- Visitas: 5527
The main goal of the two year CYSM project is to substantially enhance the protection of the ports' CIIs, on the basis of a holistic approach, which takes into account their dual cyber-physical view.
- Analyse the whole spectrum of ports' CIIs threats (physical and cyber), direct (from physical and cyber assets of the ports) and indirect (from interacting entities and other CIIs), identify their dependencies, correlations, diffusion and impact levels.
- Provide a dynamic risk management methodology (CYSM-RM) for the ports' CII considering their physical-cyber nature. This should rely on modeling and group decision making techniques using the collective knowledge of all users, estimating and rolling up risks across diverse target types, attack modes, and geographic levels. It will evaluate physical and cyber risks against the requirements specified in the ISPS Code (physical) and ISO27001 (cyber).
- Develop a collaborative security management system (CYSM system) enabling ports' CII operators to: Model physical and cyber assets and interdependencies; Analyze and manage internal/external/interdependent physical and cyber threats/vulnerabilities; Evaluate/manage risks (using CYSM-RM); Build crisis scenarios and prevention approaches assuring a minimum availability for the critical port services and procedures during emergency mode of operation; Forecast and monitor attacks, direct and indirect threats and their impact on operations and service provisioning; Automatically generate and update security docs (e.g., threats/counter measures/crisis scenarios/prevention mechanisms/ security policies/disaster recovery plans); Increase collaboration among ports' CII participants towards sharing security/safety/maritime knowledge (standards/legislation/best practices/ guidelines) and enabling collaborative resolution of issues.