How port security has to evolve to address the cyber-physical security threat: Lessons from the SAURON project
Free (open access)
Volume 4 (2020), Issue 1
29 - 41
N.P.H. Adams, R.J. Chisnall, C. Pickering & S. Schauer
Ports are organisationally complex critical infrastructures that have to deliver reliable movement of goods and the safe transport of people. The EU is concerned that there is an increasing number of cases where ports have been subject to combined attacks on their IT and physical infrastructure for criminal gain or other malign purposes. The European Commission has funded the SAURON project (Scalable multidimensionAl sitUation awaReness sOlution for protectiNg European Ports) to help protect European ports from a physical, cyber or a combined cyber-physical attack. The aim of this paper is to provide guidance on how port security needs to evolve to respond to the cyber-physical security threat, drawing on concepts developed in SAURON. This paper reviews the current port security approaches and the cyber-physical security threat and then assesses how new systems and technologies under development, including SAURON technologies, may help to reduce port vulnerabilities. For example, to detect combined attacks on port infrastructure in the physical and cyber domains and identify the cascading effects of an incident in both domains to enable effective countermeasures, the SAURON hybrid situational awareness tool incorporates inputs from the physical and cyber domains and analyses their interdependencies. The goal is that once a physical and/or cyber threat is detected, the potential consequences including cascading effects in both planes will be automatically shown to decision-makers in order to give them integrated situational awareness of what is happening and how the situation could evolve, thus supporting decision-making. The benefits of such approaches are described. Security technologies need to be complemented by effective security processes operated by personnel with appropriate training: the paper uses results of a table-top exercise supported by analysis of port user requirements to identify the importance of multidisciplinary training in combatting complex combined cyber-physical security threats.
port security, cyber security, physical security, cyber-physical security, situational awareness, training.