NATO Maritime Interdiction Operational Training Centre

Issue 14 1st Issue 2017 ISSN: 2242-441X nmiotc Maritime Interdiction Operations Journal TRAINING CENTRE TRAINING NATO MARITIME INTERDICTION OPERATIONAL MARITIME INTERDICTION NATO

1 NATO Maritime Interdiction Operational Training Centre

2nd Conference on Cyber Security

“Maritime Cyber Security and Cyber Defense: NATO-EU cooperation implementing the outcomeS of the Warsaw Summit. Recent international evolutions in the environment.” 21st to 22nd September 2017

2 C O N T E N T S nmiotc COMMANDANT'S EDITORIAL MARITIME INTERDICTION Editorial by Georgios Tsogkas OPERATIONS Commodore GRC (N) JOURNAL 4 Commadant NMIOTC

MARITIME SECURITY Director Commodore G. Tsogkas GRC (N) Operation Sea Guardian - The NATO Maritime Security Operation in the Mediiterranean Sea Commandant NMIOTC 6 by Captain Corrado Campana ITA (N)

Toward a Comprehensive Approach to Addressing. Transnational Executive Director Threats in the Mediterranean Captain C. Campana ITA (N) 8 by Mr Christopher Kremidas Director of Training Support

CYBER SECURITY Editor Maritime Cyberpower Projection Lt Commander G. Tzevelekis GRC (N) 15 by Mr Adrian Venables Head of Transformation Section

Layout Production ENERGY INFRASTRUCTURES SECURITY CPO E. Miskou GRC (N) Journal Assistant Editor

Holistic Protection of Critical Infrastructures. Resilience and protection of dependncies between Greek Critical Infrastructures. by George Stergiopoulos, Dimitris Gritzalis, Panayotis Kotzanikolaou, 29 Manos Margkos and Georgia Lykou

TECHNOLOGICAL ISSUES The views expressed in this Securing Maritime Logistics and Supply Chain : The Medusa and issue reflect the opinions of MITIGATE approaches. the authors, and do not nec- 42 by Dr. Spyridon Papastergiou and Associate Professor Nineta Polemi essarily represent NMIOTC's or NATO’s official positions.

HIGH VISIBILITY EVENTS All content is subject to Greek Copyright Legislation. Pictures used from the web VIP visitors to NMIOTC 49 are not subject to copyright restrictions. NMIOTC TRAINING You may send your comments to: tzevelekisg@nmiotc.nato.int 52 Photos from NMIOTC Training Activities

3 NMIOTC Commandant’s Editorial

The world continues to face a serious ance’s regional understanding and sit- It is anticipated that the Warsaw / Brus- threat from terrorism – a global threat uational awareness, its capabilities for sels Summit outcomes would call for that knows no border, nationality or re- expeditionary operations and its ability enhanced training opportunities along ligion. NATO Heads of State and Gov- to project stability in its neighborhood. with our partners providing security. ernment stated at Warsaw, “terrorism This is exactly why NMIOTC is more has risen to an unprecedented level of Maritime environment is character- relevant than ever. In its capacity as intensity, reaches into all Allied terri- ized by complexity and diversity. The a NETF, awarded by ACT with a Qual- tory and now represents an immediate oceans are an increasingly accessible ity Assurance Accreditation, focused and direct threat to our nations and the environment for transnational criminal on the maritime environment, offers international community”. and terrorist activities. Disruption of education and training opportunities to international maritime transportation Allies and Partners. NATO is as essential as ever. At this and distribution networks would un- pivotal time, the Alliance is strong dermine equally the industrial produc- With Operation Sea Guardian and EU and continues to adapt. This was the tion and the flow of energy sources, Operation Sophia under which the de- core of NATO’s Summit in Brussels in thus it will have a significant impact in mand for training of the Lybian authori- late May. NATO’s Framework for the our security and at the welfare of our ties is increasing, the emphasis on South focuses on improving the Alli- populations. partner capacity building and the es-

4 tablishment of the Hub for the South at closer co-operation with international As a conclusion, I would like to an- JFC Naples, the request for NMIOTC stakeholders to address the secu- nounce with great pleasure, the 2nd expertise and services to serve as the rity challenges. Adrian Venables, PhD NMIOTC Cyber Conference which will Trainer for the Hub in the South at both Student at Lancaster University and be held at our premises (Souda Bay JFC Naples and MARCOM disposal, Commander UK RN (reserve), on his – Crete) from 21st to 22nd September can only grow. article “Maritime Cyberpower Projec- 2017, with theme “Maritime Cyber Se- tion” investigates the unexplored area curity and Cyber Defense: NATO-EU Having said that and referring to this of how cyberspace can be used to cooperation implementing the out- journal, I wish to draw your attention influence a target population. Senior come of the NATO Warsaw Summit. to the fact that it presents articles fo- Researcher George Stergiopoulos Recent international evolutions in the cused on current and future challeng- and Professor Dimitris Gritzalis, deals environment”. es to maritime security. In particular; with the “Holistic Protection of Critical Infrastructure” a subject of high impor- Given the opportunity, please mark In the lead article, Mr. Christopher tance for the welfare of each country. your calendars for the 9th NMIOTC Kremidas US European Command Finally, Dr Spyridon Papastergiou and Annual Conference from 5th to 7th Liaison to NATO and EU, on his pa- Associate Professor Nineta Polemi, at June 2018 with the main topic to de per “Toward a Comprehensive Ap- their paper explore the risks and vul- determined and announced in due proach to Addressing – Transnational nerabilities of the Maritime Logistics time. Threats in the Mediterranean” draws and Supply Chain presenting two Eu- upon building a comprehensive ap- ropean research projects. proach culture within NATO, enabling

Georgios Tsogkas Commodore GRC (N) Commadant NMIOTC

5 MARITIME SECURITY

Operation Sea Guardian The NATO Maritime Security Operation in the Mediterranean Sea by Corrado Campana Captain ITA (N)

The NATO Operation Sea Guardian Operation Sea Guardian (OSG) controlling and boarding merchant vessels started in November 2016 as a result of stitutes the first actual activation of in the Mediterranean for more than a the July 2016 Warsaw Summit, during one of the tasks assigned to NATO’s decade, has provided the Alliance with which the Alliance decided to launch maritime forces by the Alliance Mari- a strong expertise in the deterrence a new maritime security mission in time Strategy (AMS) of March 2011, and prevention of maritime terrorist the Mediterranean Sea. As reported the Maritime Security Operations, and and criminal activities, and this profi- in the Warsaw Summit Communiqué: directly derives from its predecessor ciency is exploited by OSG as it con- “We have transitioned Operation Ac- Operation Active Endeavour (OAE), tinues with the efforts of OAE, but with tive Endeavour, our Article 5 maritime which was launched after the events a significantly broader scope. operation in the Mediterranean, which of September 11 with the purpose to As mentioned in the “Operation Sea has contributed to fight against terror- deter and disrupt terrorist activity in the Guardian Factsheet” of the Allied ism, to a non-Article 5 Maritime Secu- Mediterranean Sea. Maritime Command: “Operation Sea rity Operation, Operation Sea Guard- The broad and long-lasting experience Guardian is a standing Maritime Se- ian, able to perform the full range of gained by OAE, with NATO Standing curity Operation (MSO) aimed at work- Maritime Security Operation tasks, as Naval Forces ensuring presence, col- ing with Mediterranean stakeholders needed”. lecting information, monitoring, con- to deter and counter terrorism amd

6 MARITIME SECURITY

mitigate the risk of other threats to se- to the implementation of the arms em- allocated to OSG are separated by the curity”. In this context, the three main bargo in the high seas off the coast of assets (ships, submarines and mari- missions of OSG are to provide mari- Libya in accordance with the UNSCR time patrol aircrafts) that compose, on time situational awareness, to counter 2292 (2016). a rotational basis, the NATO Stand- terrorism and human trafficking, and The NATO involvement in tackling the ing Naval Forces. This characteristic to contribute to the regional capacity worst migration crisis since the Sec- allows OSG to keep the focus on its building, while additional tasks – such ond World War and, more in general, main tasks without being committed to as countering the proliferations of in securing the Mediterranean Sea, the responsibilities of the NATO Re- Weapons of Mass Destruction (WMD), can be considered as a remarkable sponse Force (NRF). ensuring the freedom of navigation accomplishment for the Alliance, as The launch of OSG represents the first and protection of maritime critical in- it demonstrates its willingness and real implementation of the NATO-EU frastructure – can be performed as readiness to take action to cope with Joint Declaration and, while accom- necessary. a challenge affecting the Allies, and plishing the task of crisis management Further to a Joint Declaration signed also because it proves the capability to in the Mediterranean Sea, it promotes by the NATO Secretary General, the make the Allied Maritime Strategy op- the dialogue in the region and im- President of European Council and the erational. Indeed, with the Operation proves the cooperative maritime se- President of European Commission in Sea Guardian in the Mediterranean curity ensuring presence and surveil- July 2016, OSG also cooperates with Sea NATO is not only implementing lance. the European Union Naval Force (EU- the AMS, but also – for the first time The efforts to address the migrants NAVFOR) MED Operation Sophia. In since its approval in 2011 – executing and arms smuggling, to fight the mari- the Joint Declaration, it was recog- the full spectrum of Maritime Security time terrorism and, in broader terms, nized that “a stronger NATO and a operations. to contribute to maritime security and stronger EU are mutually reinforcing”, Within the framework of the AMS, Op- stability in the Mediterranean Sea, are and with this in mind NATO contributes eration Sea Guardian is an updated performed by NATO in the full aware- to the activities of Operation Sophia in version of the precedent Operation ness that the security in Europe can the Mediterranean Sea with the provi- Active Endeavour, with a broader only be granted by ensuring stability in sion of information, surveillance and scope and mission, though a relevant this strategic Sea and in the region of logistic support, while also contributing change from OAE is that the resources Middle East and North Africa.

Captain Corrado Campana Attended the Italian Naval Academy from 1987 until 1991, when he was commissioned as Ensign. He has achieved the qualification in Naval Artillery and Missile Systems and the specialization in Naval Weapons Direction. He served onboard several Italian Navy ships such as the frigates Libeccio and Maestrale and the destroyers Ardito and Luigi Durand de la Penne, and was appointed as Commanding Officer of the auxiliary ship Ponza and of the frigate Granatiere. He served in international staffs such as the Force HQ of the Multinational Force and Observers (M.F.O.) in El-Gorah (Sinai, Egypt) as Naval Advisor, and the EU Naval Force OHQ in Northwood (UK) as ACOS CJ3 Operations within the anti-piracy Operation ATALANTA. He served in national staffs such as the Command in Chief of the Italian Fleet as Head of the Artillery and Missile Systems Section, the Command of Italian Maritime Forces in Taranto as ACOS N3 Operations and at the Italian Joint Operations HQ in Rome, as Head of Maritime Operations Section (J3). He attended the Italian Joint War College and the Course in International Humanitarian Law at the Centre for Defence High Studies in Rome and also served as Tutor for the attendees. Captain Campana has achieved the Degree in Maritime and Naval Science at the University of Pisa, the Degree in Political Science at the University of Trieste, and the Master in International and Military-strategic Studies at the L.U.I.S.S. University “Guido Carli” in Rome. Since the 1st August 2013 he is appointed at the NATO Maritime Interdiction Operational Training Centre in Souda Bay, Crete, Greece as Director of the Training Support and Transformation Directorate.

7 MARITIME SECURITY

Toward a Comprehensive Approach to Addressing Transnational Threats in the Mediterranean

by Mr. Christopher Kremidas US European Command Liaison to NATO and the EU

Abstract by the current security environment violence and humanitarian disasters include instability in fragile and fail- has led NATO to adopt the Compre- In recent years the challenges posed ing states and the resulting cycles of hensive Approach to improve coor-

8 MARITIME SECURITY

dination among international actors. a number of tasks required to bring ers endorsed an Action Plan for the At the same time, some of the most stability to a failed state while simul- development and implementation of prevalent challenges facing the Euro- taneously addressing the impact of NATO’s contribution to a Comprehen- Atlantic community today are transna- transnational threats, some of which sive Approach. tional threats such as organized crime, seek to take advantage of a vacuum At the Lisbon Summit in November terrorism, illicit trafficking in humans, in governance. 2010 and in its new Strategic Concept, drugs, and weapons and weapons, the Alliance “…decided to enhance cyber crime, and the possibly destabi- 2. The Comprehensive NATO’s contribution to a comprehen- lizing challenge of irregular migration. Approach sive approach to crisis management as Within this context, the Euro-Atlantic part of the international community’s community should take a more proac- The Comprehensive Approach (CA) effort and to improve NATO’s ability tive approach to employing the Com- is a way to achieve a common un- to deliver stabilization and reconstruc- prehensive Approach, starting with derstanding and approach among all tion effects”. To support this decision, addressing transnational threats in actors of the International Community NATO agreed to form a modest civilian the Mediterranean before they reach through the coordination and de‐con- capability to interface more effectively the crisis stage. At the same time, fliction of political, development and with other actors and conduct appro- building a Comprehensive Approach security efforts in solving an interna- priate planning in crisis management. culture within NATO and in conjunc- tional crisis. The effective implementation of a tion with other international actors will The requirement to work with partners comprehensive approach requires all help to transform its relationships with and the nature of these new chal- actors to work together with a shared the and enable closer cooperation and lenges have made operations increas- sense of responsibility and openness, collaboration in addressing common ingly complex, requiring a closer level taking into account and respecting security challenges. of coordination and collaboration. On each other’s strengths, mandates and the ground, partners generally find a roles, not to mention their decision- 1. Introduction way to work together successfully but making autonomy. In other words, the at the operational and strategic levels, Comprehensive Approach is not hier- In recent years the challenges posed coordination has been characterized archical but rather it is a collaborative by the current security environment by a lack of understanding and insuf- effort among equals. include instability in fragile and fail- ficient awareness and coordination of NATO’s experience from operations, ing states and the resulting cycles of each other’s planning. A strategic and including Afghanistan and in address- violence and humanitarian disasters. operational level process was needed ing piracy, has demonstrated that More recently, we have also seen the to build coherency and the answer has managing complex conflicts and cri- impact of spillover from these fragile been the Comprehensive Approach, ses requires a wide range of internal and failing states. In some cases, which focuses on building a shared and external actors, including govern- these effects have been serious understanding of the problem, devel- ments, civil society, the private sector enough to impact and endanger previ- oping a shared overarching vision of and international agencies, to work to- ously stable states. At the same time, the solution and facilitating coordina- gether in a coherent and coordinated some of the most prevalent challenges tion of effort while respecting the in- effort. In a Comprehensive Approach, facing the Euro-Atlantic community to- dividual mandates of multiple entities. the military can provide a secure space day are transnational threats such as NATO heads of state and government to enable other actors to address im- organized crime, terrorism, illicit traf- recognized the need for a Compre- mediate humanitarian needs and the ficking in humans, drugs, and weap- hensive Approach when it tasked the root causes of the problems. ons and weapons, cyber crime, and North Atlantic Council to develop prag- Given the requirement to include civil the possibly destabilizing challenge of matic proposals for it during the Riga society, nongovernmental organiza- irregular migration. Summit in November 2006. In 2008, tions (NGO), and private enterprise In some cases, we can be dealing with at the Bucharest Summit, Allied lead- - no single organization or nation can

