The Challenge
The traditional security controls and security assurance arguments are becoming increasingly inefficient in supporting the emerging needs and applications of the multimodal transport systems, allowing threats and security incidents to disturb all dimensions of transportation. Therefore, the enormous potential of the multimodal ecosystem, namely a more efficient transportation, which lies on the extent to which it globally remains cyber-secure, is becoming vulnerable.
The Proposed Solution
CitySCAPE puts the multi-modal transport ecosystem under the microscope while also considering its interplay with related critical NIS Directive sectors (energy, banking). It introduces innovative risk analysis techniques and orchestrates a number of software solutions to realize an interoperable toolkit that seamlessly integrates to any multimodal transport system. It allows the collaborative analysis of security/privacy persistent threats, forecasts cyber-security incidents, counteracts at highly-possible cyber-attack entry-points, assesses the impact in both technical and financial terms and finally, provides informative notifications to CERT/CSIRT. The proposed solution will be validated in regional-level pilots (in Tallinn, Estonia and Genoa, Italy) over a timely set of use-cases carefully selected by the end-users (i.e., transport operators). The findings will steer training sessions of expert/non-expert audience and shape the standardization contribution to security (labelling) protocols.
Objectives
- Enhance cybersecurity technologies in the multimodal passenger transportation ecosystem at city-level addressing users and data privacy concerns.
- Introduce risk analysis tools to identify threats and their propagation mechanism focusing on transport/digital infrastructure but also relevant in other NIS Directive critical sectors and assess the impact of a potential cyber-attack.
- Improve the proactive approach of handling cybersecurity challenges and actively contribute to the predictability of threats in (regional) multimodal transport systems
- Enhance end-user engagement towards the definition and provision of multimodal passenger transport requirements about digital security, privacy and personal data protection.
- Further strengthen the role of CERTs/CSIRTs by providing them with direct/real-time informative notifications about observed cybersecurity incidents and facilitate the collaborative investigation of incidents in line with the NIS Directive.
- Significantly contribute to multimodal transport standards and gain experimental evidence on the feasibility of security labelling in city-level multimodal transport.
- Showcase and validate the CitySCAPE solution efficiency in large scale pilot demonstrators involving all relevant entities and digital infrastructure of transport providers, under use cases of interest
- Analyse and outreach the multimodal transport security market to maximize the CitySCAPE footprint and exploitation.
Expected Impact
- CitySCAPE will offer the concrete technical basis for a unique opportunity of an efficient collaborative threat investigation among a broad set of CERTs/CSIRTs by introducing a platform capable of sharing information coming from different sources and therefore achieve the maximization of the CSIRT network added value; this helps realize the NIS Directive benefits and caters for future relevant legislation.
- CitySCAPE toolkit capabilities, relying on solid risk-analysis theoretical work and innovative online platforms for CSIRT collaborative incident investigation, will allow an accurate identification of so-far under-explored/hidden privacy risks serving the in-depth application of privacy-by-default principle and GDPR regulation in all city-level transportation stakeholders.
- With broad applicability over the whole spectrum of city-level transport cybersecurity challenges, CitySCAPE will introduce and validate an agile concept of a standalone interoperable solution to manage current cybersecurity/privacy risks across complex interconnected infrastructures, envisioning the concept’s broad adoption in the design of cybersecurity solutions, even beyond the city-level transport domain.
- A prominent CitySCAPE output will relate to the estimation of the cyber-attack impact on both technology and financial terms (of tangible/’non-tangible’ assets) that will drive a cost-benefit analysis on potential further investments to cybersecurity and privacy countermeasures; transport providers can take informed decisions and better protect their infrastructure and reputation due to CitySCAPE
- The CitySCAPE toolkit, backed-up by a solid vulnerability analysis, will be enabled to identify and track the potential path of a cyber-attack across the whole multimodal transport chain showcasing how a cyber-attack may unexpectedly affect modules that are not directly connected to its entry point; awareness of transport providers will therefore be raised.
- Beyond typical information sharing, the CitySCAPE capability of collaborative threat investigation will immediately strengthen the CERTs/CSIRTs link to the transportation stakeholders while the CitySCAPE dedicated security assurance framework will gradually reinforce trust links between transport actors.
- CitySCAPE will promote best practices in cybersecurity management solutions to the multimodal transport community and through training of security experts will seek to communicate their value and thus, increase their acceptance; similar messages will be transmitted to (public) transport authorities to shape security governance of transport organizations.
- CitySCAPE will leverage the standardization contributions and its training sessions as effective means to leverage the fast adoption of the cybersecurity and privacy best practises in the transport domain.
- CitySCAPE standardization will fill the gap in security labelling showcasing the solid basis of a mature EU market and rendering the compliance to standards a clear (future) path for commercial growth.