1 Dr. Spyridon Papastergiou University of Piraeus (Greece)–Dept. of Informatics Multidimensional,

Slides:

Advertisements

Similar presentations

1 IT Risk Management in Government Jonathan Smith Sr. Risk Manager Commonwealth Security and Risk Management October 1,

Advertisements

J. David Tàbara Institute of Environmental Science and Technology Autonomous University of Barcelona Integrated Climate Governance.

A Unified Approach to Combat Counterfeiting: Use of the Digital Object Architecture and ITU-T Recommendation X.1255 Robert E. Kahn President & CEO CNRI,

Tenace FRAMEWORK and NIST Cybersecurity Framework Block IDENTIFY.

Crisis management related research at Information Technology for Security Department Crisis management related research at Information Technology for Security.

Logistics 10 February 2012, Brussels Transport E-Freight Conference 2012 ICT for transport logistics in a White Paper context: Paperless multimodal freight.

Evidence based policy making Seminar FP7 Work Programme December 2010, Paris, Université Paris Dauphine Maria Geronymaki DG INFSO.H.2 ICT for.

Nick Wainwright HP Labs / Effectsplus project. The report of a consultation of the Future Internet Assembly – a cross disciplinary assembly of researchers.

ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.

(Geneva, Switzerland, September 2014)

Framework for Improving Critical Infrastructure Cybersecurity Overview and Status Executive Order “Improving Critical Infrastructure Cybersecurity”

Getting Smarter with Information An Information Agenda Approach

Adaptive Processes Simpler, Faster, Better 1 Adaptive Processes Understanding Information Security ISO / BS7799.

SEC835 Database and Web application security Information Security Architecture.

A Research Agenda for Accelerating Adoption of Emerging Technologies in Complex Edge-to-Enterprise Systems Jay Ramanathan Rajiv Ramnath Co-Directors,

Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013 DRAFT.

The Climate Prediction Project Global Climate Information for Regional Adaptation and Decision-Making in the 21 st Century.

Protect critical information with a smart information-based-risk management strategy. Prepared by: Firas Mohamed Taher.

INFORMATION ASSURANCE USING C OBI T MEYCOR C OBI T CSA & MEYCOR C OBI T AG TOOLS.

IAEA International Atomic Energy Agency IAEA Nuclear Security Programme Enhancing cybersecurity in nuclear infrastructure TWG-NPPIC – IAEA May 09 – A.

Information flow-based Risk Assessment in Access Control Systems

CSIAC is a DoD Information Analysis Center (IAC) sponsored by the Defense Technical Information Center (DTIC) Presentation to: Insider Threat SOAR Workshop.

Convening Partners to Define the Landscape of the Future: Steps toward multi-partner Landscape Conservation Design June 2015 Steering Committee Workshop.

Vulnerability and Adaptation Methods and Tools. NATIONAL LOCAL INTEGRATED / DYNAMIC SECTORAL / STATIC GLOBAL GIS temporal Indicator analysis and ranking.

Adaptation knowledge needs and response under the UNFCCC process Adaptation Knowledge Day V Session 1: Knowledge Gaps Bonn, Germany 09 June 2014 Rojina.

A National approach to Cyber security/CIIP: Raising awareness.

Dependability in FP 6 Brian Randell Pisa Workshop, November 2002.

Presentation of projects’ ideas. 1. Madrid Network “A public-private network which aim is to contibute actively to position Madrid Region in the top.

Business Process Change and Discrete-Event Simulation: Bridging the Gap Vlatka Hlupic Brunel University Centre for Re-engineering Business Processes (REBUS)

JOINING UP GOVERNMENTS EUROPEAN COMMISSION Establishing a European Union Location Framework.

Geneva, Switzerland, April 2012 Introduction to session 7 - “Advancing e-health standards: Roles and responsibilities of stakeholders” Marco Carugi.

Welcome to Department of Computer and Systems Sciences – DSV.

Geosciences - Observations (Bob Wilhelmson) The geosciences in NSF’s world consists of atmospheric science, ocean science, and earth science Many of the.

How I learnt to trust the GRID Brian Collins Visiting Professor IAM, University of Southampton Vice President, IEE Ex Global CIO Clifford Chance Ex Director.

Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved.McGraw-Hill/Irwin.

ESRIF European Security Research and Innovation Forum Giancarlo Grasso, Finmeccanica ESRIF DEPUTY CHAIRMAN.

International Atomic Energy Agency Regulatory Review of Safety Cases for Radioactive Waste Disposal Facilities David G Bennett 7 April 2014.

