The CYRENE demonstration event for the first pilot was on 10 February 2023. The scenario defined for this pilot is based on the port of Valencia processes, so the event was held in the port. In addition, it was broadcast online.
Virtual attendance to the pilot was possible through an online tool, to which port interested stakeholders and external people were able to connect using Teams. The recorded event can be found here.
The event started with a short overview of the CYRENE project and the CYRENE architecture description, for attendees who did not know the project. Then, the pilot scenario and infrastructure were presented, in order to easily understand the live demonstration (the scenario is explained in detail in the following sections). Finally, we performed the pilot execution and a fruitful Q&A session.
During the Q&A session and after the event, all the observers attending the pilot were asked to complete a questionnaire in which they identified the most interesting advantages of the CYRENE results and their user experience. The result of this questionnaire will be included in D6.3.
During the promotion of the event, there were 30 registered stakeholders. Finally, 17 participants attended the demonstration in their presence, and the other 16 were connected online.
Watch the Valencia Pilot Event on YouTube
The Pilot Demo Scenario
The Port pilot scenario is focused on the maritime transport processes that support the Vehicle Transport Service (VTS) from Italy to Spain. In the Port pilot, the port of Valencia is the entity that seeks an assessment of the ICT processes and ICT assets of the VTS. In this context, the port of Valencia is designated by all VTS business partners via a Security Declaration and application Statement (SDA) to act as the administrator of the VTS and have full access to all the information provided in the CYRENE platform that concerns the SCS environment placing the role of the Supply Chain Service Provider (SCS-P), according to the CYRENE RCA methodology.
The scenario that was demonstrated during the Port pilot is based on SCS processes operated by the Port Community System (PCS) of the port of Valencia, which is used to exchange information among different SCS involved in the VTS port call requests.
Based on the pilot architecture, the scenario was defined to demonstrate the CYRENE main results including the platform and the RCA methodology. The scenario is the following:
An attacker aims to access the PCS server, a critical SCS asset that participates in the port calls-related supply chain service process of the VTS in order to shut down the port service and disrupt the port calls service.
- The credentials of a PCS technician are published on the Dark Web, and it is available to the attackers
- CYRENE platform detects the credentials publication through the Deep and Dark Web Crawler & Data Mining Service
- The attacker uses the credentials to access the PCS server
- An IP rule in Intrusion Detection System (IDS) detects the access
- The security staff analyses the vulnerabilities in their systems through the CYRENE’s Dynamic Vulnerability Assessment and Testing System (DVATS)
- The attacker stops the docker service to disrupt the port calls services
- The service downtime is detected by EVERES which supports the CYRENE’s Data Protection and Management Layer
- The VTS-P uses the CYRENE platform to conduct Risk Assessment on the SCS assets involved in the VTS process and requests from the Customs user, Terminal Operator, and Ship Agent (who interact with the compromised PCS asset for the VTS process execution) to participate in the risk and conformity assessment procedures, in order to review and explore the security of their cyber-dependent assets (presented above)
Feel free to provide your feedback by filing the questionnaire :
Stay tuned for our next live pilot demo event on June.
Project Coordinator: Sofoklis Efremidis
Institution: Maggioli SPA
Duration: 36 months
Participating organisations: 14
Number of countries: 10
This project has received funding from the European Union’s Horizon 2020 Research and Innovation program under grant agreement No 952690. The website reflects only the view of the author(s) and the Commission is not responsible for any use that may be made of the information it contains.