Deliverable D4.2. Report on Standards and Regulations Compliance

Despite the importance of Critical Information Infrastructures (CIIs) and dynamic ICT-based maritime supply chains (SCs) for port operations, state-of-the-art Risk Management (RM) methodologies for maritime environments pay limited attention to cyber-security and do not adequately address security processes for international SCs. Motivated by these limitations, MITIGATE will introduce, integrate, validate and commercialize a novel RM system, which will empower stakeholders’ collaboration for the identification, assessment and mitigation of risks associated with cyber-security assets and SC processes. This collaborative system will boost transparency in risk handling, while enabling the generation of unique evidence about risk assessment and mitigation. At the heart of the RM system will be an open simulation environment enabling stakeholders to simulate risks and evaluate risk mitigation actions. This environment will allow users to model, design, execute and analyze attack-oriented simulations. Emphasis will be paid on the estimation of cascading effects in SCs, as well as on the prediction of future risks. MITIGATE will be compliant with prominent security standards and regulations for the maritime sector (i.e. ISO27000, ISO28000, ISPS).The MITIGATE system will be built based on readily available technologies of the partners, which will enable the project to produce a mature (high-TRL) system at an optimal value-for-money. The system will be validated based on real-life pilot operations across five EU ports (Bremen, Piraeus, Valencia, Ravenna, Livorno) with the active participation of over 500 users (security officers, terminal operators, facility operators, standardization experts and more). Also, the project’s approach will be contributed as a blueprint to the NIS public-private platform. Finally, significant effort will be devoted to the commercialization of the MITIGATE system based on pragmatic business plans and market launch actions

Deliverable D6.3 - Best Practices for Replicability and Wider Use

This deliverable details the evaluation methodology of the MITIGATE project. It is produced based on tasks T2.2 and T7.1

Deliverable D6.2 - External Pilot Operations

The main MITIGATE scope is to provide an innovative Maritime Security System, which integrates an effective, collaborative, standards‐based (i.e. ISO27001, ISO28000) Risk Management services’ platform for Maritime Organizations and Critical Infrastructures (i.e. ports). Specifically, it enables Maritime Organizations to manage their security in a holistic, integrated and cost‐effective manner, while at the same time producing and sharing knowledge associated with the identification, assessment and quantification of cascading effects from their Supply Chain (SC). Since, the first stable version of the MITIGATE system is already up and running, it has been presented to all involved Business Partners and the training material of all types (online help, videos, etc.) is already prepared, the consortium prepared all pilot sites to first involve their internal users. The main objective of deliverable D6.2 is to present the results of the MITIGATE pilot’s operations with external pilot users, and their organization, considering the pilot scenarios specified in WP2 and WP5 and the training processes performed in WP5

Deliverable D8.5 - Report on Dissemination and Communication Activities (Final Iteration)

The scope of this deliverable is to report the dissemination activities performed during the entire project lifecycle and their alignment with the Dissemination and Communication plan described in D8.1. The dissemination activities are reported in distinct categories and their impact to the project progress is analysed in a qualitative and quantitative way. The present deliverable consists the second iteration of D8.2 Report on Dissemination and Communication Activities, as it was submitted in 2017

D6.9 INTEGRATION OF RESULTS: POLICYCLOUD COMPLETE ENVIRONMENT M36

This deliverable has been released in December 2022, at M36 of the project, and its main objective is to specify the final integration results between the PolicyCLOUD components. This deliverable will follow the methodology of D6.2 and D6.8 that were respectively submitted in M12 (December 2020) and M24 (December 2021) which have two main pillars: Define common practices for integration and validation of the outcomes of the project Detail the cloud environment the project will make use of to demonstrate the results Regarding the former, GitLab will be the base code repository for the project, where the project already owns an organizational account. Over GitLab [1], the trunk-based development branching policy has been applied, as we considered it the most suitable policy given the project characteristics. Also, GitLab’s issue reporting tool has been adopted, as it is fully integrated with GitLab’s features. The test bed to support the demonstrators has been deployed over EGI’s (EGI) infrastructure where flexibility is one of the critical features. This deliverable abstractly incorporates all the changes and implementations that WP2, WP3, WP4 and WP5 had made during the second year of the project. More details about the components and the actual implementation can be found in the related WP deliverables [7] [8] [9]. In detail, the schemas of the data have been finalized so the standard version that we defined initiated the data import to the repository of PolicyCLOUD. Moreover, the infrastructure (IaaS) and the platform deployment (PaaS/ Serverless) have been restructured and reshaped based on the latest needs of the components. EGI deployed the new flavour of PolicyCLOUD to the Openstack Infrastructure and IBM made the proper changes to the Openwhisk middleware for the serverless and other services. The related WP deliverables highlight detailed information and instructions for each component change that in total orchestrate the PolicyCLOUD engine.This deliverable is submitted to the EC, not yet approved

