Periodic Reporting for period 2 - Cyber-MAR (Cyber preparedness actions for a holistic approach and awareness raising in the MARitime logistics supply chain)
Période du rapport: 2020-09-01 au 2023-02-28
Cyber-MAR is an effort to fully unlock the value of the use of cyber ranges in the maritime logistics value chain via the development of an innovative simulation environment adapting in the peculiarities of the maritime sector but being at the same time easily applicable in other transport sectors. A combination of innovative technologies are the technology enablers of the Cyber-MAR platform which is not only a knowledge-based platform but more importantly a decision support tool to cybersecurity measures, by deploying novel risk analysis and econometric models. CSIRTs/CERTs data collected are analysed and fed to the knowledge-based platform’s scenarios and exercises. Through Cyber-MAR, the maritime logistics value chain actors can increase their cyber-awareness level, validate their business continuity management minimizing business disruption potential. Cyber-MAR also acts as a cost-efficient training solution covering the maritime logistics value chain. Cyber-MAR ultimate goal unfolds in two main directions:
• Establishing a “cyber ecosystem for preparing of cyber attacks”
• Estimating the impact of cyber-attack from a financial perspective and supporting the undertaking of prompt decisions
These goals are further analyzed into the following Cyber-MAR high-level objectives:
• O1. Enhance capabilities of cybersecurity professionals and raise awareness on cyber-risks
• O2. Assess cyber-risks for operational technologies (OT)
• O3. Quantify the economic impact of cyber-attacks across different industries with a focus on port disruption
• O4. Promote cyber-insurance market maturity in the maritime logistics sector (adaptable to other transport sectors as well)
• O5. Establish and extend CERTs/CSIRTs, competent authorities and relevant actors collaboration and engagement
• Establishing a “cyber ecosystem for preparing of cyber attacks”
• Estimating the impact of cyber-attack from a financial perspective and supporting the undertaking of prompt decisions
These goals are further analyzed into the following Cyber-MAR high-level objectives:
• O1. Enhance capabilities of cybersecurity professionals and raise awareness on cyber-risks
• O2. Assess cyber-risks for operational technologies (OT)
• O3. Quantify the economic impact of cyber-attacks across different industries with a focus on port disruption
• O4. Promote cyber-insurance market maturity in the maritime logistics sector (adaptable to other transport sectors as well)
• O5. Establish and extend CERTs/CSIRTs, competent authorities and relevant actors collaboration and engagement
Throughout its duration, the project fully achieved its objectives delivering significant results. Following focused end-user workshops and online questionnaires, user requirements were collected and analysed. Specific pilot scenarios and use cases were defined, system requirements and functional specifications mapped to the user requirements were elucidated, leading to the definition of the overall Cyber-MAR architecture. Based on that, Cyber Ranges and Ship Simulator interconnected were deployed and the Cyber-MAR components, offering capabilities of network security and intrusion detection (IDS, L-ADS, XL-SIEM), data fusion and analysis (Prediction Engine) and visualization (High-Level SA, Expert SA), were developed and tested.
The capabilities of Cyber Ranges were extended allowing the simulation of highly realistic maritime environments through the interconnection with real automation equipment (SCADA, PLCs, sensors and actuators) and virtual PLCs. A physical I/O system was implemented, adding support for analogue and digital stimuli used by real automation equipment. Native hybrid support of AIS was added to the Cyber-MAR Cyber Range allowing the connection of real AIS transceivers to the platform and simulating the sending and receiving of AIS messages.
A specific maritime MISP community for increased threat intelligence, facilitating the communication with CERT/CSIRT networks, was created. The Maritime Cyber-Risk Assessment (MaCRA) framework was introduced and validated using data from CERT/CSIRTs, providing comprehensive quantifiers and visual aids for understanding maritime cyber-risks. An Econometric Model was developed, validated for the three pilot scenarios and connected to the MaCRA framework for quantifying the propagation of port’s operations disruption through multiple global value chains.
All components and elements were integrated, tested and deployed in the Cyber-MAR platform following a three-phases incremental integration approach based on the maturity level of the components. Three pilots related to cyber-attacks to i) energy sources at the port of Valencia, ii) vessel navigation and automation systems and iii) SCADA systems at the Port of Piraeus, each one associated with the end of each integration phase, have been successfully implemented and evaluated using defined KPIs. Furthermore, a Learning Management System was developed and seamlessly integrated in the Cyber-MAR platform for supporting the delivery of the designed agile learning process with a focus on hands-on training through the Cyber-MAR environment. A total of 12 training sessions and 1 major CTF were delivered, with a total of 373 trainees participating.
Finally, based on the results from pilots and training, guidelines and recommendations for cybersecurity training in Europe, with Cyber Ranges as a core element, were produced. Key Exploitable Results were identified, and a joint exploitation strategy was formulated. From a dissemination perspective, to make the findings of Cyber-MAR known as widely as possible among scientific community, maritime stakeholders and the general public, the project has been presented in several events such as workshops, symposiums and webinars. Moreover, a significant number of scientific publications in prestigious conferences and journals have been published and are available on the Cyber-MAR’s website.