9 MARITIME SECURITY

conduct an effective Comprehensive 3.1 Since 2014, Russia’s use of and continuity of governance in the Approach by itself. This large number broad-spectrum tactics to splinter Eu- face of hybrid threats. At the same of actors and the complexity involved rope’s ability for collective action has time, both documents call for greater in coordinating actions are particularly been given a name; hybrid warfare. NATO-EU cooperation in addressing challenging from the perspective of the The concept of hybrid warfare is the hybrid threats and the staffs of both Comprehensive Approach (CA). Ac- mix of conventional and unconven- organizations have worked together to tors can vary from local governmental tional, military and non-military, overt agree upon a number of areas where officials and parties in the conflict to and covert actions employed in a co- they can focus their cooperative ef- private sector entities and local NGOs. ordinated manner to achieve specific forts. The variety of international actors in- objectives while remaining below the 3.5 As we can see, both NATO and cludes other international organiza- threshold of a formally declared war- the EU are proactively applying some tions and NGOs, humanitarian actors, fare. (but not all) of the principles of the donor governments and representa- 3.2 Hybrid Warfare targets critical Comprehensive Approach as they ad- tives of the private sector. vulnerabilities and seeks to create dress the challenges of hybrid warfare. The risk of not working together ambiguity in order to hinder swift and But even this method is not sufficient through a Comprehensive Approach is effective decision-making. There are in dealing with the broader challenge to have our efforts result in fragment- a wide range of measures applied as of transnational threats on NATO’s ed and inconsistent programs and part of a hybrid campaign; from cyber southern flank nor does it address root policies, which can duplicate efforts attacks on critical information sys- causes. Thus, the work that remains leading to inefficient spending and a tems, through the disruption of critical to be done is for the Comprehensive reduced capacity for delivering results. services, such as energy supplies or Approach to be applied to the chal- At the same time, a failure to work to- financial services, to undermining pub- lenge of Transnational Threats in the gether to address the often linked con- lic trust in government institutions or south, especially in the Mediterranean ditions of underlying causes can force exploiting social vulnerabilities. While Region. us to start over again and again, much the concept of hybrid warfare is not like Sisyphus endlessly trying to push new, its application by Russia, and to a 4. Transnational Threats: A the rock up the hill. lesser extent by Daesh, against NATO Challenge to Governance member states’ interests has present- 3. Toward a Proactive Appli- ed a new challenge to the Alliance. Transnational threats are commonly cation of The Comprehensive 3.3 In response, NATO finds itself at defined as threats such as organized Approach a transformative juncture once again. crime; terrorism, illicit trafficking in Post-2014 NATO has adopted the humans, drugs, and weapons, cyber Since its inception, the Comprehen- Readiness Action Plan (RAP) as a crime, and the destabilizing challenge sive Approach has been applied in means of responding rapidly to new of irregular migration. In the Mediter- the aftermath of emergency situations threats as they present themselves ranean, this broad group of threats can where international actors found them- along the eastern and southern flanks. also take the form of proliferation of selves thrust together by necessity – in 3.4 More recently, NATO adopted a weapons of mass destruction (WMD), other words, we’ve used it only when Hybrid Warfare Strategy in December cyber attacks targeting the commercial reacting to security challenges. Given 2015 and the European Union adopt- shipping and port security sector, nat- the two main challenges facing the ed its Joint Framework for Addressing ural and manmade disasters, illegal, alliance today: hybrid warfare threats Hybrid Threats in April 2016. Both irregular and unreported (IUU) fish- from the east and transnational threats documents speak to taking a proac- ing and environmental pollution. The from the south, a more proactive ap- tive “whole-of-government” approach three aspects most discussed current- plication of the Comprehensive Ap- in conjunction with a variety of actors ly are transnational organized crime, proach is urgently needed. in order to improve resiliency, security, terrorism, and irregular migration.

10 MARITIME SECURITY

4.1 Transnational organized crime re- nate their activities. In addition and been to erect stronger immigration fers to self-sustaining groups that oper- unlike organized crime groups, ter- barriers that affect both regular and ir- ate transnationally to obtain power, in- rorists also require sophisticated stra- regular migrants as well as refugees. fluence, and commercial gains, wholly tegic communications capacities in These policies have a number of un- or in part by illegal means. They also order to gain the maximum impact for intended consequences such as in- protect their activities through corrup- their actions. creasing illicit entries, causing them to tion and/or violence, while exploiting Terrorists also present a challenge attempt riskier methods to gain entry, and creating gaps and seams in the to governance in that they stress the and fostering the growth of sophisti- framework of transnational commerce, system to respond which can lead to cated criminal trafficking networks. communications, and financial mecha- harsh measures, disrupted economic At the same time, irregular migration is nisms. activity and reduced freedom of move- seen as more than just a humanitarian Increasingly, their illicit activities ment for citizens – all of which can concern. One danger is the potential across borders and communities not drive a wedge between the people and of terrorists exploiting illicit crossings only adversely impact security and their government. to facilitate their operational aims. economic health but also contribute to 4.3 Irregular migration is a complex Two possible forms come to mind: an illicit underworld operated by pow- erful criminal networks that can present a challenge to governance. These illicit criminal organizations pose an immediate threat to public trust and weaken governance since unlike legitimate business, they require a system of impunity that gives them the freedom of action to conduct their illicit activities. In building, maintaining, and growing this system of impunity they corrupt government officials, computer systems, financial institutions, and deny governments the ability to maintain their sovereign borders and exclusive economic zones. This in turn weakens their ability to collect taxes and customs fees to fund their government’s activities. problem because it presents a wide using migrants as a cover to secretly It is important to note the challenge to variety of human security, law enforce- enter Europe and taxing smugglers to governance is not just a threat to trou- ment, development, and governance access departure points under militant bled states but to our own as well. As challenges in dealing not just with the control as a means of raising money. criminal networks’ influence spreads symptoms but also the root causes. outward, it brings corruption with it – This issue can also be a sensitive 5. Applying the Comprehen- even into currently well-governed na- problem internally when absorbing sive Approach to addressing tions. large irregular migrant flows. Transnational Threats in the 4.2 Terrorists require and use the In many cases, these arrivals are Mediterranean same financial and transportation viewed as unwelcome and a potential pathways and system of impunity to threat to national identity, unity, and So, what would a Comprehensive Ap- move people, weapons, and coordi- stability. The typical response has proach in the Mediterranean look like?

11 MARITIME SECURITY

In order to know for certain, it would sive Approach in action. obligations and security constraints. require the actors to come together In this case, it is necessary to move Despite this seemingly large number to work through the stages of con- from a culture of “need to know” to one of obstacles to closer cooperation, ap- ducting a common assessment of the of the “duty to share “ information. This plying the Comprehensive Approach challenges, developing common ap- is the most effective way to build trust, to addressing transnational threats proaches to address them, and plan- enable coordinated action, ensure true can show us the areas where we can ning for coordinated actions among interagency cooperation, and facilitate work together to achieve our common nations and organizations. Until then, the production of common threat as- goal of security and stability in the there are some indications of what sessments. Mediterranean. their results may look like. While information sharing is gener- “Don’t Let What You Cannot Do Inter- In the last few years of facilitating in- ally viewed as essential in dealing with fere With What You Can Do” ~ John ternational discussions among law maritime threats, instituting a robust Wooden enforcement, diplomatic, military, intel- information fusion capability encom- ligence, and humanitarian actors on passing military, law enforcement, 6. Potential Areas For Fur- how to collectively address transna- and commercial sources can be a real ther Exploration tional threats in the Mediterranean, a challenge, few common themes emerge. This is due to the number of laws and 6.1 Situational awareness: Seeking 5.1 First, is the need for complemen- agencies involved and the reality that shared awareness and developing tarity, coordination and collaboration. many agencies are reluctant to re- a common understanding of evolv- Unilateral and/or partial responses lease real-time actionable information. ing threats through a continuous ex- are recognized not only as limited Often this stems from the inherent cul- change of information among actors in and short sighted but also as leading tural tension between entities involved the Mediterranean region. The Infor- to secondary effects which expose in interdiction (with a bias for immedi- mation Fusion Centre (IFC) in Singa- neighboring governments to a new ate action) and those responsible for pore is a good model for a non-hierar- array of challenges to their national investigations (whose concern is to chical multinational maritime security security. collect and protect evidence on an information fusion capability. Through 5.2 Secondly, it is general recognized entire network for successful criminal the timely sharing of information, it fa- that most all of the transnational threats prosecutions). cilitates timely and effective responses in the Mediterranean are of a law en- 5.4 Finally, reducing the tension be- from partners through linkages to 65 forcement nature and thought must be tween security concerns and human agencies in 35 countries, and with 16 given to how military capabilities can rights in this context is an area where International Liaison Officers (ILOs) support and amplify law enforcement the Comprehensive Approach can from 15 countries. The IFC also con- efforts while not crossing any legal help us to find common ground. In ducts capacity-building activities such boundaries which may prohibit military this case, a Comprehensive Approach as international information-sharing forces from directly conducting law could include contributions from ex- exercises and workshops, for exam- enforcement activities. Finding ways perts in Law of the Sea, maritime se- ple, the biennial Maritime Information to achieve this is necessary because curity, migration and refugee studies, Sharing Exercise (MARISX). no government can afford to purchase and human rights, to address the po- 6.2 Planning and Conduct of Op- these same capabilities twice. sition of migrants and refugees from erations: Enhance integrated civilian- 5.3 Thirdly, because of the large num- an integrated perspective. Through military-law enforcement planning ber of security-related agencies from the inclusion of these perspectives, throughout the planning process and more than a dozen countries operating we can develop an approach on how in operations in adjacent waters. in the Mediterranean, rapid and com- to respond to differing needs and legal FRONTEX’s European Patrols Net- prehensive information dissemination entitlements of migrants and refugees work (EPN) is an excellent example is necessary to enable a Comprehen- and how to reconcile them with State of how to accomplish this among sev-

12 MARITIME SECURITY

eral nations, ministries, and agencies. ber incident prevention, prediction, ing Group of regional actors must be The EPN is a permanent regional bor- detection, and response. The NATO convened at once to apply the process der security concept that enables the Cooperative Cyber Defence Centre of to the problem of both Transnational synchronization of national measures Excellence in Estonia can serve an im- Threats and threats from state actors of EU Member States and their inte- portant role in bridging the civ-mil gap in the Mediterranean Region. This gration to joint European activities. It in cyber security. group can provide a holistic assess- is based on Member States´ existing ment of the issues and make recom- activities and on strengthening of co- 7. Summary and Recommen- mendations for a common approach operation and coordination at national dations and enable the Alliance to develop and EU levels. its own strategy in concert with other 6.3 Lessons Learned, Training, and The Comprehensive Approach is now regional and international actors. A Exercises: Commonly collect and a recognized method to achieve a similar effort for the Black Sea region share lessons learned and best prac- common understanding and approach should also be considered. tices from putting the Comprehensive among various actors of the interna- 7.2 A More Proactive Use of the Com- Approach into action in the maritime tional community through the coordi- prehensive Approach. When major environment and incorporate them into nation and de‐confliction of political, international challenges arise, rather training and exercises. At the same development and security efforts in than waiting until the crisis stage is time, invite other actors to participate solving an international crisis. reached, a Comprehensive in exercises and training to strengthen Currently, both NATO and the EU Approach Working Group should be cooperation and mutual trust. With its are applying some principles of the convened at the problem recognition experience and connections to a wide Comprehensive Approach in their stage to provide a holistic assessment variety of maritime experts and actors, strategies to address the challenges of the issues and make recommenda- especially from years of addressing of hybrid warfare. But even this ap- tions for a common approach among counter-piracy and its more recent proach is not sufficient in dealing with regional and international actors. This emphasis on transnational threats, the broader challenge of transnational would also allow for the NATO Secre- the NATO Maritime Interdiction Op- threats on NATO’s southern flank tary General to provide a more com- erations Training Center (NMIOTC) since it does not address root causes prehensive strategic assessment to is uniquely suited to serve as a focal nor include the collaboration of a num- better frame the issues for SACEUR point for the Comprehensive Approach ber of entities to include private enter- when asking for military options and in the maritime environment. prise, NGOs, and civil society. advice to be provided to the North At- 6.4 Strategic Communications: Where Taking into account the increasing lantic Council. possible, share information strategies recognition of the Comprehensive 7.3 Build a Comprehensive Ap- and campaigns regularly to ensure Approach as an essential process to proach Culture. Sponsor and host complementarity and mutual reinforce- improving coordination among various Comprehensive Approach Awareness ment with other involved international actors in solving major security chal- Seminars at headquarters throughout organizations and local actors. lenges, the following recommenda- the NATO Command Structure and 6.5 Cyber Defense: Seek to build tions are offered. Centers of Excellence to engage and shared threat awareness and mutu- 7.1 A Comprehensive Approach for build habitual relationships with re- ally supportive improvements to resist the Mediterranean. On NATO’s south- gional actors to enable the Alliance to cyber attack. Enhance cyber informa- ern flank and in particular the Medi- enhance its readiness to put the Com- tion sharing of best practices at the terranean region, the Hybrid Warfare prehensive Approach into action at technical level – including on technical Strategy is insufficient to address the the strategic, operational, and tactical innovations, incident handling meth- variety of transnational threats since levels. This will enable a Comprehen- odologies, and secure configuration they are much broader in scope. Thus, sive Approach culture to take root at of networks in order to improve cy- a Comprehensive Approach Work- all levels within the Alliance and help

13 MARITIME SECURITY

to transform its relationships with other no longer seen just as a Civilian-Mili- resent the author’s personal opinion international actors. tary (CIMIC) or J9 function but rather and findings and not the official views 7.4 Move the Comprehensive Ap- one that is equally owned and sup- or policy of the United States govern- proach into the Mainstream. Finally, ported by operators, strategists, and ment. within NATO it is time to mainstream logisticians. the Comprehensive Approach so it is The views presented in this paper rep-

References European Commission (2016), Joint Framework on Countering Hybrid Threats. http://ec.europa.eu/DocsRoom/documents/16201 “Effective Cooperation: The Bedrock of Any Security Architecture” ADM (ret) P. Xinofotis, NMIOTC Journal, July 2013. http://www.nmiotc.nato.int/files/NMIOTCjournal7.pdf European Commission (2014). “Maritime Security Strategy”, http://ec.europa.eu/maritimeaffairs/policy/maritime-security/ index_en.htm Guptill, Murray “Sandy,” Course Designer, NATO Comprehensive Approach Awareness Seminar, Interviews Sept 2015-April 2016 NATO (2011), “Alliance Maritime Strategy”, http://www.nato.int/cps/en/natohq/official_texts_75615.htm NATO (2010), “NATO’s Strategic Concept 2010”, http://www.nato.int/nato_static_fl2014/assets/pdf/pdf_publica- tions/20120214_strategic-concept-2010-eng.pdf NATO Defense College (2011), NATO Comprehensive Approach Awareness Seminar, Course Guide

Christopher Kremidas Chris Kremidas currently serves as Liaison to NATO and the EU for US European Command (EUCOM). His previous positions include service as Political Advisor to the Commander, NATO Training Mission – Iraq and Assistant Political Advisor to Commander, Joint Forces Command Naples. He has also served as Chief Strategist for US Joint Task Force North, Policy Planner at the US Delegation to NATO, and as Deputy Defense Policy Advisor for the US Mission to the European Union (EU). Previ- ously he served as Regional Cooperation Manager for the Mediterra- nean region at the EUCOM Joint Interagency Counter-Trafficking Cen- ter (JICTC). He earned a master’s degree with honors in Strategic Studies from the Swiss Federal Institute of Technology (ETH Zurich) and a Bachelor of Arts in Political Science from Ball State University. He is also a distin- guished honor graduate of the NATO Defense College and a veteran of Operation Iraqi Freedom. Mr. Kremidas is a recognized expert on the NATO Comprehensive Approach and has published several articles on it as well as serving as facilitator and course designer for NATO Comprehensive Ap- proach seminars throughout Europe. Chris Kremidas is also a sought-after expert on multinational maritime border security cooperation and has facilitated numerous dialogues on information sharing, coordinated responses, and addressing irregular migration.