19-20 October 2010 IT Directors’ Group meeting 1 Item 6 of the agenda ISA programme Pascal JACQUES Unit B2 - Methodology/Research Local Informatics Security.

TÜBİTAK – BİLGEM – SGE Cyber Security Institute

The Global Scene Wouter Los University of Amsterdam The Netherlands.

TÜBİTAK – BİLGEM – SGE Cyber Security Institute Asım Gençer Gökce TÜBİTAK BİLGEM Cyber Security Institute (SGE) Role: Cyber.

FROM PRINCIPLE TO PRACTICE: Implementing the Principles for Digital Development Perspectives and Recommendations from the Practitioner Community.

CYSM Collaborative Cyber/Physical Security Management System Assistant Professor Nineta Polemi University of Piraeus, “PREVENTION, PREPAREDENESS.

CYSM Risk Assessment Methodology Co-funded by the Prevention, Preparedness and Consequence Management of Terrorism and other Security-related Risks Programme.

1 Dr. Spyros Papastergiou, University of Piraeus (Greece)–Dept. of Informatics M. Zaharias Singular Logic (Greece) CYSM Risk Assessment Methodology.

TECHNICAL QUALITY MANAGEMENT Technical Quality Management Co-funded by the Prevention, Preparedness and Consequence Management of Terrorism and other Security-related.

University of Piraeus Research Centre (UPRC) Assistant Professor Nineta Polemi “PREVENTION, PREPAREDENESS AND CONSEQUENCE MANAGEMENT OF.

New Ecological Science Advice for Ecosystem Protection The EPA Science Advisory Board (SAB) Staff Office supports three external scientific advisory committees.

Sensing and Measurements Tom King Oak Ridge National Laboratory April 2016.

Overall Exploitation & Sustainability Strategy 4th Steering Committee meeting Co-funded by the Prevention, Preparedness and Consequence Management of Terrorism.

Security and resilience for Smart Hospitals Key findings

Quality Management System Deliverable Software 9115 revision A Key changes presentation IAQG 9115 Team March 2017.

Horizon 2020 Secure Societies European Info Day and Brokerage Event

ICT22 – 2016: Technologies for Learning and Skills ICT24 – 2016: Gaming and gamification Francesca Borrelli DG CONNECT, European Commission BRUXELLES.

Eric Peirano, Ph.D., TECHNOFI, COO

Crisis management related research at

Conduction of a simulation considering cascading effects

Center of Excellence in Cyber Security

and Security Management: ISO 28000

Security SIG in MTS 05th November 2013 DEG/MTS RISK-BASED SECURITY TESTING Fraunhofer FOKUS.

WP1 – Smart City Energy Assessment and User Requirements

Instantiation of the Concept in GAMMA Prototypes

Sustainable Fisheries in the Black Sea European Committee of the Regions 7 June 2017, Brussels Sustainability of Black Sea fisheries and tools for fisheries.

1Georgia Institute of Technology 2Chicago Booth School of Business

11/17/2018 9:32 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.

Conduction of a simulation considering cascading effects

Enhanced alerting and collaborative incident management

Cyber Security in a Risk Management Framework

Planning process in river basin management

IT Management Services Infrastructure Services

Presentation transcript:

1 Dr. Spyridon Papastergiou University of Piraeus (Greece)–Dept. of Informatics Multidimensional, integrated, risk assessment framework & dynamic, collaborative risk management tools for critical information infrastructures – MITIGATE Project

Maritime Sector

Maritime Ecosystem

Maritime Cyber Crime Related Activities

Risk Management Approaches The Risk Management Approaches are not appropriate for dealing with the distributed and interconnected nature of the dynamic ICT based maritime supply chains:  pay limited attention to Critical Information Infrastructures (CIIs). They tend to ignore the complex nature of the ICT systems and assets used in the maritime sector (e.g., SCADA), along with their interrelationships.  do not adequately take into account security processes associated with international supply chains. Need for rethinking risk management in the maritime sector, towards properly addressing the role of port CIIs and their impact on maritime supply chains.

MITIGATE Objectives Goal of MITIGATE is to realize a radical shift in risk management methodologies for the maritime sector towards a dynamic evidence- driven Maritime Supply Chain Risk Assessment (g-MSRA) approach that alleviates the limitations of state-of-the-art risk management frameworks. The project will develop an effective, collaborative, standards-based Risk Management (RM) system for port’s CIIs, which shall consider all threats arising from the global supply chain, including threats associated with portCIIs interdependencies and associated cascading effects.

