Periodic Reporting for period 2 - MITIGATE (Multidimensional, IntegraTed, rIsk assessment framework and dynamic, collaborative Risk ManaGement tools for critical information infrAstrucTurEs)
Reporting period: 2017-03-01 to 2018-02-28
Thus, new risk assessment and security management tools are required in order to ensure the resilience and protection of the current and (even smarter) future interconnected ports’ Critical Information Infrastructures as well as their ICT- empowered supply chains.
In this vain, the MITIGATE project (www.mitigateproject.eu/) targets to contribute to the effective protection of the ICT-based ports supply chains that arises from the ICT interconnections and interdependencies of a set of maritime entities. The main goal of MITIGATE is to realize a radical shift in risk management methodologies for the maritime sector towards a collaborative evidence-driven Maritime Supply Chain Risk Assessment (g-MSRA) approach that alleviates the limitations of state-of-the-art risk management frameworks. In addition, the project has developed an effective, collaborative, standards-based risk management (RM) system that enables the involvement and participation of all stakeholders (e.g. port security operators, port facility operators, and supply chain participants) in the cyber-security management.
The next step in the project’s development was the detailed specification of concepts, data structures, components and communication between the single modules. The technical specifications defined in this step build the ground of the MITIGATE system, including innovative concepts such as the use of game theory elements.
Integration and implementation of the MITIGATE system took place in the second half of 2016. Result is a risk management system specifically designed for the special needs of users of critical information infrastructures in the maritime supply chain. To achieve this goal, the chosen background components, modules and sub-systems were adapted, integrated and enhanced. The cloud-based infrastructure, which supports the MITIGATE governance model, including the roles of the various stakeholders and their interactions with the system, was established. Furthermore, the Open Intelligence & BigData Analytics module in order to realize the risk prediction and forecasting functionalities was implemented.
To ensure proper tests and a thorough evaluation of the MITIGATE system, five pilot sites were chosen. In the project consortium there are five ports represented which act as pilot sites: Bremen/ Bremerhaven, Livorno, Ravenna, Piraeus and Valencia. In the preparation phase, the representatives from these ports have been taught to use the MITIGATE system. Furthermore, the ports and their dedicated supporting partners from the consortium have developed plans to present the MITIGATE system to their business partners. Later on, pilot operations spread from internal to external users. Overall, more than 70 events took place, involving around 680 persons from the port and maritime community. From these events, valuable feedback was gathered to improve the system in accordance with the users’ requirements.
Not least, an intense evaluation methodology has been developed to ensure the use of the MITIGATE system from a stakeholder’s perspective. Overall, the MITIGATE project reached the goals set. The work carried corresponds mostly to the planning, related to both budget and content. Timelines were also mostly kept and the results clearly show that the aims of the project have been ambitious, but could be realised.
The three Key Exploitable Results include: the MITIGATE platform, the MITIGATE risk assessment methodology and the MITIGATE training program. The MITIGATE platform serves as a single entry point to a wide range of services, including the following aspects: innovative asset mapping and visualization, advanced simulation and visualization of cyber-attacks, collaborative risk assessment and an open intelligence and BigData analysis that allows users retrieve near real-time information.
The MITIGATE risk assessment methodology is the basis of the MITIGATE platform and the key asset to be exploited by the academic partners. And the MITIGATE training program enables participants to understand the basics of cyber threats and take precautions against them in one course, and teach the use of the MITIGATE system in a second one.
The introduction of an innovative risk assessment approach that: (a) promotes the identification and measurement all cyber threats within a Supply Chain (SC) service; (b) enables the evaluation of the individual, cumulative and propagated vulnerabilities; (c) stimulates the prediction of all possible attacks/ threats paths and patterns within the SC cyber system (which consists of cross-partners’ cyber assets); (d) allows the assessessment of the possible impacts; (e) enhnaces the calcualtion and prioritization of the corresponding cyber risks of the SC cyber assets; and (f) empowers the formulation of a proper mitigation strategy.