Periodic Reporting for period 2 - Cyber-MAR (Cyber preparedness actions for a holistic approach and awareness raising in the MARitime logistics supply chain)
Reporting period: 2020-09-01 to 2023-02-28
• Establishing a “cyber ecosystem for preparing of cyber attacks”
• Estimating the impact of cyber-attack from a financial perspective and supporting the undertaking of prompt decisions
These goals are further analyzed into the following Cyber-MAR high-level objectives:
• O1. Enhance capabilities of cybersecurity professionals and raise awareness on cyber-risks
• O2. Assess cyber-risks for operational technologies (OT)
• O3. Quantify the economic impact of cyber-attacks across different industries with a focus on port disruption
• O4. Promote cyber-insurance market maturity in the maritime logistics sector (adaptable to other transport sectors as well)
• O5. Establish and extend CERTs/CSIRTs, competent authorities and relevant actors collaboration and engagement
The capabilities of Cyber Ranges were extended allowing the simulation of highly realistic maritime environments through the interconnection with real automation equipment (SCADA, PLCs, sensors and actuators) and virtual PLCs. A physical I/O system was implemented, adding support for analogue and digital stimuli used by real automation equipment. Native hybrid support of AIS was added to the Cyber-MAR Cyber Range allowing the connection of real AIS transceivers to the platform and simulating the sending and receiving of AIS messages.
A specific maritime MISP community for increased threat intelligence, facilitating the communication with CERT/CSIRT networks, was created. The Maritime Cyber-Risk Assessment (MaCRA) framework was introduced and validated using data from CERT/CSIRTs, providing comprehensive quantifiers and visual aids for understanding maritime cyber-risks. An Econometric Model was developed, validated for the three pilot scenarios and connected to the MaCRA framework for quantifying the propagation of port’s operations disruption through multiple global value chains.
All components and elements were integrated, tested and deployed in the Cyber-MAR platform following a three-phases incremental integration approach based on the maturity level of the components. Three pilots related to cyber-attacks to i) energy sources at the port of Valencia, ii) vessel navigation and automation systems and iii) SCADA systems at the Port of Piraeus, each one associated with the end of each integration phase, have been successfully implemented and evaluated using defined KPIs. Furthermore, a Learning Management System was developed and seamlessly integrated in the Cyber-MAR platform for supporting the delivery of the designed agile learning process with a focus on hands-on training through the Cyber-MAR environment. A total of 12 training sessions and 1 major CTF were delivered, with a total of 373 trainees participating.
Finally, based on the results from pilots and training, guidelines and recommendations for cybersecurity training in Europe, with Cyber Ranges as a core element, were produced. Key Exploitable Results were identified, and a joint exploitation strategy was formulated. From a dissemination perspective, to make the findings of Cyber-MAR known as widely as possible among scientific community, maritime stakeholders and the general public, the project has been presented in several events such as workshops, symposiums and webinars. Moreover, a significant number of scientific publications in prestigious conferences and journals have been published and are available on the Cyber-MAR’s website.
Through the situational awareness module, non-IT experts can easily access the financial impact of defined cyber-attack scenarios given the specifications of current IT infrastructure or future components that they want to invest in. In such a way, Cyber-MAR gives them the opportunity to choose the optimal balance between investment costs and cyber-security assurance level.
Through the integrated LMS, maritime professionals and non IT-skilled personnel can be trained with respect to Cyber Ranges’ features, understand the implications of cyber-attacks and privacy breaches, identify potential vulnerabilities and realise the risk (and financial impact in case of breaches) of not following cyber-defence processes.
Cyber-MAR also advances the state-of-the-art in supply chain insurance risk analytics by providing improved econometric and risk modelling framework. The Econometric Model developed and coupled with the MaCRA framework is the first of its kind model that allows insurance companies transition from a qualitative assessment to a more robust quantitative treatment of supply chain risk. Moreover, the quantitative metrics from the EM can be ingested by corporations or governmental organizations to evaluate their potential risk and optimize their risk mitigation strategies. Cyber-MAR platform also provides CERT/CSIRTs with useful, integrated, and cost-effective set of tools to improve their preparedness against malware campaigns. This occurs with minimal IT infrastructure costs and with upscaled opportunities for coordination through interconnected Cyber Ranges coupled with a collective training platform for personnel belonging to different organisations.