The main objective of the MEDUSA project is to design a methodology for analysing risks to critical infrastructure (CI), associated with the identification and assessment of the “cascading effects” on the supply chain in ports around the world. This project will assess how they affect the vulnerability of and threaten other sectors and infrastructure in terms of port security. In this context, the main role of EUROPHAR is to identify the specifications, needs and requirements of the different stakeholders that interact with ports, such as port authorities, operators, shipping companies, customs, ship owners, etc., in order to prevent any kind of risk and/or threat to ports as result of the interdependence CI and the interaction of different entities in the supply chain.
The MEDUSA project aims to address the abovementioned shortcoming regarding the failure to account for “cascading effects”. To that end, it introduces, specifies and validates multi-order dependency approaches to risk assessment, applying them in the scope of the risk assessment frameworks for port CI. MEDUSA thus opens new horizons in port protection, producing and sharing knowledge associated with identifying and assessing cascading effects on the supply chain in ports around the world. It is aimed not only at predicting possible problems, but also at minimizing the consequences of various different security incidents.
MEDUSA is motivated by the limitations of the risk assessment methodologies applied to port CI (as acknowledged in the first ENISA report on maritime cyber security). These limitations relate to the treatment of multi-order dependencies, including the dependencies that cross borders and into different infrastructure sectors.
Said methodologies do not adequately account for the cascading effects associated with a potential vulnerability, which limits the scope and effectiveness of the protection and resilience of CI in Europe.
Therefore, this gap must be addressed at European level, especially bearing in mind that MEDUSA tackles cross-border inter-sectoral scenarios that transcend national infrastructures and involve stakeholders from many different countries.
Centred around the topic of the cascading effects of threats to port infrastructure protection, the project has addressed the following issues:
- Modelling threats, external infrastructures and their interactions with port CI,
- Presentation of effective, high-performance algorithms for managing multi-order dependencies,
- Definition of multi-order dependency diagrams and game theory graphics in order to estimate the effect of a service interruption on port infrastructures,
- Drawing up best practices for integrating the approach into the most advanced risk-assessment methodologies,
- Validation of the approach in relation to pragmatic port protection scenarios with cascading effects.
To address these issues, the project has set the following objectives:
- Identify, document, and model the key dependencies of all the entities that interact with port CI.
- Create and validate effective algorithms to identify multi-order dependencies among port infrastructures, other CIs, and supply chain agents (e.g., in port operations).
- Specify, test and validate predictive mechanisms that enable an assessment of the potential impact of security incidents on port infrastructure, taking into account their various mutual dependencies. The mechanisms should account for the probability of the various incidents, as well as their impact on port CI.
- Provide tools and techniques to determine the critical path of interdependencies in the global supply chain.
- Provide an ICT tool to display the interdependencies, critical paths, criticality levels and probabilities on the basis of risk assessment techniques and mechanisms.
- Obtain, document and disseminate best practices, action plans and policy guidelines related to the mitigation of cascading effects on port security.