An Adaptive Supply Chain Cyber Risk Management Methodology

Maritime information infrastructures have developed to highly interrelated cyber ecosystems, where ports as well as their partners are connected in dynamic Information and Communication Technology (ICT)-based maritime supply chains. This makes them open and vulnerable to the rapidly changing ICT threat landscape. Hence, attacks on a seemingly isolated system of one business partner may propagate through the whole supply chain, causing cascading effects and resulting in large-scale impacts. In this article, we want to present a novel risk management methodology to assess the risk level of an entire maritime supply chain. This methodology builds upon publicly available information, well-defined mathematical approaches and best practices to automatically identify and assess vulnerabilities and potential threats of the involved cyber assets. This leads to a constantly updated risk evaluation of each business partner’s cyber assets together with their cyber interconnections with other business partners. The presented risk management methodology is based on qualitative risk scales, which makes the assessment as well as the results more intuitive. Furthermore, it enables a holistic view on all of the integrated ICT-systems as well as their interdependencies and thus can increase the security level of both a whole supply chain and every participating business partner

STORM - Collaborative Security Management Environment

Part 9: Security and TrustInternational audienceSecurity Management is a necessary process in order to obtain an accurate security policy for Information and Communication Systems (ICS). Organizations spend a lot of money and time to implement their security policy. Existing risk assessment, business continuity and security management tools are unable to meet the growing needs of the current, distributed, complex IS and their critical data and services. Identifying these weaknesses and exploiting advanced open-source technologies and interactive software tools, we propose a secure, collaborative environment (STORM) for the security management of ICS’s

Swarm Intelligence Based Multi-Agent Communication Model for Securing Healthcare Ecosystem

The healthcare ecosystem is complex by its inherent nature, which consists of a heterogeneous set of actors, entities, and sub-systems to deliver multidisciplinary and collaborative health services. The increased use of connected medical devices makes such an ecosystem more vulnerable and increases the cyber-attack surface. Traditional security methods are insufficient to deal with such a high degree of interconnected medical and IoT devices. There is a need for security approaches based on concepts of collaboration, cooperation, autonomy and dynamism to ensure timely security of the whole healthcare ecosystem. This work adopts swarm-based principles with multi-agent systems to meet collaboration, distribution and robustness requirements, thus improving the healthcare ecosystem’s security. The paper presents a swarm-based agent-to-agent communication model founded on the collaboration among primary and supervisor agents to acquire new knowledge related to the healthcare ecosystem. The proposed model is based on the direct collaboration between primary agents that provides supervisor agents with local security-related information and the indirect collaboration between supervisor agents that exchange stigmergic information through the environment to make a collectively informed decision. The communication model is implemented using the BDI (Belief-Desire-Intention) approach. The preliminary results show the communication model’s robustness, scalability and responsiveness for securing the healthcare ecosystem

An adaptive supply chain cyber risk management methodology

Maritime information infrastructures have developed to highly interrelated cyber ecosystems, where ports as well as their partners are connected in dynamic Information and Communication Technology (ICT)-based maritime supply chains. This makes them open and vulnerable to the rapidly changing ICT threat landscape. Hence, attacks on a seemingly isolated system of one business partner may propagate through the whole supply chain, causing cascading effects and resulting in large-scale impacts. In this article, we want to present a novel risk management methodology to assess the risk level of an entire maritime supply chain. This methodology builds upon publicly available information, well-defined mathematical approaches and best practices to automatically identify and assess vulnerabilities and potential threats of the involved cyber assets. This leads to a constantly updated risk evaluation of each business partner’s cyber assets together with their cyber interconnections with other business partners. The presented risk management methodology is based on qualitative risk scales, which makes the assessment as well as the results more intuitive. Furthermore, it enables a holistic view on all of the integrated ICT-systems as well as their interdependencies and thus can increase the security level of both a whole supply chain and every participating business partner

