11 research outputs found
An Adaptive Supply Chain Cyber Risk Management Methodology
Maritime information infrastructures have developed to highly interrelated cyber ecosystems, where ports as well as their partners are connected in dynamic Information and Communication Technology (ICT)-based maritime supply chains. This makes them open and vulnerable to the rapidly changing ICT threat landscape. Hence, attacks on a seemingly isolated system of one business partner may propagate through the whole supply chain, causing cascading effects and resulting in large-scale impacts. In this article, we want to present a novel risk management methodology to assess the risk level of an entire maritime supply chain. This methodology builds upon publicly available information, well-defined mathematical approaches and best practices to automatically identify and assess vulnerabilities and potential threats of the involved cyber assets. This leads to a constantly updated risk evaluation of each business partnerâs cyber assets together with their cyber interconnections with other business partners. The presented risk management methodology is based on qualitative risk scales, which makes the assessment as well as the results more intuitive. Furthermore, it enables a holistic view on all of the integrated ICT-systems as well as their interdependencies and thus can increase the security level of both a whole supply chain and every participating business partner
STORM - Collaborative Security Management Environment
Part 9: Security and TrustInternational audienceSecurity Management is a necessary process in order to obtain an accurate security policy for Information and Communication Systems (ICS). Organizations spend a lot of money and time to implement their security policy. Existing risk assessment, business continuity and security management tools are unable to meet the growing needs of the current, distributed, complex IS and their critical data and services. Identifying these weaknesses and exploiting advanced open-source technologies and interactive software tools, we propose a secure, collaborative environment (STORM) for the security management of ICSâs
Swarm Intelligence Based Multi-Agent Communication Model for Securing Healthcare Ecosystem
The healthcare ecosystem is complex by its inherent nature, which consists of a heterogeneous set of actors, entities, and sub-systems to deliver multidisciplinary and collaborative health services. The increased use of connected medical devices makes such an ecosystem more vulnerable and increases the cyber-attack surface. Traditional security methods are insufficient to deal with such a high degree of interconnected medical and IoT devices. There is a need for security approaches based on concepts of collaboration, cooperation, autonomy and dynamism to ensure timely security of the whole healthcare ecosystem. This work adopts swarm-based principles with multi-agent systems to meet collaboration, distribution and robustness requirements, thus improving the healthcare ecosystemâs security. The paper presents a swarm-based agent-to-agent communication model founded on the collaboration among primary and supervisor agents to acquire new knowledge related to the healthcare ecosystem. The proposed model is based on the direct collaboration between primary agents that provides supervisor agents with local security-related information and the indirect collaboration between supervisor agents that exchange stigmergic information through the environment to make a collectively informed decision. The communication model is implemented using the BDI (Belief-Desire-Intention) approach. The preliminary results show the communication modelâs robustness, scalability and responsiveness for securing the healthcare ecosystem
An adaptive supply chain cyber risk management methodology
Maritime information infrastructures have developed to highly interrelated cyber
ecosystems, where ports as well as their partners are connected in dynamic Information
and Communication Technology (ICT)-based maritime supply chains.
This makes them open and vulnerable to the rapidly changing ICT threat landscape.