14 CYBER SECURITY

Maritime Cyberpower Projection

by Adrian Venables, PhD Student at Lancaster University, UK and Commander UK Royal Naval Reserve [email protected]

Abstract ighting arms as demonstrated by the ronments in the projection of seapow- use of amphibious troops, maritime er. This paper examines the as yet un- UK military doctrine recognises five op- aviation and the use of satellite de- explored area of how cyberspace can erating environments, Maritime, Land, rived communications and intelligence be used as a mechanism by which the Air, Space and Cyberspace. These are illustrating how naval forces can utilise maritime environment can generate not regarded as totally separate warf- the distinctive attributes of other envi- cyberpower to influence a target popu-

15 CYBER SECURITY

lation afloat or ashore. The maritime present additional unique challenges air forces to embark on expeditionary and cyber environments have many of operating at sea or in coastal re- operations as part of a coordinated similar characteristics such as their de- gions. The link between the maritime strategy to achieve their government’s pendence on manufactured resources and cyber environments is a subject strategic objectives. The maritime op- to exploit their potential and that their that is poorly researched, yet the erating environment is described in UK size prevents them from being under two have many similarities and have Ministry of Defence (MoD) doctrine as the total control of a single power, but mutual dependencies in their use for providing critical access for joint as- that temporary regional control is vital trade, communication and the projec- sets allowing influence in support of for trade, communication or to achieve tion of national power. Current doc- political objectives, the conduct of a an effect on an adversary’s behaviour. trinal definitions are explained and wide range of maritime security and By examining the components of cy- the two environments are compared international engagement and when berspace that are dependent upon leading to the introduction of the new necessary, the means to assemble the maritime environment, methods terms of Maritime Cyberpower and and apply decisive combat power at to identify the components that can Cyber Seapower. This is followed by a time and place of political choice.2 project the new concepts of maritime an examination of the composition of The Doctrine highlights that maritime cyberpower and cyber seapower are maritime cyberspace and its charac- power is not an end in itself, but op- explored with particular emphasis on teristics to show how they contribute erates within a wider national security addressing the potential cyber vulner- to security and the influence of others framework and that the environment abilities of ship systems. through power projection. The paper comprises six dimensions; Physical, concludes with methods to identify the Economic, Political, Diplomatic, Legal, Introduction components of maritime cyberspace in and Military. These are noted as being order to project maritime cyberpower interrelated and of equal importance The maritime operating environment and cyber seapower with particular although the physical element pro- is one of five recognised by UK Min- emphasis on the need to address the vides the overarching context for all istry of Defence (MoD) doctrine, the potential cyber vulnerabilities of ship and highlights its uniqueness.3 others being Land, Air, Space and systems. Cyberspace. This paper describes the Cyberpower and the maritime relationship between the maritime and Defining the maritime envi- environment cyber environments and introduces ronment \ the concept of maritime cyberspace The UK Ministry of Defence defines in terms of cyberpower projection. At the heart of any definition of the maritime power as the ability to proj- The nature of maritime power is an maritime environment is an accep- ect power at sea and from the sea to important one for states that are either tance of its critical importance to global influence the behaviour of people or dependent on the seas for trade or trade, security and as a source of fuel the course of events. 4 As such, it is security or wish to have an influence and food. With the growth of globalisa- coherent with other more general de- in the areas surrounding their coasts. tion, climate change and over popula- scriptions of the concept of power and Drawing on UK maritime doctrine, the tion resulting in unsustainable regional to achieve this maritime forces have a concept of power at sea and from the pressure on natural resources, this role number of unique attributes that they sea in terms of control and denial is is not going to diminish in the foresee- can exploit such as Access, Mobility, explained in which free access to ar- able future. Indeed, it is predicted that Lift Capacity, Sustained Reach, Versa- eas of the oceans are required to be a high proportion of future conflicts will tility, Poise, Resilience and Leverage.5 maintained by nation states. Allied to occur in or adjacent to a zone of mari- Although cyberspace is viewed as a sea power is the issue of maritime time influence.1 From a military per- unique nvironment alongside land, security and its related tasks, which spective, the sea also provides access air, sea and space, these are not re- may include a cyber element that will for amphibious, land and embarked garded in isolation as operating areas.

16 CYBER SECURITY

This is demonstrated in the UK by the in its own right.6 However, the use by cyberattacks experienced at sea must coordinated use of the Royal Marines both state and non-state actors of cy- not be investigated in isolation, but amphibious troops, the Royal Navy’s berspace as an asymmetric means to that evidence, precedence and devel- Fleet Air Arm and the deployment of seek an advantage over an otherwise opments in other environments should satellite supported communications militarily superior force is also recog- be considered as part of a holistic ap- and intelligence capabilities illustrating nised. This is significant as it implies proach in their resolution.8 how naval forces can utilise the dis- that the maritime community afloat tinctive attributes of the other environ- is no longer platform centric and de- Maritime Power at sea ments in the projection of seapower. tached from cyberspace, but an inte- However, although the dependencies gral part of it if connected via satellite, In order to project maritime power, it between these physical elements is mobile telephony or via radio trans- is necessary to be able to deliver an well recognised, each one’s unique mission of digitised navigation or other effect at sea and from the sea. Initially link to cyberspace is not and the con- maritime related information. Although the term Command of the Sea was cept of how the projection of cyber- this bring advantages, it also exposes used to be able to exploit the environ- power could be conducted from the the maritime community to the same ment to an advantage. However, as sea has not attracted much, if any, dis- risks and vulnerability to attack as their this implied total control of the entire cussion and requires further investiga- land based counterparts. This is exac- ocean all of the time, which was im- tion. This may be due to a lack of un- erbated by the issue of software aging practical, other terms are now used derstanding of the unique conditions of in which a ship’s lifespan may exceed that refer to a more realistic aspiration the coastal and oceanic regions or that that of the software that is required to of temporary control limited in time they are not considered suitably differ- operate it. This will require regular, but and space to that required to conduct ent from the other environments to potentially expensive and time con- a given task or operation. Sea Control warrant particular investigation. What suming ‘software refits’ to mitigate for is defined as the freedom to use an effort has been devoted to the subject any vulnerabilities in their systems, but area of the sea for one’s own purpose has been concentrated on the related which may in reality offer no additional for a period of time and if necessary security aspects of shipping, which in functionality and may even reduce per- to deny its use to an opponent if it is 2016 is now gaining increased inter- formance if the hardware upon which it contested and requires dominance of est from both the mercantile industry is running is not upgraded at the same the surface and sub surface environ- and suppliers of cyber security prod- time.7 This may well also be combined ments including the seabed and the ucts. The maritime environment and with increased automation and the in- air above.9 This may range from being its relationship with cyberspace in the tegration of different functions into a able to exercise the right of innocent projection of power introduces the single system to reduce the manpower passage in a state’s territorial water concept of maritime cyberpower as a required afloat, which further limits its or Exclusive Economic Zone to using facilitator of maritime power. The role ability to operate without the aid of the force to eliminate another naval force of cyberspace in contributing to mari- computer systems. Ocean going ves- from challenging control over an area time power is acknowledged as going sels are also increasingly reliant upon of sea. As Sea Control is a temporary beyond just information systems and a robust logistics organisation to pro- condition, it would usually be an ob- reaching into command and control, vide global support – a system that it- jective in order to conduct a particu- intelligence, surveillance and recon- self is dependent upon Internet based lar mission or as a precursor to other naissance activities as well as the communications and disruption of operations. Depending on the threat, physical control of systems. Thus the such networks may have a significant obtaining it may involve actual military importance of the cyber environment effect on the seaworthiness or ability action against an opponent at sea or is recognised as a facilitator in the ef- of a ship to embark on transcontinental their containment by blockade to pre- fective operation of other systems, but passages. This emphasises the inte- vent them from accessing the disputed not as a means to exert power at sea grated nature of cyberspace and that area. The concept of Sea Denial dif-

17 CYBER SECURITY

fers from Sea Control in that it occurs the operation of offshore oil platforms navigation, maritime attack against when one party prevents another from from the adverse influence of others. the national infrastructure, arms pro- controlling an area, but without con- The UK National Strategy for Maritime liferation, drugs and people smuggling trolling the region itself. Historically Security defines it as: are all listed.13 minefields or the threat of submarines …the advancement and pro- were used to deny access to an area tection of the UK’s national in- Defining the cyber environ- or threaten opposition surface forces. terests, at home and abroad, ment More recently and especially in littoral through the active manage- areas, surface to surface missile or ment of risks and opportuni- Although there is no formally accepted gun batteries have been used to pres- ties in and from the maritime definition for the cyber environment, ent an increased level of risk that may domain, in order to strengthen the UK Ministry of Defence’s Cyber deter maritime forces from operating in and extend the UK’s prosperity, Primer describes it as the interdepen- coastal regions. Sea Control and Sea security and resilience and to dent network of information technology Denial may also be used in conjunc- help shape a stable world.11 infrastructures, (including the Internet, tion as denial in one region may facili- Within the military context, British telecommunications networks, com- tate control in another. Defence Doctrine notes that the role puter systems, as well as embedded of national security encompasses processors and controllers), and the Maritime security the safety of the State and its protec- data therein within the information en- tion from both external and internal vironment.14 At the heart of cyberspace There is a direct correlation between threats, but is also integrated within, is information and the information en- power and security, which is applica- and dependent upon, the security of vironment is defined by the UK Minis- ble in all environments including mari- neighbouring states and partners. The try of Defence as a logical construct time and cyberspace. As power seeks former of these counter the threat of whereby assured information can pass to influence the behaviour of people invasion, attack or blockade and the unhindered from point of origin to point or the course of events, this may be latter includes the dangers from ter- of need, with assured meaning that the perceived as a threat, particularly if it rorism, subversion, civil disorder, information can be proven as authen- is detrimental to a government or so- criminality, insurgency, sabotage and tic and that the originator can be iden- ciety’s policy, social norms or strategic espionage.12 The role of cyberspace tified.15 The Cyber Primer also moves ambitions. Among multiple definitions is referred to within the context of an beyond just describing cyberspace to of security, the Oxford English Diction- attack on the country’s critical national what comprises military operations in ary includes Freedom from threat or infrastructure. This document also the environment, defining them as the danger, and safeguarding the inter- obliquely refers to the maritime com- employment of capabilities where the ests of a state.10 Effective security can ponent by highlighting that the govern- primary purpose is to achieve effects thus be used as a means to counter ment’s primary duty is to maintain the in, or through, cyberspace. This has the effects of a campaign of power freedom and integrity of the UK and significant coherence with the defini- projection or influence – it is a coun- that its stability, prosperity and well-be- tions of maritime power projection and ter power strategy. At sea, maritime ing depend on international trade and security in being able to influence the security can be utilised as a means to investment. This it notes requires raw behaviour of people or the course of counter some of the measures used to materials being imported and goods events. In an attempt to explain cy- exert control over people or systems exported by sea and are facilitated berspace as part of the Information by a threat actor, be they state spon- through access to global information environment, the Primer describes it sored or criminally motivated. These flows. In highlighting the threat posed in terms of three domains; the Physi- may range from efforts to exercise to the UK by criminals operating in cal (hardware, location and network- power through Sea Control or Denial the maritime environment; terrorism, ing components), Virtual (software, to protecting fisheries or maintaining disruption to trade or the freedom of networking protocols and information),

18 CYBER SECURITY

and Cognitive (people, their roles and when seeking to achieve an effect in berspace.’ 17 groupings). Noting that cyberspace is cyberspace. For example, the total- In addition to using the features of the a complex and dynamic environment, ity of the two environments are both maritime environment as a means of the Cyber Primer emphasises its im- ungovernable by a single authority, influencing others in the wider medium portance to military operations and indicating that sea control and denial of cyberspace, it is also conceivable the reliance it places on defence com- may have equivalents in cyberspace to use the properties of cyberspace to munications. However, it also notes for power projection. Both also require develop the concept of power at sea in the need to use Commercial Off The manufactured devices to effectively the conventional sense. This presents Shelf (COTS) hardware, software and use them, be they ships or computing a new theory of cyber seapower, which civilian owned and operated infrastruc- devices as unlike land warfare, a hu- can be termed: ture for its essential operations.16 This man cannot enter and engage with the ‘The ability to use cyberpower requires protective measures to be environment unaided. Furthermore, to project power at sea and from implemented to enable mission criti- the maritime and cyber environments the sea to influence the behav- cal systems and the information they are international in nature with ships ior of people or the course of carry to function with the requisite re- at sea originating from many coun- events in the maritime environ- silience in order to maintain the same tries and cyberspace comprised of ment’ confidentially, integrity and availability components manufactured worldwide, There is a distinct difference in these of data as military systems. A key facet with no single country having total new concepts of maritime cyberpower of this is its relationship and interde- dominance in either. However, influ- and cyber seapower as whereas the pendency with the electromagnetic ence can be exerted as seen by some former seeks to achieve an effect from spectrum, which is an integral part of states having large merchant fleets or the sea that influences events any- the cyber environment, particularly for being dominant in the computer or net- where in cyberspace, the latter seeks mobile platforms that do not have ac- working markets. Similarly, in order to to use cyberspace to achieve an effect cess to a fixed infrastructure for com- function, there are global agreements solely in the maritime environment, munication. However, data exchange that govern both environments – The including the littoral. An example of via radio frequency transmissions United Nations Convention on the Law maritime cyberpower would therefore have the significant disadvantage in of the Sea (UNCLOS) in regulating the be to use a maritime platform to dis- that they can be intercepted and un- use of the oceans and the use of in- rupt or influence a cyber infrastructure less encrypted can be subject to col- ternationally accepted addressing and at sea or ashore to prevent access or lection for analysis, manipulation or routing protocols that control how data to alter the content of systems in order interference by persons other than is exchanged in the networks of cyber- to affect the behaviour of a popula- the intended recipient thereby making space. By adapting the UK’s definition tion ashore. Cyber seapower how- them a valuable target for espionage, of Maritime Power of The ability to ever would be to utilise the medium sabotage or subversion. project power at sea and from the sea to directly affect the ability to facilitate to influence the behaviour of people Sea Control or Sea Denial. This would Comparing maritime and cy- or the course of events and by using include adversely affecting the ability ber environments the concept of seapower as the basis of ships, ports or offshore installations for projecting cyberpower, the notion to operate normally. The concepts of Although the maritime and cyber envi- of Maritime Cyberpower can be intro- Maritime Cyberpower and Cyber Sea ronments may appear very dissimilar duced as: Power within the contexts of Cyber- at first inspection, there are a signifi- The ability to project cyberpow- power and Sea Power are shown in cant number of parallels that can be er at sea and from the sea to in- Figure 1 below, which emphasise their drawn between them and many of fluence the behaviour of people contributory nature to the wider power the factors that need to be considered or the course of events through component and their role in circum- when operating at sea can also apply and within the medium of cy- venting the security of the defender:

