Periodic Reporting for period 1 - Cyber-MAR (Cyber preparedness actions for a holistic approach and awareness raising in the MARitime logistics supply chain)
Reporting period: 2019-09-01 to 2020-08-31
• Establishing a “cyber ecosystem for preparing of cyber attacks”
• Estimating the impact of cyber-attack from a financial perspective and supporting the undertaking of prompt decisions
These goals are further analyzed in the CyberMAR high-level objectives which are:
• O1. Enhance capabilities of cybersecurity professionals and raise awareness on cyber-risks
• O2. Assess cyber-risks for operational technologies (OT)
• O3. Quantify the economic impact of cyber-attacks across different industries with a focus on port disruption
• O4. Promote cyber-insurance market maturity in the maritime logistics sector (adaptable to other transport sectors as well)
• O5. Establish and extend CERTs/CSIRTs, competent authorities and relevant actors collaboration and engagement
• A thorough State of the art analysis of Cyber-range technologies
• A precise collection of User requirements through an online questionnaire which acquired feedback from a significant number of stakeholder of the maritime domain.
• Definition of Use Cases that include applications of the Cyber-MAR tools in activities related to the Energy sources in the Port of Valencia, Maintenance Network in Piraeus Container terminal and vessel navigation and automation systems.
• Elucidation of System Requirements and Functional Specifications mapped to the user requirements
• Definition of the System Design and Architecture by producing functional and physical views of the Cyber-MAR cyber-range architecture which includes several network and services simulation components, Intrusion Detection, Incident detection and Recommendation engine systems as well as Risk Analysis and Econometric models together with Situation Awareness and incident information sharing tools for CERTs.
• A careful analysis of the risks and vulnerabilities related to the Cyber-MAR use cases and a study of the currently adopted policies and definition of a generic cybersecurity policy applicable to the broad maritime domain
• Thorough analysis of the limitations and existing gaps in the maritime cybersecurity area in Europe as a base for Guidelines for the Cybersecurity Training Programme across EU
• A first version of the exploitation and commercialization analysis for the Cyber-MAR project
• Thorough analysis of the ethical and legal framework for ensuring the compliance of the project activities with the ethics requirements.
• Operational Technologies hybrid (real / virtual) coupling: The development of a physical I/O interconnection system and of a graphical design tool for setting up the interconnections between the various types of equipment to be simulated or connected to the cyber-range system, has started.
• Intrusion detection and prevention: The initial design for the IDS module has been conducted and a careful technology evaluation and selection for component implementations has been done.
• Networking Interconnection system with other cyber ranges / simulation environments: At the project’s architecture core an orchestrator component has been defined together with different API levels that will formulate the framework for the integration of the different Cyber-MAR components.This framework is planned to be further expanded in order to explore the interconnection with other cyber ranges and environments
• Data analytics and intelligence extraction: Extensive review of the literature relevant to modeling cyber-attacks and projecting future actions of cyber attackers has been done. Probabilistic models (Bayesian and Markov networks, Markov Logic reasoning, probabilistic Event Calculus) has been evaluated regarding their potential use in the Cyber-Mar scenarios. Generic algorithms implementing the training of and inference from a general Variable Length Markov Model have been designed and implemented.
• Situational Awareness Module: initial design for the Expert Situational Awareness (SA) module and the High-level SA module have been produced.
In the following periods, it is expected that the project will be able to implement, test, evaluate and deliver an integrated cyber-range solution, based on the designed components, that will combine all the necessary functionalities for enhancing the resilience of target organizations, will allow the identification of recurring or emerging patterns of cyber-attacks and privacy breaches, will offer the potential to big players of logistics domain to join forces on estimating cyber-risk, will provide of a fully customizable and tailored view on the trade-offs, aims to increase the available open tools in number and variety, while offering an intuitive integration to all (physical and virtual) IT components and finally will offer accessible training infrastructures for cyber-defense, in OT, transport and logistics domains.