Hence, attacks on a seemingly isolated system of one business partner
may propagate through the whole supply chain, causing cascading effects and
resulting in large-scale impacts. In this article, we want to present a novel risk
management methodology to assess the risk level of an entire maritime supply
chain. This methodology builds upon publicly available information, well-defined
mathematical approaches and best practices to automatically identify and assess
vulnerabilities and potential threats of the involved cyber assets. This leads
to a constantly updated risk evaluation of each business partnerâs cyber assets
together with their cyber interconnections with other business partners. The
presented risk management methodology is based on qualitative risk scales,
which makes the assessment as well as the results more intuitive. Furthermore, it
enables a holistic view on all of the integrated ICT-systems as well as their interdependencies and thus can increase the security level of both a whole supply chain
and every participating business partner
Deliverable D7.2 - Stakeholdersâ Evaluation
This deliverable details the evaluation of the stakeholders involved in the pilot user operations of the MITIGATE system. It is produced based on tasks T7.2, namely the Usersâ and Stakeholdersâ evaluation and the questionnaires specified in T7.1 and D7.1, which dealt with the evaluation methodology. In the following, the observations, recommendations and comments collected by the different pilot sites during their test events are summarized, presented and analyzed. This is followed by an evaluation that was carried out among the attendees of the pilot user tests. Both evaluations resulted in many and partly the same valuable recommendations and suggestions and this feedback was successfully passed on to the developers to improve the system. This has resulted in several beta releases
Deliverable D7.5 - Best Practices for Replicability and Wider Use
Despite the importance of Critical Information Infrastructures (CIIs) and dynamic ICTâbased maritime supply chains (SCs) for port operations, stateâofâtheâart Risk Management (RM) methodologies for maritime environments pay limited attention to cyberâsecurity and do not adequately address security processes for international SCs. Motivated by these limitations, MITIGATE will introduce, integrate, validate and commercialize a novel RM system, which will empower stakeholdersâ collaboration for the identification, assessment and mitigation of risks associated with cyberâsecurity assets and SC processes. This collaborative system will boost transparency in risk handling, while enabling the generation of unique evidence about risk assessment and mitigation. At the heart of the RM system will be an open simulation environment enabling stakeholders to simulate risks and evaluate risk mitigation actions. This environment will allow users to model, design, execute and analyze attackâoriented simulations. Emphasis will be paid on the estimation of cascading effects in SCs, as well as on the prediction of future risks. MITIGATE will be compliant with prominent security standards and regulations for the maritime sector (i.e. ISO27000, ISO28000, ISPS). The MITIGATE system will be built based on readily available technologies of the partners, which will enable the project to produce a mature (highâTRL) system at an optimal valueâforâmoney. The system will be validated based on realâlife pilot operations across five EU ports (Bremen, Piraeus, Valencia, Ravenna, Livorno) with the active participation of over 500 users (security officers, terminal operators, facility operators, standardization experts and more). Also, the projectâs approach will be contributed as a blueprint to the NIS publicâprivate platform. Finally, significant effort will be devoted to the commercialization of the MITIGATE system based on pragmatic business plans and market launch actions
Deliverable D7.4 - Repositories of Empirical Knowledge
This deliverable corresponds to the repositories of simulation scenarios, risk models, assurance models and more. The deliverable reflects the outcomes of task T7.4. âRepositories of threats, countermeasures and simulated scenariosâ
Deliverable D6.3 - Best Practices for Replicability and Wider Use
This deliverable details the evaluation methodology of the MITIGATE project. It is produced based on tasks T2.2 and T7.1
Deliverable D6.2 - External Pilot Operations
The main MITIGATE scope is to provide an innovative Maritime Security System, which integrates an effective, collaborative, standardsâbased (i.e. ISO27001, ISO28000) Risk Management servicesâ platform for Maritime Organizations and Critical Infrastructures (i.e. ports). Specifically, it enables Maritime Organizations to manage their security in a holistic, integrated and costâeffective manner, while at the same time producing and sharing knowledge associated with the identification, assessment and quantification of cascading effects from their Supply Chain (SC). Since, the first stable version of the MITIGATE system is already up and running, it has been presented to all involved Business Partners and the training material of all types (online help, videos, etc.) is already prepared, the consortium prepared all pilot sites to first involve their internal users. The main objective of deliverable D6.2 is to present the results of the MITIGATE pilotâs operations with external pilot users, and their organization, considering the pilot scenarios specified in WP2 and WP5 and the training processes performed in WP5
Deliverable D8.5 - Report on Dissemination and Communication Activities (Final Iteration)
The scope of this deliverable is to report the dissemination activities performed during the entire project lifecycle and their alignment with the Dissemination and Communication plan described in D8.1. The dissemination activities are reported in distinct categories and their impact to the project progress is analysed in a qualitative and quantitative way. The present deliverable consists the second iteration of D8.2 Report on Dissemination and Communication Activities, as it was submitted in 2017