D2.7 CONCEPTUAL MODEL & REFERENCE ARCHITECTURE

The third and final version of the PolicyCLOUD Conceptual Model & Reference Architecture (originally submitted as Deliverable D2.2 in September 2020 [20] with the second version submitted as D2.6 in June 2021 [21]) is presented in this document. The PolicyCLOUD Conceptual Model presents the overall project concept along 2 main axes. Along the first data axis PolicyCLOUD delivers Cloud Gateways and APIs to access data sources and adapt to their interfaces so as to simplify interaction and data collection from any source. Along the second main axis, the Policies Management Framework of PolicyCLOUD allows the definition of forward-looking policies as well as their dynamic adaptation and refocusing to the population they are applied on. Based on the project’s offerings along the main two axes of the Concept, five main building blocks (in a layered manner) define its Architecture: (1) The Cloud Based Environment and Data Acquisition, (2) Data Analytics, (3) the Policies Management Framework, (4) the Policy Development Toolkit and (5) The Marketplace. The architecture also includes a Data Governance Model, Protection and Privacy Enforcement and the Ethical Framework as depicted in Figure 2. The architecture allows for integrated data acquisition and analytics. It also allows data fusion with processing and initial analytics (see 7.6.5) as well as seamless analytics (see 7.6.6) on hybrid data at rest. Integration in PolicyCLOUD follows three directions: (i) architecture integration, (ii) integration with the cloud infrastructure and (iii) integration with Use Case scenarios through the implementation of end-to- end scenarios. Additional integration activities take place along the two frameworks of PolicyCLOUD, (a) the Data Governance model, protection and privacy enforcement mechanism and (b) the Ethical and Legal Compliance framework. For end-to-end data path analysis we have used two Use Case scenarios: (i) the scenario of Use Case 1: “Radicalization incidents” and the scenario of Use Case 2: “Visualization of negative and positive opinions on social networks for different products”. The new updates in this final document provide the following: Analysis of how External Frameworks can be integrated with PolicyCLOUD (section 7.6.11.4); Presentation of the overall Conceptual View and architecture of the Data Marketplace (section 7.9.1); Outline of the mechanisms developed for initialising the Policy Development Toolkit with Policy Model components and the visualization of results (section 7.8.3); Analysis of the Ethical and Legal Compliance Framework positive interventions to the PolicyCLOUD architecture, including the addition of specific fields/parameters to the registration Application Programming Interfaces to be populated with details regarding each individual analytics tool and dataset/data source (section 7.5); Presentation of the integration of the Data Governance model, protection and privacy enforcement mechanisms with the Policy Development Toolkit, the cloud gateways and the marketplace (section 7.10.2), and within the same context, the integration of EGI-Check-in with Keycloak including the integration of the Data Governance model, protection and privacy enforcement mechanisms with the Kubernetes cluster. The document also addresses the Reviewers’ comments to the previous version of the deliverable (Deliverable D2.6), included in the second review report. In order to address these comments, additional updates of Deliverable D2.7 include: (i) links to specific user/stakeholder requirements (D2.5), (ii) descriptions and implementation details for the two remaining pilot Use Cases (Sofia and London) and (iii) reference to EOSC and to the role of the Conceptual Model & Reference Architecture document for the identification of the relevant services and of their providers, and description of the onboarding process based on Deliverable D3.4 [22].This deliverable is submitted to the EC, not yet approved