19 CYBER SECURITY

Figure 1: The relationship between Sea Power, Cyberpower, Cyber Sea Power and Maritime Cyberpower

Characteristics of maritime accuracy of a millionth of a sec- signals from multiple systems cyberspace ond, velocity to within a fraction to increase their accuracy.20 of a mile an hour and location to Although primarily regarded as Maritime cyberspace relies on within 100 feet.18 It should also an aid to navigation, satellite a range of technologies to func- be noted that although GPS is based PNT systems are fun- tion with some unique to the the predominant satellite based damental to ensuring maritime environment, but others widely PNT system, there are two oth- platforms remain connected to used in all areas of cyberspace. ers in use; the European Gali- cyberspace by providing net- Combined, they form the ele- leo and Russian Glonass sys- work timing, altitude and azi- ments upon which shipping is tems. When fully deployed in muth information to enable re- now dependent for their safe 2020, the Galileo system will ceivers to acquire the satellites. and effective operation with the comprise 24 satellites with ini- They are however very vulner- use of satellite based naviga- tial services available from the able to a variety of attacks in- tion systems arguably the most end of 2016.19 The Russian cluding spoofing (imitating), significant. The primary system Glonass system also compris- hijacking (altering) and corrupt- in use is the Global Positioning es 24 satellites and provides ing the transmissions, which in- Satellite (GPS) constellation, worldwide coverage, although terfere with the data due to the which is an American owned it is optimised for northern lati- relative weakness of the signals capability that provides users tudes. Initially developed for received from space being eas- with position, navigation and military use, it is now being ex- ily overwhelmed by malicious timing (PNT) services. The sys- ploited commercially and many terrestrial based transmitters.21 tem is quoted as operating to an receivers are able to receive Although illegal to own or use

20 CYBER SECURITY

in many countries, jammers are mation about its passage. 24 It fic concentration as shown in widely available with well docu- is a vital aid used by shipping Figure 2. This enables AIS data mented examples of their use for collision avoidance and for to be integrated not only in the denying maritime and port ser- transmitting data relating to maritime cyber environment, vices.22 Satellite based naviga- search and rescue operations, but also accessed by anyone tion systems are also a primary meteorological, hydrological with an Internet connection. component of the second ele- and navigational safety infor- There are several websites ment of maritime cyberspace, mation.25 AIS is also used for such as www.vesselfinder.com the Automatic Identification tracking vessels within a na- that offer near real time AIS System (AIS). This is a system tion’s territorial waters and is data overlaid on mapping soft- introduced to enhance the safe- fundamental to the safety of ware that not only indicate the ty of vessel traffic by automati- shipping in areas of high con- position of vessels active on cally exchanging information in centration such as the English AIS, but enable searches to be real time as well as being able Channel, where it is integral in made for individual ships and to track and monitor ships.23 the Dover Straits Channel Nav- respond to searches about the The use of AIS transponders igation Information Service.26 information that they are trans- is a mandatory requirement for More recently, satellites have mitting.27 However, as an open all passenger vessels and in- been used to receive AIS data, standard using unencrypted ternational shipping over 300 which is updated hourly to pro- message formats and with data tons and comprises Very High vide global coverage of infor- accessible via the Internet, it Frequency (VHF) data trans- mation on shipping outside the has also been found to be vul- missions broadcasting a range range of shore based receiv- nerable to a range variety of of information types including ers. By accumulating this data, attacks including spoofing, hi- the platform’s identity, position it is possible to show worldwide jacking and jamming.28 acquired from GPS and infor- shipping and areas of high traf-

Figure 2 – Global satellite AIS coverage29

21 CYBER SECURITY

In addition to providing position, provide the option of bespoke range of scenarios.32 Although navigational or time informa- applications tailored for ship- details of these weaknesses tion and enabling the reception ping.30 THURAYA also offer a were made known to the manu- of AIS information transmitted maritime communications ser- facturers to enable software from ships, satellites are also vice with an option of voice and patches to be developed, they fundamental to maritime data / or data services. Their data emphasise that notwithstand- and voice communications. services are similar to that of a ing the investment in commu- There are two mains systems in terrestrial provider, but do not nication infrastructure and end use; the UK based International offer the specialised maritime user devices, software can still Maritime Satellite Organisation applications of INMARSAT.31 be the weak point in any com- (INMARSAT) set up by the In- Both systems do however en- puter based system. In addition ternational Maritime Organisa- able ships to establish a per- to space based connectivity tion (IMO) in 1979 and the UAE manent connection to the cy- to the cyber environment, it is based privately owned THURA- ber environment with similar possible to use more traditional YA network. Both provide near functionality to a land based radio frequency (RF) communi- total global coverage, although subscriber. Despite the space cation methods to transfer data INMARSAT has a greater foot- based segments of commer- using the same protocols as the print at extreme latitudes, but cial satellite systems being re- Internet. These however can be as both systems employ geo- garded as resilient to common more challenging to engineer stationary equatorial satellites, forms of cyber attack, recent re- and have significant restric- they are limited in performance search has revealed a range of tions; both in the limitations of at the poles. INMARSAT’s mar- vulnerabilities in the user termi- the medium and their sensitiv- itime service offers a range of nals. These include hardcoded ity to changes in atmospheric telephony and broadband In- credentials common to all de- conditions. The propagation of ternet connections providing vices, the use of insecure pro- radio waves depends on their comparable services to land tocols and backdoors that could frequency as shown in Figure 3 based fixed infrastructures and be exploited by an attacker in a below:

Figure 3 - Commercial radio frequency spectrum33

22 CYBER SECURITY

Within the RF spectrum, infor- long range HF communica- sible, although depending on mation is transmitted by chang- tions are not as reliable as SHF the distances and transmitted ing the value of the signal. The based satellite communications power, the jamming station may faster the signal is changed, as reception depends on fre- be required to be either within the more information can be quency, atmospheric conditions the line of sight of the target or passed and as frequency is and time of day. Dead zones close by. The final component a direct measurement of the can also occur close to the of maritime cyberspace is with- rate of change in values, the transmitter where no signal is out doubt the most important higher the frequency of the sig- received and ranges achieved and yet is mostly out of sight nal, the more information can at night can be twice that of with the majority of its users of be passed – hence the use of day time communications.36 oblivious to its existence. De- Super High Frequency (SHF) RF based E-mail systems such spite the increasing use of wire- transmissions for high data as sailmail use dedicated file less devices to interact with cy- rate satellite communications.34 transfer protocols in addition to berspace via mobile telephony Transmissions at the Very High the standard Internet protocols or Wi-Fi, beyond the cell phone Frequency (VHF) and above of Transmission Control Proto- mast or wireless router, the ma- are line of sight and so are col and Internet Protocol (TCP/ jority of data communication is ideal for point to point links to IP) that are required for web wired and for international com- satellites, but using these ele- browsing. To be effective, TCP/ munication this involves fibre ments of the spectrum for non- IP relies on a continuous trans- optic cable laid on the ocean space based communications fer of data packets, not only floor. This network of more than is limited in range to the visible to exchange information, but 300 undersea cable systems horizon and the lower the fre- also to check that the packets stretches over 550 000 miles quency, the lower the data rate. have been received correctly. and transports 99% of all trans- Below VHF, High Frequency The quantity of these additional oceanic digital communications. (HF) radio transmissions have data packets and the latency of The longest single cable has 39 the property that they can re- the transmission if skywave is landing points from Germany fract off the ionosphere layer used is beyond that which can to Korea and spans 24 000 of the atmosphere and be re- be realistically transmitted over miles.38 Their essential role in ceived over the horizon from the limited data rates of HF and data and voice communications the transmitting station. Known packet loss due to unreliable has resulted in its reliability be- as ‘sky wave’, this range of fre- connections could render the ing deemed by some countries quencies is commonly used for communications channel inef- as absolutely essential for the long range marine radio and fective. However, there have functioning of governments and despite their lower frequency been some attempts at using the enforcement of national se- restricting the potential data IP over HF, particularly by the curity and because of this they rates of communications, they military, which have developed are regarded by many as being can be used for the transmis- their own standards to make the part of their critical national in- sion of e-mails. In addition to most efficient use of the limita- frastructure.39 This network is a compatible transceiver, this tions of the medium.37 As with also relatively centralized and requires the use of a radio mo- all RF transmissions, communi- follow similar routes across dem, computer hardware and cations are open to interception the globe with some laid over an account with a specialist ser- and measures must be taken 25 000 feet below the ocean’s vice provider such as sailmail.35 to ensure their security. Com- surface.40 This routing pattern It should be noted though that munications denial is also pos- is due to the lower risk of using

23 CYBER SECURITY

paths which have previously and New York takes one eighth recently, both US and Russian proved successful and some the time to reach its destination submarines and spy ships have seabed topography being more by cable than by satellite.43 As been reported operating near suited to laying cables than the numbers of these cables undersea fibre optic cables others. Routes tend to avoid expand they offer increased leading to fears that they might shipping lanes to avoid dam- redundancy of communica- be able to either tap into them age from dragging anchors and tion as well as capacity and a to intercept the data or be plan- are also highly politicized with range of routing options leading ning to attack them in times of cable companies often having to a greater resilience in global tension or conflict.45 46The ability to overcome objections from communications. The combina- to monitor or even sever direct local communities for a variety tion of their known approximate communications with its allies of reasons including economic location, quantity of traffic that and the rest of the world would and environmental concerns, they carry and importance to significantly degrade a nation’s resulting in their paths often national communications has cyberpower and may result being circuitous rather than di- not been lost on governments in data having to be rerouted rect.41 The also tend to termi- who have taken a keen inter- across other networks that may nate in or near traditional port est in the cables used by their have increased latency or al- cities following conventional adversaries. In the 1970s the ready be subject to monitoring trading routes.42 Compared to US National Security Agency activities. These four elements satellite communication, under- conducted Operation Ivy Bells of cyberspace; satellite based sea cables are cheaper to use, against Russian telephone PNT, AIS and wired as well as have a longer lifespan and have cables off the Kuril Islands to wireless communications are shorter transmission times as the east of the country. Div- now fundamental components geostationary communication ers operating from submarines of the maritime environment satellites are placed in orbit at positioned recording pods on and together form the new con- altitudes of 22 000 miles above the lines, which would then be cept of maritime cyberspace. the earth. This means that a sig- retrieved after a period of time The relationship between them nal travelling between London for later examination.44 More is shown in Figure 4 below:

Figure 4 – The composition of maritime cyberspace

24 CYBER SECURITY

Exploiting Maritime Cyber- in Figure 5. This demonstrates ent capabilities is becoming space that both maritime cyberpower increasingly common with com- and cyber seapower can be de- mercial providers offering Inte- Having identified the similarities veloped either separately or as grated Platform Management and dependencies between the part of a combined strategy. Systems (IPMS) that oversee maritime and cyber environ- The challenge of preventing ad- all aspects of a vessel’s propul- ments and their use for the pro- versaries from using maritime sion plant and systems, whilst jection of power in both areas, cyberspace to exert maritime interfacing with communication it can be seen that the exploi- power by compromising ships’ suites and PNT systems. This tation of maritime cyberspace systems is being addressed by provides a remote monitoring offers significant potential for several organisations, including and control capability that re- developing national power, Security Lancaster. In a paper duces the number of personnel whilst emphasizing the impor- published in February 2016, needed to check systems in situ tance of maintaining its secu- the risks were highlighted of and enables the rapid detection rity to protect it from those that integrating previously separate and response to maintenance would wish to degrade it. By components into a single inte- issues as they occur. Suppliers combining Figures 1 and 4, a grated network, which is then of IPMS reduce risk and cost composite model of power pro- connected to the Internet. The by relying on well-established jection in maritime cyberspace practice of automating the con- technologies including operat- can be derived, which is shown trol and management of differing systems and networking

Figure 5 – Power projection in the maritime and cyber environments

25 CYBER SECURITY

components that would be fa- system integrity can be com- terms of appreciating its role miliar in a home or office envi- promised by a human operator, to society in supporting trade ronment. Reliability is ensured either intentionally or by acci- and in the projection of political by incorporating proven COTS dent. A direct connection to the power and influence. The seas components that have already network by an infected laptop are often a source of conflict been used in a range of envi- or USB stick may be the easi- as neighbouring nations com- ronments and using open archi- est method, but wireless net- pete for limited resources in tectures with industry standard works or remote access logins adjacent waters and are used protocols. This enables sys- via an Internet connection may as a means of transporting es- tems to be easily configured, re- also be a convenient means to sential materials. This results configured and upgraded with a access the system. A vessel in in issues that could previously range of software packages to port with a network that is un- be regarded as being mat- suit the individual needs of the encrypted or protected by a ters of foreign policy quickly customer. However, although weak password would also of- becoming of domestic impor- using commonly available fer an attractive and easily ac- tance as legal and diplomatic products and software that are cessible target. In addition, the disputes can quickly become proven and reliable provides use of multifunctional control militarised as nations seek to reassurance that a system will terminals presents another sys- protect what they regard as work, they may also introduce a tem weakness as once com- their own, while exerting influ- range of vulnerabilities caused promised they could provide ence in those areas claimed by a failure to properly secure access to the entire network by other nations. By develop- and patch systems that can and its subsystems.47 The use ing the two distinct but related be exploited by those of mali- of cyber seapower as a means terms of maritime cyberpower cious intent. Software that is to threaten shipping and the and cyber seapower, the mari- in widespread use is also the maritime environment is now time environment can be seen most frequent to be targeted by being recognised as the subject to contribute to the ability to malevolent parties as their ef- of several conferences and by project national cyberpower, forts in understanding and de- the UK shipping industry, which which may have global impact. veloping techniques to access offers guidance to ship owners Whereas the former utilises the and alter computer code will be and operators on how to assess maritime environment to lever rewarded by being able to be their networks and put in place the properties of cyberspace used effectively against a broad the necessary procedures and to alter the behaviour of a tar- range of targets. An apprecia- actions to maintain the cyber- get individual, group or popu- tion of what type of technology security of their ships. 48 lation, the latter uses the cyber is used in ships and then being environment to facilitate Sea able to easily acquire copies Conclusion Control or Denial to establish to work on will also make their the free use of an area of sea task easier. Similarly, compo- This paper has introduced the for a period of time or to deny nents that are intended to be concept of the maritime cyber its use to an adversary. In this upgradable are designed to be environment by bringing togeth- way, the comparable proper- easily accessible, which further er the individual attributes of ties of both environments en- increases their potential vulner- both elements to highlight their able parallels to be drawn as ability to malicious interference. importance and mutual depen- to how these different forms of There is no shortage of meth- dence. Understanding the mari- power can be exercised. A key ods available by which a ship’s time environment is vital both in conclusion from investigating

26 CYBER SECURITY

maritime cyberspace is the link that have arisen from combin- safety based capabilities and between security and power ing elements of the maritime wireless communication from projection. In order for an ad- and cyber environments and either space or terrestrial radio versary, whether a state or non in particular how this may af- frequency based systems. The state actor, to be able to exert fect operations from a security final element of maritime cyber- a cyber influence on a target, context and the importance of space consists of the thousands they have to be able to access the role of the user in main- of miles of fibre optic cables it either directly or indirectly. Cy- taining system integrity. This is that cross the ocean floor con- ber security measures will pre- coherent with one of the most necting continents and which vent or limit the access that an significant elements of both are crucial to the very existence attacker will have and therefore environments; that in order to of the environment. With the in- restrict the effect that they hope fully engage with them, opera- creasing trend to combine pre- to achieve. This highlights the tors have to understand and viously separate ship systems need to understand the poten- interact with manufactured onto a single network controlled tial vulnerabilities that may exist elements whether these are by an IPMS, which may be con- in maritime cyberspace and the ships or computing devices. nected via satellite to shore need to be self-critical in how Maritime cyberspace is unique based networks, whole vessels this environment can be seen in both comprising and relying can now be considered part of from the perspective of both at- on a number of discrete capa- maritime cyberspace and must tackers and defender and how bilities including space based be protected from those wish- offensive and defensive strate- systems for position, naviga- ing to influence the behaviour gies can be developed. tion and time information, the of nations by compromising the Academic institutions are now Automatic Identification Sys- systems upon which their ship- becoming aware of the issues tem for a range of navigational ping depends.