Deliverable D7.2 - Stakeholders’ Evaluation

This deliverable details the evaluation of the stakeholders involved in the pilot user operations of the MITIGATE system. It is produced based on tasks T7.2, namely the Users’ and Stakeholders’ evaluation and the questionnaires specified in T7.1 and D7.1, which dealt with the evaluation methodology. In the following, the observations, recommendations and comments collected by the different pilot sites during their test events are summarized, presented and analyzed. This is followed by an evaluation that was carried out among the attendees of the pilot user tests. Both evaluations resulted in many and partly the same valuable recommendations and suggestions and this feedback was successfully passed on to the developers to improve the system. This has resulted in several beta releases

Deliverable D7.5 - Best Practices for Replicability and Wider Use

Despite the importance of Critical Information Infrastructures (CIIs) and dynamic ICT‐based maritime supply chains (SCs) for port operations, state‐of‐the‐art Risk Management (RM) methodologies for maritime environments pay limited attention to cyber‐security and do not adequately address security processes for international SCs. Motivated by these limitations, MITIGATE will introduce, integrate, validate and commercialize a novel RM system, which will empower stakeholders’ collaboration for the identification, assessment and mitigation of risks associated with cyber‐security assets and SC processes. This collaborative system will boost transparency in risk handling, while enabling the generation of unique evidence about risk assessment and mitigation. At the heart of the RM system will be an open simulation environment enabling stakeholders to simulate risks and evaluate risk mitigation actions. This environment will allow users to model, design, execute and analyze attack‐oriented simulations. Emphasis will be paid on the estimation of cascading effects in SCs, as well as on the prediction of future risks. MITIGATE will be compliant with prominent security standards and regulations for the maritime sector (i.e. ISO27000, ISO28000, ISPS). The MITIGATE system will be built based on readily available technologies of the partners, which will enable the project to produce a mature (high‐TRL) system at an optimal value‐for‐money. The system will be validated based on real‐life pilot operations across five EU ports (Bremen, Piraeus, Valencia, Ravenna, Livorno) with the active participation of over 500 users (security officers, terminal operators, facility operators, standardization experts and more). Also, the project’s approach will be contributed as a blueprint to the NIS public‐private platform. Finally, significant effort will be devoted to the commercialization of the MITIGATE system based on pragmatic business plans and market launch actions

Deliverable D7.4 - Repositories of Empirical Knowledge

This deliverable corresponds to the repositories of simulation scenarios, risk models, assurance models and more. The deliverable reflects the outcomes of task T7.4. “Repositories of threats, countermeasures and simulated scenarios”

Deliverable D6.3 - Best Practices for Replicability and Wider Use

This deliverable details the evaluation methodology of the MITIGATE project. It is produced based on tasks T2.2 and T7.1

Deliverable D6.2 - External Pilot Operations

The main MITIGATE scope is to provide an innovative Maritime Security System, which integrates an effective, collaborative, standards‐based (i.e. ISO27001, ISO28000) Risk Management services’ platform for Maritime Organizations and Critical Infrastructures (i.e. ports). Specifically, it enables Maritime Organizations to manage their security in a holistic, integrated and cost‐effective manner, while at the same time producing and sharing knowledge associated with the identification, assessment and quantification of cascading effects from their Supply Chain (SC). Since, the first stable version of the MITIGATE system is already up and running, it has been presented to all involved Business Partners and the training material of all types (online help, videos, etc.) is already prepared, the consortium prepared all pilot sites to first involve their internal users. The main objective of deliverable D6.2 is to present the results of the MITIGATE pilot’s operations with external pilot users, and their organization, considering the pilot scenarios specified in WP2 and WP5 and the training processes performed in WP5

Deliverable D8.5 - Report on Dissemination and Communication Activities (Final Iteration)

The scope of this deliverable is to report the dissemination activities performed during the entire project lifecycle and their alignment with the Dissemination and Communication plan described in D8.1. The dissemination activities are reported in distinct categories and their impact to the project progress is analysed in a qualitative and quantitative way. The present deliverable consists the second iteration of D8.2 Report on Dissemination and Communication Activities, as it was submitted in 2017