Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Dr. Spyridon Papastergiou University of Piraeus (Greece)–Dept. of Informatics Multidimensional,

Published byBenedict Payne Modified over 8 years ago

Similar presentations

Presentation on theme: "1 Dr. Spyridon Papastergiou University of Piraeus (Greece)–Dept. of Informatics Multidimensional,"— Presentation transcript:

1 1 Dr. Spyridon Papastergiou University of Piraeus (Greece)–Dept. of Informatics paps@unipi.gr http://athina.cs.unipi.gr/security-lab/ Multidimensional, integrated, risk assessment framework & dynamic, collaborative risk management tools for critical information infrastructures – MITIGATE Project

2 Maritime Sector

3 Maritime Ecosystem

4 Maritime Cyber Crime Related Activities

5 Risk Management Approaches The Risk Management Approaches are not appropriate for dealing with the distributed and interconnected nature of the dynamic ICT based maritime supply chains:  pay limited attention to Critical Information Infrastructures (CIIs). They tend to ignore the complex nature of the ICT systems and assets used in the maritime sector (e.g., SCADA), along with their interrelationships.  do not adequately take into account security processes associated with international supply chains. Need for rethinking risk management in the maritime sector, towards properly addressing the role of port CIIs and their impact on maritime supply chains.

6 MITIGATE Objectives Goal of MITIGATE is to realize a radical shift in risk management methodologies for the maritime sector towards a dynamic evidence- driven Maritime Supply Chain Risk Assessment (g-MSRA) approach that alleviates the limitations of state-of-the-art risk management frameworks. The project will develop an effective, collaborative, standards-based Risk Management (RM) system for port’s CIIs, which shall consider all threats arising from the global supply chain, including threats associated with portCIIs interdependencies and associated cascading effects.

7 Mitigate: Maritime SC Dynamic Risk Assessment System

8 CYSM MEDUSAMITIGATE AreaCYSMMedusaMITIGATE Scope & Context- Boundaries Protection of Port facilities (a targeted risk management methodology for ports’ CII.) Protection of the port supply chain (a methodological approach for the identification of multi-order dependencies of security incidents and risks, in the scope of multi-sector cross- border scenarios) Enhances CYSM & Medusa towards protecting the cyber port facilities in the scope of interacting supply chains (a Dynamic evidence-driven Maritime Supply Chain Risk Assessment model) Threats Landscape Internal (organization-wise) threats SC threat scenarios address in specific Medusa SC Services Dynamic threats scenarios and specific cyber attacks/threats paths and patterns arising from the whole maritime SC Impact Analysis Model Impact (cost, legal, technical…) of internal threats in terms of availability confidentiality, integrity Impact analysis of the static threat scenarios applied in the specific Medusa SC Services Enhances CYSM & Medusa: Impact analysis of dynamic threat scenarios applied in the whole maritime SC Counter measures Countermeasures for reducing ports’ risks Countermeasures for minimizing the consequences in the specific Medusa SC Services Dynamic selection of countermeasures for reducing the whole supply chains’ dynamic risks and threats Cartography capabilities Identification and representation of the ports’ architectural structure. Introduces algorithms for identifying multi-order dependencies between entities involved in specific Medusa SC Services Enhances CYSM & Medusa: Develop dynamic algorithms and techniques for capturing and analyzing multi-order dependencies in the global supply chain.

9 CYSM MEDUSAMITIGATE AreaCYSMMedusaMITIGATE Risk Analysis A straightforward approach that relies only on the ports’ users knowledge. Assesses security incidents and risks, in the scope specific Medusa SC Services A dynamic, rigorous, rational approach that produces high quality scientific and experimental based proofs and findings (e.g. simulation results, indicators, recommendations). Risk Computation al model A multi–criteria group decision making model (a set of criteria and parameters as well as the opinion of various users’ groups with different vision angle) Game and graph theory-based approaches and techniques to minimize the consequences of cascading effects in specific Medusa SC Services Simulation models (based on game theory and graph theory techniques) combined with a multi– criteria group decision making approach in order to produce timely, accurate, objective and high quality evidence, information and indicators. Standards Compliance ISO27001, 27005, ISPS (protection of the ports’ facilities) Support for ISO28000. Security standards such as ISO27001, 27005, ISPS, ISO2800, ISO28001 (protection of the maritime ICT-based maritime supply chain) Predictive and forecasting capabilities A predefined list of threats associated with ports’ ICT and physical infrastructures. A predefined list of threats associated with specific Medusa SC Services Simulation models and processes for the representation and prediction of the possible attacks/threats paths and patterns. Risk Assessment (RA) tool A set of interactive and collaborative technologies. A set of visualization tools and techniques to model and simulate specific Medusa SC Services Adaptation of a number of risk management components developed in CYSM/MEDUSA; Incorporates a set of ICT technologies (semantic web technologies, cloud computing, BigData, crowd-sourcing technologies)

10 MITIGATE Consortium PartnerRole Fraunhofer Gesellschaft zur Förderung der angewandten Forschung e.V. (Fraunhofer) Project Coordinator/ Research Institute University of Piraeus Research Center (UPRC) Technical & Scientific Coordinator Austrian Institute of Technology (AIT) Research Institute Maggioli Spa (MAGG) Industrial Organizations SingularLogic Romania Computer Applications S.R.L (SiLO) Industrial Organizations Instituto Portuario de Estudios y Cooperación de la Comunidad Valenciana (FEPORTS) Research Institute University of Brighton (UB) Research Institute Piraeus Port Authority (PPA) Pilot/Stakeholders in Maritime Supply Chain Fondazione Accademia Italiana della Marina Mercantile (IMSSEA) Pilot/Stakeholders in Maritime Supply Chain La Fundación de la Comunidad Valenciana para la Investigación, Promoción y Estudios Comerciales de Valenciaport (VPORT) Pilot/Stakeholders in Maritime Supply Chain Port of Ravenna Authority (PRA) Pilot/Stakeholders in Maritime Supply Chain DBH Logistics IT AG (DBH) Pilot/Stakeholders in Maritime Supply Chain