References

1 Ministry of Defence, 2011. British Maritime Doctrine. 1st ed. London: Development, Concepts and Doctrine Centre. P.v 2 Ibid. Para 123 3 Ibid. P.iii 4 Ibid. 5 Ibid. 6 Ibid. para 355. 7 Fitton, O., Prince, D., Germond, B. & Lacy, M., 2015. The Future of Maritime Cyber Security, Lancaster: Lancaster University. p.9. 8 Ibid. p.28. 9 NATO, 2014. Allied Joint Doctrine for Air Maritime Coordination AJP-3.3.3. 1st ed. Brussels: NATO. para 0303 10 Oxford English Dictionary, 2016. Oxford English Dictionary. [Online] Available at: http://www.oed.com/ [Accessed 12 Apr 2016]. 11 HM Government, 2014. UK National Strategy for Maritime Security, London: Her Majesty’s Stationery Office. 12 Development, Concepts and Doctrine Centre, 2014. Joint Doctrine Publication 0-01 UK Defence Doctrine. 5th ed. London: Ministry of Defence.p3 13 Ibid. p.9 14 Development, Concepts and Doctrine Centre, 2013. Cyber Primer. 1st ed. London: Ministry of Defence. p1-1 15 Ministry of Defence, 2013. Defence Information and Communications Technology Strategy. 1st ed. London: Ministry of Defence. P8 16 Development, Concepts and Doctrine Centre, 2013. Cyber Primer. 1st ed. London: Ministry of Defence. p1-3 17Ibid. p.iii 18 US Air Force, 2015. Global Positioning System. [Online] Available at: http://www.af.mil/AboutUs/FactSheets/Display/tabid/224/Article/104610/global-positioning-system. aspx [Accessed 12 Apr 2016]. 19 European Space Agency, 2016. Galileo navigation. [Online] Available at: http://www.esa.int/Our_Activities/Navigation/The_future_-_Galileo/What_is_Galileo [Accessed 12 Apr 2016]. 20 Beebom, 2015. What is GLONASS And How It Is Different From GPS. [Online] Available at: http://beebom.com/2015/05/what-is-glonass-and-how-it-is-different-from-gps [Accessed 12 Apr 2016]. 21 Hayes, G.,2016 GPS can be jammed and ‘spoofed’--just how vulnerable is it? Part 2. Available at http://www.marineelectronicsjournal.com/content/newsm/news.asp?show=VIEW&a=129 [Accessed 24 July 2016]

27 CYBER SECURITY

22Ibid. 23 Balduzzi, M., Wilhoit, K. & Pasta, A., 2014. A Security Evaluation of AIS, Texas, USA: Trend Micro. 24 International Maritime Organisation, 2016. AIS Transponders. [Online] Available at: http://www.imo.org/en/OurWork/Safety/Navigation/Pages/AIS.aspx [Accessed 12 Apr 2016]. 25 HM Government, 2014. Mapping UK shipping density and routes from AIS (MMO 1066). [Online] Available at: https://www.gov.uk/government/publications/mapping-uk-shipping-density-and-routes- fromais- mmo-1066 [Accessed 12 Apr 2016]. 26 Maritime and Coastguard Agency, 2014. Dover Strait crossings: channel navigation information service (CNIS). [Online] Available at: https://www.gov.uk/government/publications/dover-strait-crossings-channel-navigationinformation service/dover-strait-crossings-channel-navigation-information-service-cnis#how-cnis-works [Accessed 12 Apr 2016]. 27 Vessel Finder, 2016. Real-Time AIS Data. [Online] Available at: https://www.vesselfinder.com/ [Accessed 12 Apr 2016]. 28 Balduzzi, M., Wilhoit, K. & Pasta, A., 2014. A Security Evaluation of AIS, Texas, USA: Trend Micro. 29 Marine Source, 2016. Satellite AIS Data. [Online] Available at: http://www.marinetraffic.com/en/p/satellite-ais [Accessed 12 Apr 2016]. 30 Inmarsat, 2016. Fleet Broadband. [Online] Available at: http://www.inmarsat.com/service-collection/fleetbroadband/ [Accessed 12 Apr 2013]. 31 Thuraya, 2016. Marine Comms. [Online] Available at: http://www.thuraya.com/marine-comms [Accessed 12 Apr 2016]. 32 Santamarta, R., 2014. A wake-up call for SATCOM Security. [Online] Available at: http://www.ioactive.com/pdfs/IOActive_SATCOM_Security_WhitePaper.pdf [Accessed 23 July 2016]. 33 Encyclopaedia Britannica, 2016. Transmission media and the problem of signal degradation. [Online] Available at: http://www.britannica.com/topic/telecommunications-media [Accessed 12 Apr 2016]. 34 Computernetwor (Balduzzi, et al., 2014)kingsimplified.com. Relationship between Bandwidth, Data Rate and Channel Capacity. [Online] Available at: http://computernetworkingsimplified.com/ physical-layer/relationship-bandwidth-data-rate-channel- capacity/ [Accessed 12 Apr 2016]. 35 Sailcom Marine, 2016. HF shortwave SSB radio email systems. [Online] Available at: http://www.sailcom.co.uk/pactor/ [Accessed 12 Apr 2016]. 36 yachtcom, 2016. Long Distance Communications Made Clear and Simple. [Online] Available at: http://info.yachtcom.co.uk/HF/ [Accessed 12 Apr 2016]. 37 Isode, 2016. Why IP over HF Radio should be Avoided. [Online] Available at: http://www.isode.com/whitepapers/ip-over-stanag-5066.html [Accessed 12 Apr 2016]. 38 Business Insider Science, 2015. Animated map shows the undersea cables that power the internet. [Online] Available at: https://www.youtube.com/watch?v=IlAJJI-qG2k [Accessed 12 Apr 2016]. 39 Starosielski, N., 2015. The Undersea Network. 1st ed. Durham and London: Duke. p.1 40 Business Insider Science, 2015. Animated map shows the undersea cables that power the internet. [Online] Available at: https://www.youtube.com/watch?v=IlAJJI-qG2k [Accessed 12 Apr 2016]. 41 Starosielski, N., 2015. The Undersea Network. 1st ed. Durham and London: Duke.p.31 42 Blum, A., 2012. Tubes - Behind the scenes at the Internet. 1st ed. London: Penguin. p.194 43 Starosielski, N., 2015. The Undersea Network. 1st ed. Durham and London: Duke.p.9 44 http://www.theatlantic.com/international/archive/2013/07/the-creepy-long-standing-practice-of-undersea-cable- tapping/277855/ 45 Sanger, D. E. & Schmitt, E., 2015. Russian Ships Near Data Cables Are Too Close for U.S. Comfort. The New York Times, 26 October, p. A1. 46 Fung, B. & Peterson, A., 2016. America uses stealthy submarines to hack other countries’ systems. [Online] Available at: https://www.washingtonpost.com/news/the-switch/wp/2016/07/29/america-is-hacking-other-countries- with-stealthy-submarines/ [Accessed 4 August 2016]. 47 Venables, A., 2016. Protecting Ships - The Threat of Hackers. Port Technology, 69 Edition, pp. 30-31. 48 BIMCO, CLIA, ICS, INTERCARGO, INTERTANKO, 2016. The Guidelines for Cyber Security Onboard Ships, Bagsvaerd: BIMCO.

Adrian Venables PhD Student at Lancaster University Commander UK Royal Naval Reserve

Adrian served in the Royal Navy as a Communications,Warfare and Intelligence officer for 24 years responsible for the provision and security of a range of services worldwide, including the management of specialist teams deployed to operational theatres. Since leaving the Service, he has extensively studied the cyber threat landscape and how the Internet is used by malevolent parties and for the projection of power and influence by state and non-state actors. A Certified Information Systems Security Professional, he has worked for both government and industry clients advising on computer security with a particular interest in education and training as a method of countering the cyber threat. He is a frequent visiting speaker on both military and university courses in which he aims to raise awareness of the techniques used by cyber criminals and of the need to improve personal security online. A firm believer in Continuous Professional Development, Adrian has undertaken anuninter- rupted programme of academic study over the past 14 years and is currently studying for a PhD at Lancaster University in the UK where he is researching the relationship between the maritime and cyber environments in the projection of cyberpower.In addition to his current academic research programme he holds two Batchelor of Science degrees with Honours in Computing and Information Technology and Intelligence and Security and four Masters Degrees in the Design of Information Systems, Business and Computer Studies, Technology (Maritime Operations) and Cyber Security. He is also a Chartered Information Technology Professional Fellow of the British Computing Society, Chartered Engineer Member of the Institution of Engineering Technology and Fellow of the Chartered Management Institute.

28 ENERGY INFRASTRUCTURES SECURITY

Holistic Protection of Critical Infrastrucures Resilience and protection of dependencies between Greek Critical Infrastructures ● George Stergiopoulos ● Manos Magkos Senior Researcher Associate Professor INFOSEC Laboratory Ionion University, Greece Athens Univ. of Economics & Business ● Georgia Lykou ● Dimitris Gritzalis Researcher Professor & Associate Rector INFOSEC Laboratory INFOSEC Laboratory Athens Univ. of Economics & Business Athens Univ. of Economics & Business ● Panayiotis Kotzanikolaou Assistant Professor University of Piraeus, Greece

INTRODUCTION of each country; especially nowadays, between national CIs at international both because of direct threats (dictat- and European levels. The protection of Critical Infrastruc- ed by the current international political Today, Greece remains one of the tures (CIs) is, by definition, of high situation) and also due to emerging in- few countries of the European Union, importance for the welfare of citizens teractions or dependencies developed which (besides the formal transposi-

29 ENERGY INFRASTRUCTURES SECURITY

tion of the 114/2008/EC Directive into tion of European Critical Infrastructure. Compilation of a National domestic legislation) has no compre- Protection Program for Criti- hensive strategy to safeguard national Contribution cal Infrastructures CIs, nor any process of developing such an integrated plan, except for 1. The creation of an inventory of all As part of a national CI protection some initiatives taken from the Gen- stakeholders, i.e. actors who have program, each EU Member-State is eral Secretariat of Digital Policy. some form of power (legislative, su- required to (i) record its National Criti- pervisory or regulatory) to protect CIs cal Areas, (ii) record and evaluate the Basic goals in Greece. systems or parts thereof which may 2. The identification and indicative cat- constitute a CI, and (iii) to record and 1. The initial creation of an inventory aloguing of potential national CIs, as evaluate (possible) interdependencies and corresponding assessment of ex- well as their interdependencies. In par- between detected CIs. Also, each na- isting national CIs along with their su- ticular, an attempt is made to record tion has to plan and/or update a Busi- pervised entities to identify critical ser- national CΙs on the Energy, Transport ness Continuity Plan (BCP) and a Con- vices, their dependencies and security and Information and Communication tingency Plan (CP) for the protection of measures to be applied to adequately Technologies (ICT) sectors. national CIs (Directive 114/2008). protect and increase their resilience 3. The development of a structured Since, in most cases, the owners (op- against known or unknown threats. identification and risk assessment erators) and/or operators of CIs are 2. The Risk Assessment of services methodology of national CIs, taking private entities, any national CI identifi- and interdependencies between candi- into account internationally applied CI cation process (along with all process- date national Cis using an appropriate, assessment methodologies. A range es in the context of a national protec- new methodology for the classification of three evaluation levels (criticality), tion program) requires the exchange of national critical components. The and specific evaluation criteria for the of information between stakeholders, methodology will be able to assess the integration of critical components in in accordance with the principle of col- degree of impact from potential threat criticality levels will also be developed laboration between stakeholders and manifestation, with a view to prioritiza- and utilized, as part of the proposed the public-private partnership (public- tion and implementation of appropriate methodology. private partnership, PPP). security measures for all national CIs. 4. The pilot implementation of the pro- During the stage of critical area identi- Objectives of this project do not in- posed methodology to a list of candi- fication, each Member State must es- clude the full and comprehensive cov- date national CI fields in order to rank tablish an initial list of critical national erage and assessment of all CIs in the their Criticality; namely on the Energy sectors, i.e. sectors existing in the country, nor the proposal of a detailed and ICT sectors. geographical limits of the country that security policy for each CI. This would include contingent CIs. Still, the pro- not be feasible in the context of an in- Preliminary record of Greek cess of selecting national critical sec- dependent study, since the complete Critical Infrastructures tors and sub-sectors is not obvious. recording and evaluation of all Cis na- Towards creating a common frame- tionwide requires an authorized body The identification and evaluation of na- work program for the EPCIP (European with the institutional and legal feasibil- tional CIs first requires the creation of Programme for Critical Infra-stru¬cture ity of collecting and processing classi- an initial list of potential CIs, at sector Protection) the establishment of a fied information along with the coop- and subsector levels. In this section, common list of critical sectors/subsec- eration of all national CI operators. the services of three key critical ar- tors is highly encouraged. The concept However, this systematic recording eas of the country are being mapped; of service is often used by implication and evaluation of Greek CIs can act namely those concerning the Energy, instead of the term infrastructure, since as a catalyst for conducting such an Transport and Information and Com- it integrates the existence of a set of indepth, which should be developed in munications Technologies (ICT) sec- goods and processes that need pro- the context of registration and evalua- tors. tection in both abstract and descriptive

30 ENERGY INFRASTRUCTURES SECURITY

levels. The list of CIs is presented in Technologies and Communications ers are candidate for being a Greek CI Table 1 and incorporates the concept subsectors, it appears that the Tele- in this sector. of service per subsector. communication subsector is the most In order to identify candidate Greek important in Greece. Hardcore central- Transportation Sector CIs, a brief overview of the Critical ization of services is observed at the Sectors reported in Table 1 was held Greek ICT sector, although for some The transport sector provides services and specific areas were selected services there seems to be a more bal- to multiple other sectors and supports which we believe are more signifi- anced dis-tribution of providers. This numerous economic activities such as cant for the country. Some potential leads us to believe that several provid- trading, tourism, industry, rural devel- critical services were removed due to non-conformity with the Greece (e.g. Space sector) while others were add- ed due to their potentially high impact on Greece’s GDP, like Touristic services. Based on the collection of public information and scientific expertise of the panel members, the following critical areas were selected for our study: (a) Energy (b) Information and Com- munications Technologies (ICT) and (c) Transport.