Mitigate: Maritime SC Dynamic Risk Assessment System

CYSM MEDUSAMITIGATE AreaCYSMMedusaMITIGATE Scope & Context- Boundaries Protection of Port facilities (a targeted risk management methodology for ports’ CII.) Protection of the port supply chain (a methodological approach for the identification of multi-order dependencies of security incidents and risks, in the scope of multi-sector cross- border scenarios) Enhances CYSM & Medusa towards protecting the cyber port facilities in the scope of interacting supply chains (a Dynamic evidence-driven Maritime Supply Chain Risk Assessment model) Threats Landscape Internal (organization-wise) threats SC threat scenarios address in specific Medusa SC Services Dynamic threats scenarios and specific cyber attacks/threats paths and patterns arising from the whole maritime SC Impact Analysis Model Impact (cost, legal, technical…) of internal threats in terms of availability confidentiality, integrity Impact analysis of the static threat scenarios applied in the specific Medusa SC Services Enhances CYSM & Medusa: Impact analysis of dynamic threat scenarios applied in the whole maritime SC Counter measures Countermeasures for reducing ports’ risks Countermeasures for minimizing the consequences in the specific Medusa SC Services Dynamic selection of countermeasures for reducing the whole supply chains’ dynamic risks and threats Cartography capabilities Identification and representation of the ports’ architectural structure. Introduces algorithms for identifying multi-order dependencies between entities involved in specific Medusa SC Services Enhances CYSM & Medusa: Develop dynamic algorithms and techniques for capturing and analyzing multi-order dependencies in the global supply chain.

CYSM MEDUSAMITIGATE AreaCYSMMedusaMITIGATE Risk Analysis A straightforward approach that relies only on the ports’ users knowledge. Assesses security incidents and risks, in the scope specific Medusa SC Services A dynamic, rigorous, rational approach that produces high quality scientific and experimental based proofs and findings (e.g. simulation results, indicators, recommendations). Risk Computation al model A multi–criteria group decision making model (a set of criteria and parameters as well as the opinion of various users’ groups with different vision angle) Game and graph theory-based approaches and techniques to minimize the consequences of cascading effects in specific Medusa SC Services Simulation models (based on game theory and graph theory techniques) combined with a multi– criteria group decision making approach in order to produce timely, accurate, objective and high quality evidence, information and indicators. Standards Compliance ISO27001, 27005, ISPS (protection of the ports’ facilities) Support for ISO Security standards such as ISO27001, 27005, ISPS, ISO2800, ISO28001 (protection of the maritime ICT-based maritime supply chain) Predictive and forecasting capabilities A predefined list of threats associated with ports’ ICT and physical infrastructures. A predefined list of threats associated with specific Medusa SC Services Simulation models and processes for the representation and prediction of the possible attacks/threats paths and patterns. Risk Assessment (RA) tool A set of interactive and collaborative technologies. A set of visualization tools and techniques to model and simulate specific Medusa SC Services Adaptation of a number of risk management components developed in CYSM/MEDUSA; Incorporates a set of ICT technologies (semantic web technologies, cloud computing, BigData, crowd-sourcing technologies)

MITIGATE Consortium PartnerRole Fraunhofer Gesellschaft zur Förderung der angewandten Forschung e.V. (Fraunhofer) Project Coordinator/ Research Institute University of Piraeus Research Center (UPRC) Technical & Scientific Coordinator Austrian Institute of Technology (AIT) Research Institute Maggioli Spa (MAGG) Industrial Organizations SingularLogic Romania Computer Applications S.R.L (SiLO) Industrial Organizations Instituto Portuario de Estudios y Cooperación de la Comunidad Valenciana (FEPORTS) Research Institute University of Brighton (UB) Research Institute Piraeus Port Authority (PPA) Pilot/Stakeholders in Maritime Supply Chain Fondazione Accademia Italiana della Marina Mercantile (IMSSEA) Pilot/Stakeholders in Maritime Supply Chain La Fundación de la Comunidad Valenciana para la Investigación, Promoción y Estudios Comerciales de Valenciaport (VPORT) Pilot/Stakeholders in Maritime Supply Chain Port of Ravenna Authority (PRA) Pilot/Stakeholders in Maritime Supply Chain DBH Logistics IT AG (DBH) Pilot/Stakeholders in Maritime Supply Chain

Conclusions Mitigate targets to contribute to the effective protection of the ICT maritime supply chain by treating the resolution of the ICT maritime supply chain risks as a dynamic experimental environment that can be optimised involving all relevant maritime actors. Mitigate objective is to promote a more dynamic, rigorous, rational approach that gathers, critically appraises and uses high quality research evidence to enhance the risk assessment process.

Mykonos-GR