11 Conclusions Mitigate targets to contribute to the effective protection of the ICT maritime supply chain by treating the resolution of the ICT maritime supply chain risks as a dynamic experimental environment that can be optimised involving all relevant maritime actors. Mitigate objective is to promote a more dynamic, rigorous, rational approach that gathers, critically appraises and uses high quality research evidence to enhance the risk assessment process.

12 Mykonos-GR

Download ppt "1 Dr. Spyridon Papastergiou University of Piraeus (Greece)–Dept. of Informatics Multidimensional,"

Similar presentations

1 www.vita.virginia.gov IT Risk Management in Government Jonathan Smith Sr. Risk Manager Commonwealth Security and Risk Management October 1, 2013 www.vita.virginia.gov.

1 IT Risk Management in Government Jonathan Smith Sr. Risk Manager Commonwealth Security and Risk Management October 1,
J. David Tàbara Institute of Environmental Science and Technology Autonomous University of Barcelona Integrated Climate Governance.

J. David Tàbara Institute of Environmental Science and Technology Autonomous University of Barcelona Integrated Climate Governance.
A Unified Approach to Combat Counterfeiting: Use of the Digital Object Architecture and ITU-T Recommendation X.1255 Robert E. Kahn President & CEO CNRI,

A Unified Approach to Combat Counterfeiting: Use of the Digital Object Architecture and ITU-T Recommendation X.1255 Robert E. Kahn President & CEO CNRI,
Tenace FRAMEWORK and NIST Cybersecurity Framework Block IDENTIFY.

Tenace FRAMEWORK and NIST Cybersecurity Framework Block IDENTIFY.
Crisis management related research at Information Technology for Security Department Crisis management related research at Information Technology for Security.

Crisis management related research at Information Technology for Security Department Crisis management related research at Information Technology for Security.
Logistics 10 February 2012, Brussels Transport E-Freight Conference 2012 ICT for transport logistics in a White Paper context: Paperless multimodal freight.

Logistics 10 February 2012, Brussels Transport E-Freight Conference 2012 ICT for transport logistics in a White Paper context: Paperless multimodal freight.
Evidence based policy making Seminar FP7 Work Programme 2011-2012 2 December 2010, Paris, Université Paris Dauphine Maria Geronymaki DG INFSO.H.2 ICT for.

Evidence based policy making Seminar FP7 Work Programme December 2010, Paris, Université Paris Dauphine Maria Geronymaki DG INFSO.H.2 ICT for.
Nick Wainwright HP Labs / Effectsplus project. The report of a consultation of the Future Internet Assembly – a cross disciplinary assembly of researchers.

Nick Wainwright HP Labs / Effectsplus project. The report of a consultation of the Future Internet Assembly – a cross disciplinary assembly of researchers.
ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.

ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.
(Geneva, Switzerland, September 2014)

(Geneva, Switzerland, September 2014)
Framework for Improving Critical Infrastructure Cybersecurity Overview and Status Executive Order 13636 “Improving Critical Infrastructure Cybersecurity”

Framework for Improving Critical Infrastructure Cybersecurity Overview and Status Executive Order “Improving Critical Infrastructure Cybersecurity”
Getting Smarter with Information An Information Agenda Approach

Getting Smarter with Information An Information Agenda Approach
Adaptive Processes Simpler, Faster, Better 1 Adaptive Processes Understanding Information Security ISO 17799 / BS7799.

Adaptive Processes Simpler, Faster, Better 1 Adaptive Processes Understanding Information Security ISO / BS7799.
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.
A Research Agenda for Accelerating Adoption of Emerging Technologies in Complex Edge-to-Enterprise Systems Jay Ramanathan Rajiv Ramnath Co-Directors,

A Research Agenda for Accelerating Adoption of Emerging Technologies in Complex Edge-to-Enterprise Systems Jay Ramanathan Rajiv Ramnath Co-Directors,
Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013 DRAFT.

Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013 DRAFT.
The Climate Prediction Project Global Climate Information for Regional Adaptation and Decision-Making in the 21 st Century.

The Climate Prediction Project Global Climate Information for Regional Adaptation and Decision-Making in the 21 st Century.
Protect critical information with a smart information-based-risk management strategy. Prepared by: Firas Mohamed Taher.

Protect critical information with a smart information-based-risk management strategy. Prepared by: Firas Mohamed Taher.
INFORMATION ASSURANCE USING C OBI T MEYCOR C OBI T CSA & MEYCOR C OBI T AG TOOLS.

INFORMATION ASSURANCE USING C OBI T MEYCOR C OBI T CSA & MEYCOR C OBI T AG TOOLS.
IAEA International Atomic Energy Agency IAEA Nuclear Security Programme Enhancing cybersecurity in nuclear infrastructure TWG-NPPIC – IAEA May 09 – A.

IAEA International Atomic Energy Agency IAEA Nuclear Security Programme Enhancing cybersecurity in nuclear infrastructure TWG-NPPIC – IAEA May 09 – A.

Similar presentations

Ads by Google