MITIGATE

Until recently, regulations on cyber security for ports and the maritime supply chain did not exist. However, cyber criminals have not only succeeded in shutting down or infecting software and hardware infrastructures, but also in diverting or mis-leading cargoes, ships and terminal equipment. The MITIGATE project has resulted in a risk management system specifically designed for the special needs of users of information infrastructures in the maritime supply chain.

Experts expect that the increasing networking of digital assets and Maritime 4.0 solutions will enable easier and more effective cyber attacks. A global study of risk experts ranked cyber incidents as the third highest business risk worldwide for all industries and expects it to be the highest business risk in the future. This is why maritime organisations, classification societies and international administrations are setting standards to prevent the emergence and spread of cyber incidents. The risk assessment module of the MITIGATE system takes all these requirements into account

MITIGATE System

MITIGATE offers a dynamic risk management system for all actors of the maritime supply chain to protect it from cyber-criminal activities.

The first ENISA (European Union Agency for Network and Information Security) report on cyber maritime security (2011) concludes that awareness on cyber security needs in the maritime sector is currently low to non-existent and highlights the challenges of managing the inter-dependencies between information and communication technology (ICT) systems and other port assets.

As a result, most of the actors involved in the maritime supply chain use varied and non-standard practices to guarantee the credibility and the effectiveness of the full system development life cycle including design/development, acquisition of custom or commercial off-the-shelf products, delivery, integration, operations, and disposal/retirement.

The acronym MITIGATE stands for Multidimensional, integrated, risk assessment framework and dynamic, collaborative Risk Management tools for critical information infrastructures.

The existing risk management approaches are not appropriate for dealing with the distributed and interconnected nature of the dynamic information and communication technology based maritime supply chains. A first non-representative inquiry within the MITIGATE project revealed that almost two out of three of the interviewed persons have not yet undertaken risk assessments of their own IT-Infrastructure.

They stated that the most important IT-Cyber Assets are the internal computer networks (among 50 to 60%), databases and operative applications (in each case 65 to 75%). To close this gap, MITIGATE aims to develop an effective, collaborative, standards-based Risk Management system for port’s Critical Information Infrastructures (CIIs). The system will consider all threats arising from the global supply chain, including threats associated with port CIIs interdependencies and associated cascading effects.

Project timeframe

The project ran from 1 September 2015 to 28 February 2018.

This is a collaborative research project co-funded by the European Commissions under its biggest Research and Innovation program Horizon 2020.

The total funding was €3.1m and the budget €3.6m

Blue EU flag with circle of yellow stars

This project has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement number 653212.

Picture of the earth with curved horizon and light rising about it with HORIZON 2020 above.

Project aims

Integration of a novel risk management system

Despite the importance of CIIs and dynamic information and communication technology (ICT)-based maritime supply chains (SCs) for port operations, state-of-the-art RM methodologies for maritime environments pay limited attention to cyber-security and do not adequately address security processes for international SCs.

Motivated by these limitations, MITIGATE will introduce, integrate, validate and commercialise a novel RM system, which will empower stakeholders’ collaboration for the identification, assessment and mitigation of risks associated with cybersecurity assets and SC processes. This collaborative system will boost transparency in risk handling, while enabling the generation of unique evidence about risk assessment and mitigation. At the heart of the RM system will be an open simulation environment enabling stakeholders to simulate risks and evaluate risk mitigation actions. This environment will allow users to model, design, execute and analyse attack-oriented simulations.

Project findings and impact

The project partners have created a software environment in which companies in the maritime supply chain can carry out a self-test of the hardware and software assets they use. This solution provides all companies and organisations in the maritime supply chain an easy-to-use, and, at the same time, effective risk management system that enables them to achieve timely detection of cyber threats.

MITIGATE introduced, integrated and validated a novel dynamic risk management framework, which significantly enhanced state-of-the-art approaches (at national and international level) in the direction of addressing maritime supply chain security processes and their cascading effects.

Build on a collaborative evidence based approach

MITIGATE was built on a collaborative evidence based approach, which facilitated the production of simulated scenarios and security assurance models. The latter enabled the credible estimation of risk factors and their inherent risk, as well as threats, vulnerability and controlled risks, thereby enabling the calculation of residual risk. The later reflected the risk factors following the applications of contingency measures indicated as part of conventional sector specific and national approaches.

Implementation and validation

MITIGATE was implemented and validated in the scope of port security and associated maritime contexts. The validation has had a transnational character and directly involved five prominent EU ports, thereby boosting the harmonisation of national approaches to the security of maritime supply chains. The project also produced a range of best practices and guidelines for the adaptation of the approach in other contexts and critical infrastructures.

Inclusion of governance toolkit

MITIGATE includes a governance toolkit, which deals with the adaptation of the project’s system across different ports and maritime settings. As part of this toolkit, the project considers the implication of legislation in the modelling, assessment and evaluation of risks. Note also that MITIGATE will empower collaborative, evidence-based and iterative risk assessment processes, during which stakeholders will be able to identify gaps and challenges associated with the applicable legal frameworks.

The identification of these gaps could later lead to suggested changes in the legal framework, which is also reflected in the best practices and guidelines to be produced in the project and contributed to the NIS public-private platform. Note that the MITIGATE pilots across five EU ports has facilitated the identification of legal gaps for security in maritime supply chains, as well as their remedy.

MITIGATE at national and European events

The MITIGATE tool was presented at international fairs, scientific conferences, workshops and numerous other technical and business meetings. These included the transport logistics 2017 in Munch, the ARES-Conference 2017 in Reggio Calabria and at the Security and Safety at the EU ports 2018 Conference in Piraeus.

Picture of a lighthouse with MITIGATE written below.

Download our pdf, MITIGATE Project Results 2018.

Research team

Professor Haris Mouratidis

Dr Evangelos Rekleitis

Dr Michalis Pavlidis

Output

Download the MITIGATE final results brochure

Partners

The Mitigate consortium comprises 12 partners with scientific and industrial background from Austria, Germany, Great Britain, Greece, Italy, Romania and Spain. The project is coordinated by Fraunhofer CML. The technical coordination is done by the University of Pireaus, Research Center.