specifying and validating multi-dependency approaches to risk assessment, while also using them in the scope of risk assessment frameworks for the ports’ CIIs. MEDUSA will, therefore, open new horizons in the area of port security, through producing and sharing knowledge associated with the identification and assessment of cascading effects in the global ports’ supply chain, with a view towards predicting potential problems but also minimizing the consequences of diverge security incidents. In this context, MEDUSA will enhance CYSM towards protecting port facilities in the scope of interacting supply chains. MEDUSA will be based on the CYSM cyber-security management system for maritime environments expanding its capabilities with a range of mechanisms, techniques and components:
- for capturing multi-order dependencies between port infrastructures and other CIs comprising the global supply chain,
- for identifying and visualizing the critical path of the inter-dependencies across the global supply chain and
- for assessing the potential impact of security incidents on port infrastructures, given their various dependencies
CYSM and MEDUSA as groundwork for MITIGATE
The above-listed initiatives provide a sound basis for moving leading edge risk management frameworks and accompanying tools for port CIIs from the realm of research and development to the enterprise. In particular, significant innovation opportunities could emerge on the basis of the real-life deployment and wider use of the above-mentioned risk assessment techniques and standards in European ports. Such deployments could accordingly generate a host of business development opportunities for European security solution providers, while at the same time enabling European port authorities (including Port Security Operators and Port Facility Operators) to apply holistic risk management approaches that address security processes, threats and cascading effects spanning the whole international maritime supply chain.