Energy sector

In Greece, multiple providers support various sub-sectors of the Energy sector. In some subsectors, only one provider (or a very small number of them) has a dominant position, making him the obvious choice for a CI at the En- ergy sector. Still, some changes have occurred in the Energy market of other subsectors over the last years; usually because of Greece’s need to comply with the relevant European Directives, but also due to the economic situation of the country.

ICT sector

The Information and Telecommuni- cation Technologies (ICT sector) is a sector of high criticality since it provides information assets and services to almost all other critical services in Table 1. The list of potential CIs, sectors and relevant subsectors specifically for Greece the country. Of all the Information

31 ENERGY INFRASTRUCTURES SECURITY

opment and the exploitation of natural above areas. The table structure con- Method for determining and resources of Greece. The sector is tains critical domains, subdomains for evaluating national Critical subdivided into sub-Rail, Road, Sea each critical service, the key subsys- Infrastructures and Air transports along with postal tems that are necessary for providing services. each service, the essential interdepen- This chapter describes a methodology Conclusions from mapping these three dencies with other (sub) sectors, as for identifying and evaluating national fundamental CI sectors of our country well as an indicative inventory of the HQ, structured as a sequence of steps. are presented in Table 2. The table providers of each service involved in Each step provides a brief description, summarizes infrastructures in the the country. the data (or parameters) input neces-

Table 2. Summary of the Energy, Transportation and ICT sectors in Greece

32 ENERGY INFRASTRUCTURES SECURITY

sary for the execution, implementation impact (impactbased classification) between Cis, as well as time criteria. actions needed and expected results. that are expected to manifest after The analysis of interdependencies be- Categories of criteria for the integra- an attack on relevant infrastructures. tween CIs can identify CIs that might tion of candidate Cis were defined Time criteria (estimate recovery time, have been underestimated during pre- inside the methodology. These include impact event time estimate) are used vious analysis. direct assessment criteria, time crite- for prioritizing CIs within each Risk Then, each subsystem gets a criticality ria and indirect criteria of importance level. Indirect criteria take into ac- assessment and sectorial and horizon- to CIs. Direct evaluation criteria are count, amongst others, the number tal criteria are utilized for the identifi- based on the assessment of potential and importance of interdependencies cation of that subsystem as a possible

Table 3. Summary of the Energy, Transportation and ICT sectors in Greece

33 ENERGY INFRASTRUCTURES SECURITY

CI. alternative approaches that can of the European Coun-cil on the The methodology does not take into be followed to identify possible implementation of the horizontal account threats (threats or scenarios), national critical services sector/ criteria during the evaluation of CIs. nor does it assess them according to subsector: - Good practices from EU their likelihood. Threat analysis, to- Administrative Approach. A list of members. gether with indicative threat scenarios potential national critical sector Implementation. Depending on will be described later on as part of a protective strategy for all CIs. services is compiled at a central, the approach taken during Step 2 administrative level, in cooperation (Administrative approach or owner- STEP 1: Initial list of critical with a competent Authority. manager driven approach), the sectors and subsectors. Alternatively, a list of national following checks are applied, either critical services is compiled at central level or in collaboration Short description. In the first step an across sectors. According to this with Critical Administrators: initial list of potential national critical approach, a Critical Managers list Step 3.1. Direct criticality rating. sectors and subsectors per sector is is compiled (according to relevant All potential critical services are catalogued. Sectors and subsectors legal frameworks). Managers will assessed, based on the immediate from the list of services offered in Ta- be responsible to identify critical consequences that would result ble 1 are used as input. services that are involved in. from their breach or failure. This Implementation. Cataloguing of the initial sectors/-subsectors list is per- Results. The list of critical services is achieved by applying selected formed by a central authority. Typically, sector/subsector will be given horizontal criteria, from the this can be coordinated by the respec- as input to Step 3 for the risk following list: tive competent body for the protection assessment of possible critical - Geographic scope: The of national CIs. services per sub-sector. scope of the area to be affected by Results. The initial list of critical an event. sectors/subsectors will be given as STEP 3: Evaluation of poten- - Human losses: The input to Step 2 and Step 3. tial critical services number of victims and/or injured people. STEP 2: Identify potential Short description. Possible critical - Economic impact: The critical services per sector/ elements from previous steps (sub- impact in a macro and/or macro- subsector sector and/or services by sub-sec- social level. tor) are assessed and prioritized - Environmental impact: Short description. For each critical using specific criteria. Initial Long-term environmental effects. area, potential critical services parameters that can be considered - Consequences for the are identified. The list compiled for the evaluation of potential public: Impact of events affecting from Step 1 can be considered as critical subsectors/services are: the people, which does not directly initial parameter in the process of - The initial list of possible relate to any of the previous criteria. identifying potential critical services critical Sectors/Subsectors from Step 3.2. Temporal effects per sector/sub-sector, along with Step 1. analysis. The following are good-practices from EU members - The initial list of potential evaluated for each critical service: which are mature enough when it critical services from Step 2 (this (a) the time required for the comes to implementing strategies list may include the list from Step manifestation of maximum impact for the protection of national CIs. 1). and (b) the time required to fully Implementation. There are two - The non-binding guidelines restore a service after a possible

34 ENERGY INFRASTRUCTURES SECURITY

attack manifestation. service, a list of involved owners- Council 2008b): Time analysis is used for the managers is compiled, from which - Technical properties. classification of critical services (or in collaboration with whom) For example, quantifiable cha- within each level of criticality as a second list of the most critical racteristics, such as dimensions, a criterion for assessing indirect subsystems that support this capacities, distances, speed, data criticality (Step 3.3). service is compiled. volume, etc. Step 3.3. Indirect criticality rating. Implementation. According to the - Nontechnical properties. Any possible critical service is also approach proposed by the EPCIP For example, identifiable features analyzed based on the indirect framework (EU Council, 2008; such as recovery time, recovery effects that can cause during a 2008b), certain criteria must be costs etc. failure scenario. Indirect effects applied at each sub-sector for the To identify a subsystem as de¬pend on two factors: characterization of a subsystem potentially critical, it should - Dependencies of the as a possible CI inside a service exceed a predetermined threshold service in question with other (Step 4.1). This is to check whether (threshold) concerning the values critical services. a subsystem meets at least one of some sectoral criteria. - The required time needed horizontal criticality criterion (Step Step 4.2: Application of Horizontal for maximum impact realization 4.2). Criteria: For each subsystem that and restoration of the specific Results. This step provides a list provides essential services, we service (Step 3.2). of the most critical subsystems per assess the severity that its loss or Evaluation of indirect criticality is service. This is a list of national dysfunction would have on society. performed by utilizing one or more CIs, according to the 114/2008/EC A subsystem is critical when it horizontal criteria, from Step 3.1. Directive. As part of a National CI meets at least one of the horizontal Results. The list of prioritized sub- Protection Program, CI owners- criticality criteria, concerning the sectors and services per sub-sector, managers in collaboration with direct (Step 3.1) or indirect criticality as well as a table of interdepen- a qualified national body must (Step 3.2). dencies between sub-sectors/ identify the most important assets Also, criticality evaluation takes services will be provided as input to per critical subsystem and develop into account parameters such Step 4, to assess the criticality of Operation Security Plans (OSP) as the availability of alternatives, (sub) systems per critical service. and Contingency Plans (CP) to the turning-point for "painful" This step determines a list of protect the CIs (Annex II - 114/ consequences, as well as the time possible European critical sectors/ 2008 /EC Directive). needed for recovery. subsectors or services. For each Step 4.1: Sectoral Application horizontal criterion to be applied, Criteria: Sectoral criteria are STEP 5: Periodic reassess- criticality levels are described using technical or operational criteria ment of critical infrastruc- a quality scale (e.g. Low, Medium, used to identify potential critical ture High). For each level, a minimum subsystems. These criteria do quantitative impact threshold is set not report, although hint, potential Short description. All critical and . repercussions (e.g. obstruction or relevant factors concerning the STEP 4: Evaluating Critical shutdown of a subsystem). Instead, criticality of a CI and relevant (sub) systems per service. they only refer to certain inherent services should be reassessed characteristics. In particular, the after some time by applying all Short description. For each critical sectoral criteria may refer to (EU steps of the methodology at regular

35 ENERGY INFRASTRUCTURES SECURITY

intervals. corresponds to the most negative sector’s services must be tested Input data. All results of the previous potential effect that is likely to occur. using corresponding sectoral evaluation of critical components Also when we applied the criteria, criteria. (sectors, sub-sectors, services, there happened to be some cases systems). where the assessment could not Evaluation of the ICT sector Implementation. The reassessment get unique value assignments, may be general (step 1, taking into thus values were assigned on the The ICT sector includes the account the previous critical services 1-2 impact scale. When a qualified Telecommunications and list), or may refer to a particular national body implements a full Information Technologies sector/subsector (step 3) or service version of the above methodology, subsectors. Tables 7 presents the (step 4). The reassessment scope every service criterion should be evaluation of these subsectors. is determined by a qualified body assigned only one scale value. Based on the application of the in collaboration with stakeholders. evaluation criteria and taking into The need for reassessment should Evaluation of the Energy account the record from providers/ be determined on a mid-term Sector operators per service, our basis; the period must be fixed in evaluation provided the following: advance, regardless of whether The Energy Sector includes the • The Communications sub- changes in the collected data occur following sub-sectors: Electricity, sector has increased im-pact or not. Oil and Natural Gas. Table 4, 5 and in Greece. All services showed Results. The amended list of 6 summarize the evaluation of each that they are of high criticality, critical elements and CIs or the sub-sector and key dependencies both in direct and in indirect update of the previous assessment recorded, incoming and outgoing, evaluations of dependencies. of critical components (domains, by sub-sector. The Communications sub-sector subdomains, services and systems. Based on the application of the services depend to a large extent, evaluation criteria and taking into from a single provider (OTE). Applying evaluation criteria account the record from providers/- • Concerning the temporal analysis on candida-te national CIs operators per service, our of impact, impact analysis shows evaluation provided the following: that both the voice/data com- After establishing all parameters • In the Electricity sub-sector all munication services and the for evaluating potential CIs, the services are assessed as high provision of Internet services description of the national CI criticality, both for direct and present fast impact effects but rapid assessment methodology is indirect dependencies. To a large recovery times, thus fall within the complete and will now be applied to extent, they also depend on only same priority level recovery. the Greek Energy and ICT sectors. one provider/IM (PPC). It should be noted here that during • Concerning the temporal analysis the implementation of the horizontal of impact, the Production and evaluation criteria, the estimated Distribution services have higher impact always refers to the worst- priority than the electricity market case scenario. Therefore, when service, as far as recovery time is analyzing potential impact values concerned. listed in the tables below, the • At the subsystems level, all value attributed to each impact subsystems used to support this

36 ENERGY INFRASTRUCTURES SECURITY

Table 4 Application of Criteria - Electricity Subsector

Table 5 Application of Criteria - Oil Subsector

37 ENERGY INFRASTRUCTURES SECURITY

Table 6 Application of Criteria - Natural Gas Subsector

Table 7 Application of Criteria - Telecommunications Subsector

38 ENERGY INFRASTRUCTURES SECURITY

References

EU Commission (2006). Communication from the Commission on a European Programme for Critical Infrastructure Protection COM (2006) 786 final. Retrieved from: EU Commission (2010). European Commission, Europe 2020. A strategy for smart, sustainable and inclusive growth, COM (2010) 2020, Brussels 3.3.2010. EU Commission (2012). European Commission, staff working document on the review of the European Programme for Critical Infrastructure Protec- tion (EPCIP), Brussels. Retrieved from: EU Commission (2013). European Commission, staff working document on a new approach to the European Programme for Critical Infrastructure Protection making European Critical Infrastructures mo¬re secure), Brussels, Belgium. Retrieved from: EU Commission (2013b). European Commission, Proposal for a Directive of the European Parliament and of the Council concerning measures to ensure a high common level of network and information security across the Union, COM(2013) 48 final. http://ec.europa.eu/newsroom/dae/ document.cfm? doc_id=1666 EU Commission 149 (2009). European Commission. “Protecting Europe from large scale cyber-attacks and disruptions: enhancing preparedness, security and resilience”. Com(2009) 149 final, EU Council (2007). Council of the European Union, Adoption of the Council Conclusions on a European Programme for Critical Infrastructure Pro- tection. Retrieved from: EU Council (2008b). Council of the European Union, Non-Binding Guidelines for the application of the Directive on the identification and designation of European Critical Infrastructure and the assessment of the need to improve their protection, Brussels [14808/08]. Retrieved from: EU Council (2008c). Proposal for a COUNCIL DECISION on a Critical Infrastructure Warning Information Network (CIWIN). COM(2008) 676 final. Available from: http://ccpic.mai.gov.ro/docs/COM(2008)676 final CIWIN_EN.pdf Faily S., Lykou G., Partridge A., Gritzalis D., Mylonas A., Katos V., “Human-Centered Specification Exemplars for Critical Infrastructure Environments”, in Proc. of the 30th British Human Computer Interaction Conference (HCI-2016), July 2016. Faily S., Stergiopoulos G., Katos V., Gritzalis D., “Water, water, everywhere: Nuances for a Water Industry Critical Infrastructure specification ex- emplar”, in Proc. of the 10th International Conference on Critical Infrastructures Security (CRITIS-2015), pp. 243-246, Springer (LNCS 9578), Germany, October 2015. FC (2009). Federal Council’s Basic Strategy for Critical Infrastructure Protection, Basis for the national critical infrastructure protection strategy. Confédération Swisse, 18 May, 2009. http://www.bevoelkerungsschutz.admin.ch/internet/bs/en/home/themen/ski.parsysrelated1.82246.down- loadList.42043.DownloadFile.tmp/grundstrategieski20090518e.pdf FC (2009b). Critical Infrastructure Protection - Second Report to the Federal Council and Measures for the Period 2009–2011. Federal Office for Civil Protection, 18 May, 2009. http://www.bevoelkerungsschutz.admin.ch/internet/bs/en/home/themen/ski/publikationen_ski.parsys.60516. downloadList.59025.DownloadFile.tmp/2berichtski20090605e.pdf French Strategy (2015). French national digital security strategy. French Republic, 2015. From: FRG (2009). National Strategy for Critical Infrastructure Protection (CIP Stra¬te¬gy). Federal Ministry of the Interior, Federal Republic of Germany. Berlin, June 17, 2009. Klaver, M. H. A., Luiijf, H. A. M., & Nieuwenhuijsen, A. H. (2011). RECIPE: Good practices manual for CIP policies, for policy makers in Europe. Avail- able from: http://www.oiip.ac.at/fileadmin/ Unterlagen/Dateien/Publikationen/FINAL_RECIPE_manual.pdf Kotzanikolaou P., Theocharidou M., Gritzalis D., “Accessing n-order dependencies between critical infrastructures”, International Journal of Critical Infrastructure Protection, Vol. 9, Nos, 1-2, pp. 93-110, 2013. Kotzanikolaou P., Theocharidou M., Gritzalis D., “Cascading effects of common-cause failures on Critical Infrastructures, in Proc. of the 7th IFIP International Conference on Critical Infrastructure Protection (CIP-2013), pp. 171-182, Springer (AICT 417), USA, March 2013. Kotzanikolaou P., Theocharidou M., Gritzalis D., “Interdependencies between Critical Infrastructures: Analyzing the Risk of Cascading Effects”, in Proc. of the 6th International Workshop on Critical Infrastructure Security (CRITIS-2011), pp. 107-118, Springer (LNCS 6983), Switzerland, September 2011. Lebau-Marianna, D., & E. Roger (2015). France – three decrees reinforced the safety obligations of Operators of Vital Importance. July 8, 2015. Livre Blanc (2013). Défense et sécurité nationale, République Francaise, 2013. From: Luiijf, E., Burger, H., & Klaver, M. (2003). Critical infrastructure protection in the Netherlands: A Quick-scan. In EICAR Conference Best Paper Pro- ceedings (Vol. 19). EICAR, Denmark. MSB (2011). A first step towards a national risk assessment. Swedish Civil Contingencies Agency-MSB, Sweden, 2011. On-line: https://www.msb.se/ RibData/Filer/pdf/26189.pdf MSB (2014). Action Plan for the Protection of Vital Societal Functions & Critical Infrastructure. Swedish Civil Contingencies Agency (MSB), Risk & Vulnerability Reduction Department https://www.msb.se/RibData/Filer/pdf/27412.pdf Polemi D., Ntouskas T., Georgakakis E., Douligeris C., Theocharidou M., Gritzalis D., “S-Port: Collabo¬rative security management of Port Infor- mation Systems”, in Proc. of the 4th International Conference on Information, Intelligence, Systems and Applications (IISA-2013), IEEE Press, Greece, July 2013. Renda, A., & Hammerli, B. (2010). Protecting critical infrastructure in the EU. CEPS Task Force Report http://ccpic.mai.gov.ro/docs/Critical Infrastruc-