The capabilities of Cyber Ranges were extended allowing the simulation of highly realistic maritime environments through the interconnection with real automation equipment (SCADA, PLCs, sensors and actuators) and virtual PLCs. A physical I/O system was implemented, adding support for analogue and digital stimuli used by real automation equipment. Native hybrid support of AIS was added to the Cyber-MAR Cyber Range allowing the connection of real AIS transceivers to the platform and simulating the sending and receiving of AIS messages.
A specific maritime MISP community for increased threat intelligence, facilitating the communication with CERT/CSIRT networks, was created. The Maritime Cyber-Risk Assessment (MaCRA) framework was introduced and validated using data from CERT/CSIRTs, providing comprehensive quantifiers and visual aids for understanding maritime cyber-risks. An Econometric Model was developed, validated for the three pilot scenarios and connected to the MaCRA framework for quantifying the propagation of port’s operations disruption through multiple global value chains.
All components and elements were integrated, tested and deployed in the Cyber-MAR platform following a three-phases incremental integration approach based on the maturity level of the components. Three pilots related to cyber-attacks to i) energy sources at the port of Valencia, ii) vessel navigation and automation systems and iii) SCADA systems at the Port of Piraeus, each one associated with the end of each integration phase, have been successfully implemented and evaluated using defined KPIs. Furthermore, a Learning Management System was developed and seamlessly integrated in the Cyber-MAR platform for supporting the delivery of the designed agile learning process with a focus on hands-on training through the Cyber-MAR environment. A total of 12 training sessions and 1 major CTF were delivered, with a total of 373 trainees participating.
Finally, based on the results from pilots and training, guidelines and recommendations for cybersecurity training in Europe, with Cyber Ranges as a core element, were produced. Key Exploitable Results were identified, and a joint exploitation strategy was formulated. From a dissemination perspective, to make the findings of Cyber-MAR known as widely as possible among scientific community, maritime stakeholders and the general public, the project has been presented in several events such as workshops, symposiums and webinars. Moreover, a significant number of scientific publications in prestigious conferences and journals have been published and are available on the Cyber-MAR’s website.
Cyber-MAR advances beyond state-of-the art by extending Cyber Ranges with a unique capacity to fully simulate realistic complex industrial environments through the interconnection of physical and virtual systems. The integration with low-level parts of port and ship systems allows the estimation of the actual cyber-attack effects on the real operating environment. The interconnection of different Cyber Ranges also allows professionals to perform simulations and detect attacks on collaborating organisations’ systems, thus being able to fail-safe their own, not allowing for cascading effects to occur.
Through the situational awareness module, non-IT experts can easily access the financial impact of defined cyber-attack scenarios given the specifications of current IT infrastructure or future components that they want to invest in. In such a way, Cyber-MAR gives them the opportunity to choose the optimal balance between investment costs and cyber-security assurance level.
Through the integrated LMS, maritime professionals and non IT-skilled personnel can be trained with respect to Cyber Ranges’ features, understand the implications of cyber-attacks and privacy breaches, identify potential vulnerabilities and realise the risk (and financial impact in case of breaches) of not following cyber-defence processes.
Cyber-MAR also advances the state-of-the-art in supply chain insurance risk analytics by providing improved econometric and risk modelling framework. The Econometric Model developed and coupled with the MaCRA framework is the first of its kind model that allows insurance companies transition from a qualitative assessment to a more robust quantitative treatment of supply chain risk. Moreover, the quantitative metrics from the EM can be ingested by corporations or governmental organizations to evaluate their potential risk and optimize their risk mitigation strategies. Cyber-MAR platform also provides CERT/CSIRTs with useful, integrated, and cost-effective set of tools to improve their preparedness against malware campaigns. This occurs with minimal IT infrastructure costs and with upscaled opportunities for coordination through interconnected Cyber Ranges coupled with a collective training platform for personnel belonging to different organisations.
Through the situational awareness module, non-IT experts can easily access the financial impact of defined cyber-attack scenarios given the specifications of current IT infrastructure or future components that they want to invest in. In such a way, Cyber-MAR gives them the opportunity to choose the optimal balance between investment costs and cyber-security assurance level.
Through the integrated LMS, maritime professionals and non IT-skilled personnel can be trained with respect to Cyber Ranges’ features, understand the implications of cyber-attacks and privacy breaches, identify potential vulnerabilities and realise the risk (and financial impact in case of breaches) of not following cyber-defence processes.
Cyber-MAR also advances the state-of-the-art in supply chain insurance risk analytics by providing improved econometric and risk modelling framework. The Econometric Model developed and coupled with the MaCRA framework is the first of its kind model that allows insurance companies transition from a qualitative assessment to a more robust quantitative treatment of supply chain risk. Moreover, the quantitative metrics from the EM can be ingested by corporations or governmental organizations to evaluate their potential risk and optimize their risk mitigation strategies. Cyber-MAR platform also provides CERT/CSIRTs with useful, integrated, and cost-effective set of tools to improve their preparedness against malware campaigns. This occurs with minimal IT infrastructure costs and with upscaled opportunities for coordination through interconnected Cyber Ranges coupled with a collective training platform for personnel belonging to different organisations.