CitySCAPE
City-level Cyber-Secure Multimodal Transport Ecosystem
CitySCAPE will explore all different cybersecurity dimensions of multimodal transport. These dimensions will drive a characterization of the cyber-threats in the ICT multimodal transport, extended to the close-by power and financial sector. Innovative software tools will be introduced to estimate the cyber-threats propagation in the system.
The CitySCAPE Solution
CitySCAPE introduces innovative risk analysis techniques and orchestrates a number of software solutions to realize an interoperable toolkit that seamlessly integrates to any multimodal transport system.
More specifically, the CitySCAPE software toolkit will:
Detect suspicious traffic-data values and identify persistent cyber-threats
Evaluate a cyber-attack’s impact in both technical and financial terms
Combine external knowledge and internally-observed activities to enhance the predictability of zero-day cyber-attacks
Instantiate a networked overlay to circulate informative notifications to CERT/CSIRT and support their interplay.
Project Objectives
Project Objectives
- Enhance cybersecurity technologies in the multimodal passenger transportation ecosystem at city-level addressing users and data privacy concerns.
- Introduce risk analysis tools to identify cyber-threats and their propagation mechanism focusing on transport/digital infrastructure but also relevant in other NIS Directive critical sectors and assess the impact of a potential cyber-attack.
- Improve the proactive approach of handling cybersecurity challenges and actively contribute to the predictability of cyber-threats in (regional) multimodal transport systems
- Enhance end-user engagement towards the definition and provision of multimodal passenger transport requirements about digital security, privacy and personal data protection.
- Further strengthen the role of CERTs/CSIRTs by providing them with direct/real-time informative notifications about observed cybersecurity incidents and facilitate the collaborative investigation of incidents in line with the NIS Directive.
- Significantly contribute to multimodal transport standards and gain experimental evidence on the feasibility of security labelling in city-level multimodal transport.
- Showcase and validate the CitySCAPE solution efficiency in large scale pilot demonstrators involving all relevant entities and digital infrastructure of transport providers, under use cases of interest
- Analyse and outreach the multimodal transport security market to maximize the CitySCAPE footprint and exploitation.
Impact
Expected Impact
- CitySCAPE will offer the concrete technical basis for a unique opportunity of an efficient collaborative cyber-threat investigation among a broad set of CERTs/CSIRTs by introducing a platform capable of sharing information coming from different sources and therefore achieve the maximization of the CSIRT network added value; this helps realize the NIS Directive benefits and caters for future relevant legislation.
- CitySCAPE toolkit capabilities, relying on solid risk-analysis theoretical work and innovative online platforms for CSIRT collaborative incident investigation, will allow an accurate identification of so-far under-explored/hidden privacy risks serving the in-depth application of privacy-by-default principle and GDPR regulation in all city-level transportation stakeholders.
- With broad applicability over the whole spectrum of city-level transport cybersecurity challenges, CitySCAPE will introduce and validate an agile concept of a standalone interoperable solution to manage current cybersecurity/privacy risks across complex interconnected infrastructures, envisioning the concept’s broad adoption in the design of cybersecurity solutions, even beyond the city-level transport domain.
- A prominent CitySCAPE output will relate to the estimation of the cyber-attack impact on both technology and financial terms (of tangible/’non-tangible’ assets) that will drive a cost-benefit analysis on potential further investments to cybersecurity and privacy countermeasures; transport providers can take informed decisions and better protect their infrastructure and reputation due to CitySCAPE
- The CitySCAPE toolkit, backed-up by a solid vulnerability analysis, will be enabled to identify and track the potential path of a cyber-attack across the whole multimodal transport chain showcasing how a cyber-attack may unexpectedly affect modules that are not directly connected to its entry point; awareness of transport providers will therefore be raised.
- Beyond typical information sharing, the CitySCAPE capability of collaborative cyber-threat investigation will immediately strengthen the CERTs/CSIRTs link to the transportation stakeholders while the CitySCAPE dedicated security assurance framework will gradually reinforce trust links between transport actors.
- CitySCAPE will promote best practices in cybersecurity management solutions to the multimodal transport community and through training of security experts will seek to communicate their value and thus, increase their acceptance; similar messages will be transmitted to (public) transport authorities to shape security governance of transport organizations.
- CitySCAPE will leverage the standardization contributions and its training sessions as effective means to leverage the fast adoption of the cybersecurity and privacy best practises in the transport domain.
- CitySCAPE standardization will fill the gap in security labelling showcasing the solid basis of a mature EU market and rendering the compliance to standards a clear (future) path for commercial growth.
Consortium