The maritime sector is critical in terms of economic activities and commercial impact not only for the European society but more importantly for the Mediterranean EU Member States, especially under the current economic turmoil. Commercial ports are the main gateways and face increased requirements, responsibilities and needs in view of a secure and sustainable maritime digital environment. Therefore, they have to rely on complicated and advanced facilities, ICT infrastructure and trustworthy e-maritime services in order to optimize their operations. Commercial Ports are characterized by a dual "cyber"/"physical" attribute: their physical attributes are related with the port infrastructure (including facilities, buildings, platforms, gates, marinas, data centers) while their cyber attributes are related to their ICT Systems (including networks, ICT hardware equipment, Port Community Systems, services, data, users, procedures, access control/ authentication of users and cargo). Existing maritime security standards concentrate on the protection of the physical nature (safety) of the ports ignoring their cyber-nature, leaving the ports unprotected.
CYSM aims at alleviating this gap on the basis of a holistic approach that addresses the security of the dual nature of ports' Critical Information Infrastructures (CIIs). In particular, CYSM will provide a targeted risk management methodology (CYSM-RM) that relies on modeling and group decision making techniques using the collective knowledge of all users, estimating and rolling up risks (physical and cyber) across diverse target types, attack modes, and geographic levels. The CYSM-RM will be implemented through a collaborative security management system (CYSM system) enabling ports' operators to: (a) model physical and cyber assets and interdependencies; (b) analyze and manage internal/external/interdependent physical and cyber threats/vulnerabilities; and (c) evaluate/manage physical and cyber risks against the requirements specified in the ISPS Code and ISO27001. The CYSM system will be validated by four main Mediterranean ports, Port of Valencia, Piraeus Port Authority, Port of Carrara and Port-of-Mykonos.
In this context, CYSM contributes to the enhancement of the collaboration between European port stakeholders towards a practical, user-friendly and harmonized approach to security management of the physical and cyber nature of the ports' CIIs.