Introduction of a Novel Risk based Approach in the Multimodal Transport Cyber Security Ecosystem

Context

The security of assets, services and people is threatened every day by intentional and unintentional events that can undermine their stability and integrity. Cyber threats are among these events and, in an increasingly digital and connected world, cybersecurity becomes an aspect of fundamental importance.

To get the scale of the problem, more than 800 million of malware infections were recorded in 2018 and the trend has increased during the last year as effect of the pandemic situation. In fact, this argument has been exploited to create a new attack scheme based on phishing emails with fake news about COVID-19 and with communications sent by fake representatives of the World Health Organization (WHO) in order to be more misleading for the users (as reported by Purplesec).

This and other attack methodologies are applied horizontally to different contexts and to different target profiles. These also include assets and subjects involved in strategic services, such as those in the transport sector. In this framework, CitySCAPE fits with the objective to provide a platform that offers high levels of security based on the NIS directive and other international standards (including ISO 27001). CitySCAPE will support companies and organizations in the transportation world to detect, identify and counter cyber-attacks. Furthermore, thanks to evaluation tools, it will be possible to evaluate the level of protection and optimally plan cybersecurity in order to limit as much as possible the negative impacts on the company and on the end users of the services offered.

CitySCAPE Financial impact and cost-benefit assessment

The CitySCAPE platform is consisting of different modules aimed assess the cybersecurity levels of the public transport organizations. Among these modules, STAM will strictly collaborate at the development of FIMCA (Financial impact and cost-benefit assessment) with the partners of the project, and especially with Engineering. FIMCA is a tool designed to assess the potential financial impact associated to the cyber-threats both on tangible and intangible assets. Indeed, the impact will be estimated considering:

  • The economic losses due to the disruption of a service.
  • The physical damage on the assets (i.e., repair and replacement costs).
  • The impact on the brand, reputation and human capital.
  • The security measures adopted.

FIMCA will base its assessments on the results of RITA’s risk assessment (i.e. Risk Analysis and Impact Assessment Tool) which will be used to estimate the economic impact. Thanks to FIMCA, the user will be able to evaluate possible solutions to reduce the financial impact. The user can create new configurations characterized by different security measures applied to the assets present. The selection of the security measures and the creation of the configuration are supported by FIMCA with different freedom degrees:

  • The user can manually select possible countermeasures for each asset of the organization. These are displayed in a table that the user can filter or sort according to her/his priorities, so as to more easily identify the most suitable ones.
  • The user can rely on the optimization algorithm embedded within the FIMCA calculation engine, able to provide some bundles consisting of a set of suggested countermeasures aimed at minimizing the financial impact and the overall risk. The user is free to apply the bundle and to modify it according her/to his priorities.

The new configurations created by the user will take into account the costs for the implementation and for the maintenance of the new countermeasures, which are key factors for a cost-benefit analysis.

Once the configurations are created, they will be shared with RITA to assess the related risk. As in a cyclical process, the results of the risk assessment produced by RITA will be processed again in FIMCA to carry out a quantitative risk assessment and an estimate of the financial impact for each configuration.

The cost-benefit analysis will be performed among the configurations created by the user. In order to assess the cost-effectiveness of the new configuration, FIMCA will compare the initial configuration with the new ones, taking into account both the financial impact calculated through RITA and the cost of the investment necessary for the implementation of the security measures.

FIMCA will be then a cost-benefit analysis tool based on an innovative, approach aimed to increase the cybersecurity awareness of organizations. FIMCA will support the user in the decision process, providing and suggesting a framework of applicable solutions with the aim of reducing the risk and the associated financial impact. The consideration of tangible and intangible assets makes it possible to take into consideration all the elements involved in the economic evaluation. Indeed, if for tangible assets it is almost exclusively a mere assessment of the economic damage to services or assets / data, in the case of intangible assets it is a question of estimating the impact on reputation and the damage to image which must also be quantified.