Cyber preparedness actions for a holistic approach and awareness raising in the MARitime logistics supply chain

Maritime information systems, whether on board of ships or in ports, are numerous, built with standard components available on the market and in many cases designed without accounting for the cyber risk, which is evergrowing. Digital infrastructure has become essential to the operation and management of numerous systems critical to the safety and security of shipping and ports. Despite the fact that cyber risk management is encouraged to be followed by competent authorities, there is still large room for improvement. The importance of handling cyber preparedness as a highly prioritized aspect is paramount. Furthermore, estimating accurately cybersecurity investments based on valid risk and econometric models remains a challenge in a sector which traditionally keeps well-established channels with the insurance industry. Cyber-MAR is an effort to fully unlock the value of the use of cyber range in the maritime logistics value chain via the development of an innovative simulation environment adapting in the peculiarities of the maritime sector but being at the same time easily applicable in other transport subsectors. A combination of innovative technologies are the technology enablers of the proposed Cyber-MAR platform which is not only a knowledge-based platform but more importantly a decision support tool to cybersecurity measures, by deploying novel risk analysis and econometric models. CSIRTs/CERTs data collected will be analysed and feed the knowledge-based platform with new-targeted scenarios and exercises. Through Cyber-MAR, the maritime logistics value chain actors will increase their cyber-awareness level; they will validate their business continuity management minimizing business disruption potential. Cyber-MAR will act as a cost-efficient training solution covering the maritime logistics value chain. Cyber-MAR ultimate goal unfolds in two main directions:
• Establishing a “cyber ecosystem for preparing of cyber attacks”
• Estimating the impact of cyber-attack from a financial perspective and supporting the undertaking of prompt decisions
These goals are further analyzed in the CyberMAR high-level objectives which are:
• O1. Enhance capabilities of cybersecurity professionals and raise awareness on cyber-risks
• O2. Assess cyber-risks for operational technologies (OT)
• O3. Quantify the economic impact of cyber-attacks across different industries with a focus on port disruption
• O4. Promote cyber-insurance market maturity in the maritime logistics sector (adaptable to other transport sectors as well)
• O5. Establish and extend CERTs/CSIRTs, competent authorities and relevant actors collaboration and engagement

In its first year the Cyber-MAR project focused on the completion of all the necessary actions in order to set the foundations for the implementation of the technological solutions, the preparation of the training activities and the related educational material as well as the analysis of the cybersecurity, and specifically the cyber-range, domain landscape. For this the following activities have taken place:
• A thorough State of the art analysis of Cyber-range technologies
• A precise collection of User requirements through an online questionnaire which acquired feedback from a significant number of stakeholder of the maritime domain.
• Definition of Use Cases that include applications of the Cyber-MAR tools in activities related to the Energy sources in the Port of Valencia, Maintenance Network in Piraeus Container terminal and vessel navigation and automation systems.
• Elucidation of System Requirements and Functional Specifications mapped to the user requirements
• Definition of the System Design and Architecture by producing functional and physical views of the Cyber-MAR cyber-range architecture which includes several network and services simulation components, Intrusion Detection, Incident detection and Recommendation engine systems as well as Risk Analysis and Econometric models together with Situation Awareness and incident information sharing tools for CERTs.
• A careful analysis of the risks and vulnerabilities related to the Cyber-MAR use cases and a study of the currently adopted policies and definition of a generic cybersecurity policy applicable to the broad maritime domain
• Thorough analysis of the limitations and existing gaps in the maritime cybersecurity area in Europe as a base for Guidelines for the Cybersecurity Training Programme across EU
• A first version of the exploitation and commercialization analysis for the Cyber-MAR project
• Thorough analysis of the ethical and legal framework for ensuring the compliance of the project activities with the ethics requirements.

Cyber-MAR project has set a number of ambitious goals to produce progress beyond the state of the art in a broad spectrum of significant fields and component categories. The progress achieved in its first year per catergory is detailed below:
• Operational Technologies hybrid (real / virtual) coupling: The development of a physical I/O interconnection system and of a graphical design tool for setting up the interconnections between the various types of equipment to be simulated or connected to the cyber-range system, has started.
• Intrusion detection and prevention: The initial design for the IDS module has been conducted and a careful technology evaluation and selection for component implementations has been done.
• Networking Interconnection system with other cyber ranges / simulation environments: At the project’s architecture core an orchestrator component has been defined together with different API levels that will formulate the framework for the integration of the different Cyber-MAR components.This framework is planned to be further expanded in order to explore the interconnection with other cyber ranges and environments
• Data analytics and intelligence extraction: Extensive review of the literature relevant to modeling cyber-attacks and projecting future actions of cyber attackers has been done. Probabilistic models (Bayesian and Markov networks, Markov Logic reasoning, probabilistic Event Calculus) has been evaluated regarding their potential use in the Cyber-Mar scenarios. Generic algorithms implementing the training of and inference from a general Variable Length Markov Model have been designed and implemented.
• Situational Awareness Module: initial design for the Expert Situational Awareness (SA) module and the High-level SA module have been produced.

In the following periods, it is expected that the project will be able to implement, test, evaluate and deliver an integrated cyber-range solution, based on the designed components, that will combine all the necessary functionalities for enhancing the resilience of target organizations, will allow the identification of recurring or emerging patterns of cyber-attacks and privacy breaches, will offer the potential to big players of logistics domain to join forces on estimating cyber-risk, will provide of a fully customizable and tailored view on the trade-offs, aims to increase the available open tools in number and variety, while offering an intuitive integration to all (physical and virtual) IT components and finally will offer accessible training infrastructures for cyber-defense, in OT, transport and logistics domains.