39 ENERGY INFRASTRUCTURES SECURITY

ture Protection Final A4.pdf Salonikias S., Mavridis I., Gritzalis D., “Access control issues in utilizing Fog Computing for Transportation Infrastructures”, in Proc. of the 10th Inter- national Conference on Critical Infrastructures Security (CRITIS-2015), pp. 1-12, Springer (LNCS 9578), Germany, October 2015. Stergiopoulos G., Kotzanikolaou P., Theocharidou M., Gritzalis D., “Risk mitigation strategies for Critical Infrastructures based on graph centrality analysis”, International Journal of Critical Infrastructure Protection, Vol. 10, pp. 34-44, September 2015. Stergiopoulos G., Kotzanikolaou P., Theocharidou M., Gritzalis D., “Using centrality metrics in CI dependency risk graphs for efficient risk mitigation”, in Proc. of the 9th IFIP International Conference on Critical Infrastructure Protection (CIP-2015), Springer, USA, March 2015. Ster¬giopoulos G., Kotzanikolaou P., Theocharidou M., Lykou G., Gritzalis D., “Time-base critical infrastructure dependency analysis for large-scale and cross-sectoral failures”, Ιnternational Journal of Critical Infrastructure Protection, Vol. 12, pp. 46-60, March 2016. Stergiopoulos G., Vasilellis S., Lykou G., Kotzanikolaou P., Gritzalis D., “Critical Infrastructure Protection tools: Classification and comparison”, in Proc. of the 10th International Conference on Critical Infrastructure Protection (CIP-2016), USA, March 2016. Theocharidou M., Kandias M., Gritzalis D., “Securing Transportation-Critical Infrastructures: Trends and Perspectives”, in Proc. of the 7th IEEE Inter- national Conference in Global Security, Safety and Sustainability (ICGS3-2011), pp. 171-178, Springer (LNICST 99), Greece, 2012. Theocharidou M., Kotzanikolaou P., Gritzalis D., “A multi-layer criticality assessment methodology based on interdependencies”, Computers & Secu- rity, Vol. 29, No. 6, pp. 643-658, 2010. Theocharidou M., Kotzanikolaou P., Gritzalis D., “Risk assessment methodology for interdependent Critical Infrastructures”, International Journal of Risk Assessment and Management, Vol. 15, Nos. 2/3, pp. 128-148, 2011. UK (2010). Strategic Framework and Policy Statement on Improving the Resilience of Critical Infrastructure to Disruption from Natural Hazards.

George STERGIOPOULOS Senior Researcher Athens University of Economics & Business, Greece

Dr. George Stergiopoulos ([email protected]) is a Senior Researcher and a Project Manager with the Information Security and Critical Infrastructure Protection (INFOSEC) Laboratory (www.infosec.aueb.gr) and an Adjunct Lecturer at the Dept. of Informatics of the Athens University of Economics and Business, Greece. He holds a Ph.D. (Software Security and Critical Infrastructure Protection) and a M.Sc. (Information Systems), both from Athens University of Economics and Business, (Greece), and a B.Sc. (Informatics) from the University of Piraeus (Greece). His professional experience includes working as Risk Assessment Consultant in projects using ISO-certified methodologies for developing enterprise Security Plans, Business Continuity Plans, and assessing enterprises against IT threats and risks through governance, compliance, identification, and validation. He also works as IT Security Penetration Tester. His current research interests focus on Critical Infrastructure Protection, Risk Assessment, Application Security and Software Engineering.

Manos MAGKOS Associate Professor Ionian University, Greece

Dr. Kotzanikolaou ([email protected]) is an Assistant Professor in Network Security & Privacy with Dr. Manos Magkos ([email protected]) is an Associate Professor with the Dept. of Informatics of the Ionian University, Greece and a Member of the Networks, Multimedia and Security Systems Laboratory (NMSLab) of this department (http://nmslab.di.ionio.gr/). He holds a B.Sc. (Computer Science, Univ. of Piraeus, Greece) and a Ph.D. (Computer Security and Cryptography, U¬niv. of Piraeus, Greece). His current research focus on Critical Infrastructure Protection, Cyber-Security Training, Privacy-Preserving Data Mining, Location Privacy and Anonymous Authentication.

40 ENERGY INFRASTRUCTURES SECURITY

Dimitris GRITZALIS Professor & Associate Rector Athens University of Economics & Business, Greece

Prof. Gritzalis ([email protected]) is the Associate Rector of Athens University of Economics & Business (Athens, Greece) and a Professor in ICT Security with the Dept. of Informatics. He currently serves as Chairman of the University Research Centre, Director of the Information Security and Critical Infrastructure Protection (INFOSEC) Laboratory (www.infosec.aueb.gr) and Director of the Master’s Programme on Information Systems. Prof. Gritzalis holds a B.Sc. (Mathematics, Univ. of Patras, Greece), a M.Sc. (Computer Science, City University of New York, USA) and a Ph.D. (Information Systems Security, Univ. of the Aegean, Greece). He has served as Associate Commissioner of the Greek Data Protection Commission and President of the Greek Computer Society. He has provided services, in an Expert’s or Evaluator’s capacity, for international organizations (ANVUR, CEN, European Union Joint Research Centre, EUROPOL, etc.). His current research interests focus on Critical Infrastructure Protection, Risk Assessment, Social Media Intelligence and Smartphone Security. He is the Academic Editor of the Computers & Security journal (Elsevier) and the Scientific Editor of the International Journal of Critical Infrastructure Protection (Elsevier).

Panayiotis KOTZANIKOLAOU Assistant Professor University of Piraeus, Greece

Dr. Kotzanikolaou ([email protected]) is an Assistant Professor in Network Security & Privacy with the Dept. of Informatics at the University of Piraeus, Greece. He is, also, a Senior Member of the Information Security and Critical Infrastructure Protection (IN¬FOSEC) Laboratory (www.infosec.aueb.gr) of Athens University of Economics & Business, Greece. He holds a B.Sc. (Informatics, Univ. of Piraeus, Greece) and a Ph.D. (ICT Security, Univ. of Piraeus, Greece). He holds various professional certifications in Information Security (CISSP, ISO 27001 Lead Auditor). Dr. Kotzanikolaou has served as a Security Auditor at the Hellenic Authority for the Security and Privacy in Communications (ADAE). He has also worked as a Security Consultant in the private sector, and has participated in various national and European R&D projects. His current research interests include Security and Privacy in Next Generation Networks, Critical Infrastructure Protection and Applied Cryptography. Georgia Lykou Researcher Athens University of Economics & Business, Greece

Georgia Lykou ([email protected]) is a Researcher and a Ph.D. candidate with the Dept. of Informatics of the Athens University of Economics & Business, Greece, and a Member of the Informati¬on Security and Critical Infrastructure Protection (INFOSEC) Laboratory (www.infosec.aueb.gr) of the department. She holds a B.Sc. (Computer Science, Hellenic Open University, Greece), a B.Sc. (Energy Technology Engineering, TEI of Athens, Greece), a M.Sc. (Information Systems, Athens Univ. of Economics & Business, Greece), and a M.Sc. (MBA, Athens University of Economics & Business, Greece). She is currently an Engineer with the Hellenic Civil Aviation Authority (HCAA). She has also served as Engineer with the Ministry of National Defence. Her current research interests focus on ICT Security, Critical Infrastructure Protection and Risk Assessment.

41 TECHNOLOGICAL ISSUES

Securing Maritime Logistics and Supply Chain: The Medusa and MITIGATE approaches

● Dr. Spyridon Papastergiou Dpt. of Informatics, University of Pireaus, Karaoli & Dimitriou 80, 18534 Pireaus, Greece, [email protected] ● Associate Professor Nineta Polemi Director of UNIPI Security Lab, Department of Informatics, University of Piraeus, Karaoli & Dimitriou 80, 18534 Pireaus, Greece, [email protected], [email protected]

Abstract (MLoSC), both in terms of the num- GATE. ber of stakeholders and in terms of During the last couple of years, we the complexity and interdependencies Keywords have witnessed the emergence of of the cyber assets involved. In this early initiatives that attempt to deal paper, the authors present the main Risk Assessment; Maritime Logistics with the risks and vulnerabilities of the outputs and results of two European and Supply Chain Services; Critical Maritime Logistics and Supply Chain research projects MEDUSA and MITI- Information Infrastructures (CIIs).

42 TECHNOLOGICAL ISSUES

1. Introduction in the scope of three specific multi- of state-of-the-art risk management sector cross-border Supply Chain Ser- frameworks. The Maritime Logistics and Supply vices (Container Cargo Management In this paper, the authors will describe Chain (MLoSC) are characterized by Supply Chain, Vehicle Transport Sup- the main outputs and results of two significant interdependencies of differ- ply Chain and Liquefied Natural Gas European research projects MEDUSA ent types and nature (operational, (LNG) Transport Supply Chain). funded under the Security-related business, physical, cyber, information- However, maritime of the digital era Risks Programme of the European al, social, etc.) among the actors (e.g. has become highly dependent on ICT- Union for the protection of the critical port authorities, ministries, maritime enabled components to operate. The infrastructure and MITIGATE funded companies, ship industry, customs increasing use of IT systems requires under the European programme agencies, maritime/ insurance com- a paradigm shift in the way it assesses (H2020) for Cyber security. panies and other Critical Infrastruc- risks and vulnerabilities. Most existing tures (e.g. transport networks, energy risk management methodologies are 2. Medusa methodology and networks, telco networks) involved in mostly focused on physical-security system these operations in any way. For ex- aspects ignoring the complex nature ample, an entity could be dependent of the ICT systems and assets used The MEDUSA project has introduced on receiving a process or infor-mation in the maritime sector (e.g., SCADA), a supply chain risk assessment meth- from another entity or organization as along with their interrelationships. For odology at organisational level com- an input to one of its critical business example MEDUSA approach cannot prising of 7 main steps (Step 0: Scope processes. However, if a security-re- be considered as an IT oriented risk of the SC Risk Assessment, Step 1: lated incident occurs in one entity this assessment methodology since it does Analysis of the SCS, Step 2: Threat may affect the operation of the whole not support an integrated and effective Scenario identification, Step 3: Threat MLoSC. security management, evaluation and Likelihood Analysis, Step 4: Conse- The main issue is that most of the ac- mitigation of IT-based risks; actually quence Analysis, Step 5: Risk As- tors involved in the MLoSC use differ- it is a supply chain risk assessment sessment and Step 6: Cascading Risk ent risk management methodologies methodology at organizational level. Assessment) that is compliant with to identify and classify their threats Thus, there is a clear need for rethink- ISO28001. The proposed approach and vulnerabilities and measure the ing risk manage-ment in the MLoSC. aims to assess, for a given a Supply corresponding risks. However, despite To this end, sophisticated global risk Chain Service (SCS) the partial risk for the advancement of risk assessment assessment frameworks that can deal each business partner, the overall risk methodologies for Critical Infrastruc- with cascad-ing effects risks, threats for the SCS and the cascading risks for tures (CIs), most available frameworks and vulnerabilities of ICT-based mari- various dependency scenarios, and fi- are limited to the strict corporate and time supply chain are needed. In this nally to propose an effective strategy business boundaries without address- vain, the MITIGATE project (www.miti- of controls to mitigate those risks that ing the spectrum of threats and their gateproject.eu/) targets to contribute to are considered unacceptable. various cascading effects that are as- the effective protection of the MLoSC The MEDUSA methodology is imple- sociated with security incidents occur- that arises from the ICT interconnec- mented in an inno-vative, scalable ring from interacting entities. Having tions and interdependencies of a set Risk Assessment environment (Fig. identified this gap, the Medusa project of maritime entities. The main goal of 1) which adopts a set of flexible and (medusa.cs.unipi.gr/) focuses on the MITIGATE is to realize a radical shift configurable functions and processes protection of the port supply chain, in in risk management methodologies for which constitute the fundamental el- particular, its main objective is to de- the maritime sector towards a collab- ements for building a solution that fine a methodological approach for the orative evidence-driven Maritime Sup- facilitates the effective and efficient identification and evaluation of multi- ply Chain Risk Assessment (g-MSRA) evaluation of various threat scenarios order depend-encies of security risks, approach that alleviates the limitations associated with the MLoSCs as well

