The first eighteen months of VIGIMARE established the analytical and technical foundations for the remainder of the project.
WP1 — Project management and coordination (completed)
The project management framework was established and operated without deviations.
Threat and risk assessment (WP3 — completed)
A comprehensive threat landscape analysis was completed across all CI categories and pilot sites. Deliverable D3.1 mapped the geopolitical and financial environment, highlighting hybrid tactics, attribution challenges, and blurred civilian-military boundaries, alongside evolving EU policy (including the 2025 Commission Recommendation and proposed EU Cable Security Toolbox). Physical threat analysis (D3.2) produced a Damage-Risk Analysis methodology quantifying annual damage probability per site. Cyber threat analysis (D3.3) used a motivation-based taxonomy (espionage, terrorism, sabotage, warfare), identifying vendor vulnerabilities and ransomware as highest risk. A multi-risk dynamic assessment (D3.4) integrated physical and cyber risks, while operational preparedness and societal impact analysis (D3.5) identified landing station security and subcontractor management as the most critical measures.
System engineering (WP4 — completed)
The VIGIMARE system architecture, data model, and information-sharing network were designed and initiated. The data model is a CISE-compatible extension, ensuring future integration with European maritime systems. The architecture uses microservices and Apache Kafka for scalable, real-time exchange. Requirements (D4.1) were defined with CI operators. Initial data collection covered AIS, satellite imagery (Sentinel-1, Cosmo-SkyMed, Sentinel-2, WorldView), fibre-optic and vibro-acoustic sensors, DAS data, and cyber/network data.
Platform and analysis services development (WP5, WP6 — ongoing)
Platform development is on schedule, with the information-sharing network deployed. Adaptor components are being built using Kafka, REST APIs, and WebSockets. AI-based physical threat detection includes vessel anomaly detection and satellite-based dark vessel/change detection. The cyber framework applies a Cyber-Physical Anomaly Detection approach with unsupervised learning and a two-level fusion framework for OT and SCADA systems.
Demonstration preparation (WP7 — ongoing)
Planning is underway for four use cases: Mediterranean hybrid threats, Irish Sea gas interconnectors, Baltic gas pipeline, and Baltic telecom cable. Each includes defined scenarios, services, data needs, and evaluation criteria. Demonstrations will use historical and real-time data, including areas near the C-Lion1 cable. An evaluation framework with KPIs is being developed with CI operators to reflect real-world conditions.
Exploitation and dissemination (WP8 — completed)
Key Exploitable Results were identified, including data sharing, pre-warning services, monitoring concepts, cybersecurity assessment, vibroacoustic monitoring, and risk tools. An insurance market analysis highlighted coverage gaps and proposed EU-level mechanisms. The project conducted 22 dissemination activities, including events with EMSA, Security Research Europe, the European Commission, the Finnish Parliament, and other CI security forums.