43 TECHNOLOGICAL ISSUES

as the estimation and remediation of on treemaps, graphs, histograms, etc., als trained on the func-tionality and their possible consequences. which greatly facilitate the explora- services of the MEDUSA system (in- In order for the proposed system to tion and identification of the relevant cluding Valencia port Foundation, Port meet its objectives, it integrates a set threats and risks. Authorities of Alicante and Castellon of primary components. From a tech- • The Simulation Environment and Piraeus Port Authority) and about nical perspective, the main compo- incorporates a set of ICT tool that 123 of them have used the system to nents are the follow-ing: undertake the responsibility to design identify and assess the threat scenari- • The Risks, Assets and De- and execute risks and threats simu- os and risks associated with the SCSs pendencies Modellers integrates a col- lation experi-ments that facilitate the in which their organization participate. lection of semantic structures (nota-bly analysis, assessment and mitigation ontologies/taxonomies) to represent of various threats and risks associated 3. MITIGATE methodology the interac-tions, interrelations and with the examined SCSs. The sup- and System dependencies in the key issues, fac- ported functionalities of this compo- tors, indicators required for the model- nent provide access to the simulation Traditionally, in the existing literature, ing and execution of risk management results for further analysis and use, as the analysis and evaluation of the cy- scenarios. In particular, this module well as for the formulation of effective ber risks are based on a straightfor- implements algorithms for identifying mitigation plans. ward approach that combines a set and modelling the multi-order depen- The aforementioned components are of parameters and features such as dencies of the different business part- provided through customized intuitive the likelihood of a security event and ners (CIIs and maritime entities etc.), and interactive Web Interfaces (includ- the consequences of the event itself, in the scope of multi-sector cross-bor- ing interactive screens, online forms, the exploitation level of a vulnerability der scenarios. Dynamic Questionnaires) to repre- etc. The MITIGATE project aims to • The Impact Analysis and Vi- sent the scenarios and steps as well support the risk analysis with rational sualization Tools em-bodies mecha- as the information and content (e.g. decision mak-ing, in particular, its pur- nisms, procedures and interfaces to requirements, rules, obligations, and suit is to promote a more rigor-ous, provide an in-depth and accurate diag- recommendations of the standardiza- rational approach that gathers, criti- nostic of various threat scenarios and tion framework and regime) required cally appraises and uses high quality security events related to the exam- by the supported risk assessment rou- research evidence to enhance the risk ined Supply Chain Services. These tines and functions. assessment process. This is achieved tools incorporate methods, algorithms, The MEDUSA methodology and sys- by treating the resolution of the ICT standards and technologies for enu- tem has been tested and evaluated by MLoSC risks as a dynamic experimen- merating, describing, measuring/ a large number of Supply Chain stake- tal environment that can be optimised quantifying, and encapsulating data holders as well as individuals (such involving all relevant maritime actors. required by an integrated risk analysis as Port operators, Ports’ Security Of- Mitigate approach based on simula- process (such as threats identification, ficers, government officials, leading tions facilitates the identification, anal- estimation of impact, evaluation of experts from the Maritime, Oil and ysis, assessment and mitigation of the threats and determination of the cor- Gas sector, IT professionals and Se- organization-wise and interdependent responding risks). curity and risk management experts) cyber threats and risks. In addition, these tools provide the engaged in the process of evaluating In this vein, MITIGATE has introduced means for a quick and visual refer- the capacity of the Medusa methodol- an evidence-driven Maritime Supply ence to risk values. In particular, they ogy and system (http://medusascsra. Chain Risk Assessment (g-MSRA) provide a visualization approach for cs.unipi.gr/) to meet their objectives. methodology which predict all pos- visually browsing the analysis results In particular, more than 400 port op- sible at-tacks/threats paths and pat- and identifying threat scenarios that erators, government officials, leading terns arising from the global MLoSC, are applicable to various parts of the experts from the Maritime, Oil and including threats associated with CIIs SCSs. The visualizations are based Gas sector and IT security profession- interde-pendencies and associated

44 TECHNOLOGICAL ISSUES

Fig. 1: MEDUSA Supply Chain Risk Assessment System cascading effects. The proposed ap- riety of data sources and data types the project’s risk assessment system proach emphasizes the collaboration (e.g. vulnerabili-ties) retrieved from that enable maritime agents to: of various stakeholders in the identi- online repositories; (ii) pioneering • Identify and model assets, fication, assessment and mitigation mathematical techniques for predict- processes, risks, stake-holders’ rela- of risks associated with cyber-security ing and analyzing threats patterns; tionships/interactions and dependen- assets and international supply chain (iii) innovative visualization and simu- cies. processes. lation techniques, which will optimize • Design, execute, analyze In addition, the project has developed the auto-matic analysis of diverse and optimize risks and threat simula- an effective, collaborative, standards- data; and (iv) innovative game theory tion experiments that will produce the based risk management (RM) system techniques in order to link optimization appropriate evidence, information, in- (Fig. 2) that enables the involvement and simulation. All these technologies dicators, fac-tors and parameters. and participation of all stakeholders and techniques have been combined • Exploit the simulation re- (e.g., port security operators, port for implementing a variety of services sults towards formulate of effective facility operators, and supply chain (Collaborative Risk Assessment and evidence-based mitigation plans. participants) in the cyber-security Mitigation Services, Open Simulation Note that the MITIGATE system and management. This system has been Environment (ORASE) and Simula- the accompanying services are char- empowered by a range of: (i) rea- tion Services, Risk and Vulnerability acterized by flexible, innovative, user- soning, data mining, crowd-sourcing Visualization Services and Prediction, friendly and ergonomic interfaces, and BigData analytics techniques Forecasting, Social Engineering and which will enable end-users to execute that incorporate and leverage a va- Open Intelligence Services) as part of simulations without the need to delve

45 TECHNOLOGICAL ISSUES

Fig. 2: MITIGATE Supply Chain Risk Assessment System

into the low-level details of the adopt- 4. Conclusions therefore opened new horizons in the ed mathematic models. area of MLoSC’s security, through pro- Special emphasis has been put in Despite the proliferation and advance- ducing and sharing knowledge associ- ensuring the compli-ance of the MITI- ment of risk as-sessment method- ated with the identification and assess- GATE risk management methodology ologies for Critical Information Infra- ment of cascading effects in the global and of the associated collaborative structures (CIIs) most risk assessment MLoSC, with a view to predicting po- security manage-ment system with ex- frameworks do not adequately address tential problems but also to minimize isting security standards (e.g. ISPS, the various casdading effects that are the consequences of diverge security ISO27001, ISO27005, ISO28000, associated with security incidents oc- incidents. CCIIP). Com-pliance to these stan- curing from interacting entities. This dards will ensure that MITIGATE will gap is very critical in the case of 4. Acknowledgements be directly contributed to the NIS* MLoSC’s security, given that these public-private platform (Network Infor- chains are characterized by significant This work has received funding from mation Security Platform). In-deed, interdependencies at multiple levels the European Union’s Horizon 2020 MITIGATE aims at becoming a best (infrastructural, national/intra-sec- research and innovation pro-gramme practice standards-compliant blueprint toral). The main goal of the MEDUSA under grant agreement No 653212, infrastructure for cyber-security man- and MITIGATE projects is to alleviate project MITIGATE. The authors of this agement in the maritime sector, which the above-mentioned gap, through paper would like to thank the Univer- will consider and predict threats aris- introducing, specifying and validating sity of Piraeus Research Center for ing from the whole MLoSC. multi-dependency approaches to risk the financial support of this research assessment. These projects have paper.

46 TECHNOLOGICAL ISSUES

References

ISO, “ISO 27001: Information Security Management System Requirements”, Geneva, Switzerland 2013. ISO, “ISO 27005: Information security risk manage-ment”, Geneva, 2011. ISO, “ISO 28001: Security management systems for the supply chain — Best practices for implementing supply chain security, assessments and plans — Requirements and guidance”, Geneva, Switzerland, 2007. NIST, “Notional Supply Chain Risk Management Prac-tices for Federal Information Systems, http://nvlpubs.nist.gov/nistpubs/ir/2012/NIST.IR.7622. pdf Polemi, D. and Papastergiou, S. “Current efforts in Ports and Supply Chains Risk Assessment” IEEE Proceedings of the 10th International Confer- ence for Internet Technologies and Secure Transactions, London, U.K. 2015 Papastergiou, S., Polemi, D. and Papagiannopoulos I.. “Business and threat analysis of Ports’ Supply Chain Services”. Special Session on “Inno- vative Risk Management Methodologies and Tools for Critical Information Infrastructures (CII)” within the 6th International Conference on Digital Human Modeling and Applications in Health, Safety, Ergonomics and Risk Management (HCI International 2015), 2-7 August, 2015, Los Angeles, CA, USA. Polemi, N., Kotzanikolaou, P. “Medusa: A Supply Chain Risk Assessment Methodology, CSP Forum “ Cyber Security and Privacy Innovation Forum” 28-29/4/15 https://www.cspforum.eu/2015, Lecture Notes, Springer Verlag, 2015 Papastergiou, S. and Polemi, N. “Harmonizing com-mercial port security practices & procedures in Mediterranean Basin”. Special Session on “Secure and Sustainable maritime digital environment” within The Fifth International Conference on Information, Intelligence, Systems and applications (IISA 2014), July 07th 2014, Chania Crete, Greece. Papastergiou, S. and Polemi, N. “Harmonizing com-mercial port security practices & procedures In Mediterranean Basin” SSMDE: Secure and Sustainable maritime digital environment, IISA 2014, Springer Verlag 2014 Makrodimitris, G., Polemi, N., Douligeris, C. “Security Risk Assessment Challenges in Port Information Technology Systems”, Volume 441 of the Communi-cations in Computer and Information Science series., 2014. Pederson, P., Dudenhoeffer, D., Hartley, S., and Permann, M. “Critical Infrastructure Interde-pendency Modeling: A Survey of U.S. and International Research, INL, INL/EXT-06-11464, 2006. T. R. Peltier, “Information security risk analysis”, Auerbach Publications, 2001. Polemi, N. and Kotzanikolaou, P. (2015) “Medusa: A Supply Chain Risk Assessment Methodology”. In: Cyber Security and Privacy Forum (CSP2015), pp. 79-90, Springer International Publishing. Polemi, N., and Ntouskas, T., “Open Issues and Pro-posals in the IT Security Management of Commercial Ports: The S-PORT National Case”. SEC 2012: 567-572 Rinaldi, S.M., Peerenboom, J.P., Kelly, T.K., “Identifying, Understanding and Analyzing Critical Infrastructure Interdependencies”, IEEE Control Sys- tems, Dec. 2001, 11-25 Zio, E., and Sansavini, G., “Modeling Interdependent Network Systems for Identifying Cascade-Safe Op-erating Margins Interdependency”, IEEE Transac-tions on Reliability, vol. 60, no. 1, March 2011. MEDUSA (Multi-ordEr Dependency approaches for managing cascading effects in ports’ global sUpply chain and their integration in riSk Assesment frame-works) http://medusa.cs.unipi.gr/ MITIGATE ( Multidimensional, integrated, risk assess-ment framework and dynamic, collaborative Risk Management tools for critical information infrastruc-tures) http://www.mitigateproject.eu/

47 TECHNOLOGICAL ISSUES

Dr Spyros Papastergiou, University of Piraeus Research Center, Greece

Dr. Spyridon Papastergiou has received B.Sc. in Computer Science, M.S. degrees in Advanced Information Systems (Network Infor- mation Systems) and Ph.D. in Security, Privacy and Interoperability of m/e-services from the University of Piraeus, Greece in 2004, 2005 and 2009 respectively. Since October 2005, he is security researcher in the University of Piraeus Research Centre and member of the Information Security Laboratory at the Informatics Dept. of the University of Piraeus. His research interests lie in the areas of security, privacy and interoperability of mobile/electronic services, strategies for the anonymization of e/m transactions as well as assessment and management of risks and threats associated with Critical Infrastructures; he has authored over 20 publications in these fields. He has been involved in a set of European (e.g. SELIS/eTen, SWEB/IST, ImmigrationPolicy2.0, CYSM, DAEDALUS, Medusa, MITIGATE and OPERANDO) and national research projects (e.g. PENED2003 and S-PORT) and has active participation in six Cyber Defence Exercises organized by the Hellenic National Defence General Staff (1st, 2nd, 3rd and 4th National Cyber Defence Exercises (“PANOPTIS 2010”, “PANOPTIS 2011”, “PANOPTIS 2013” and “PANOPTIS 2014”), ENISA (European cyber defence exercises (CyberEurope 2014)) and NATO (NATO «CYBER DEFENCE EXERCISE 2010 (NCDEX 10)). In addition, he has worked for more than 6 years as Security Consultant specializing in Information Security Technology Implementation and Integration and Risk and Vulnerability Assessment.

Associate Professor Nineta Polemi Director of UNIPI Security Lab, Department of Informatics, University of Piraeus

Associate Professor Nineta Polemi has obtained the Degree in Applied Mathematics from Portland State University (USA), Ph.D. in Applied Mathematics (Coding Theory) from The City University of New York (Graduate Center). She held teaching positions in Queens College, Baruch College of City University of New York and the State University of New York. She acted as President of the BoD and Technical Manager in the security consultancy company, Expertnet. She is currently an Associate Professor in the Univer- sity of Piraeus (Dept. of Informatics) teaching cryptography, security of ICT systems, port security and e-business & innovation. Her current research interests are in the fields of security and collaborative, trustworthy e/m-services. She has over one hundred publications in the above areas and has organised numerous security scientific international events. She has received many research grants from various organizations such as the Danish Research Foundation, MSI Army Research Office/Cornell University, IEEE, State University of New York (SUNY), and The Graduate School of City University of New York (CUNY). She has been project manager (PM) / technical manger (TM) in security projects of various programmes such as National Security Agency (NSA), NATO, Dr. Nuala McGann Drescher Foundation, Greek Ministry of Defence, INFOSEC, TELEMATICS for Administrations, the last three (5th, 6th, 7th) Framework and Horizon2020 Programmes of the European Commission (E.C.) She has acted as an expert and evaluator in the E.C. and the European Network and Information Security Agency (ENISA). She is the director of the UPRC Dept. of Informatics security graduate programme and she participates in the national and European cyber security exercises in the last four years. She has many publications on maritime cyber security issues.

48 HIGH VISIBILITY EVENTS

Visit of COM NATO Special Operations HQ (NSHQ), Vice Admiral Colin Kilrain USA (N), 16 Feb 17

Visit of COM Naval Special Warfare Command (NSW), Rear Admiral Tim Szymanksi USA (N), 24 Mar 17

49 HIGH VISIBILITY EVENTS

Visit of Supreme Allied Commander Transformation (SACT), General Denis Mercier FRA (AF), 30 May 17

8th NMIOTC Annual Conference, 06 - 08 Jun 17

50 HIGH VISIBILITY EVENTS

Visit of Her Excellency Ambassador of Austria, Andrea Ikić Böhm, 30 Jun 17

Visit of COM Allied Maritime Command, Vice Admiral Clive Johnstone CB CBE (RN), 30 Jun 17

51 NMIOTC TRAINING

Training of the Lybian Coast Guard (EUNAVFORMED SOPHIA) 30 Jan - 09 Feb 17

Exercise NOBLE DINA, 23 - 26 Mar 17

52 NMIOTC TRAINING

Operation Sea Guardian / Opposed Boarding Exercise, 28 Apr 17

Training of NLD Maritime - Land EOD Team, 08 - 19 May 17

53 NMIOTC TRAINING

NATO Maritime Operations LAW SEMINAR, 29 May - 02 Jun 17

Exercise ADRION 2017 21 - 29 Jun 17

54 55 Hellenic Army Printing Office Hellenic

NMIOTC/ΚΕΝΑΠ Souda Bay 732 00 Chania Crete, Hellas

Phone: +30 28210 85710 Email: [email protected] [email protected]

Webpage: www.nmiotc.nato.int