Guidance for ports: security and safety against physical, cyber and hybrid threats

The European Commission (EC) has funded the Scalable multidimensionAl sitUation awaReness sOlution for protectiNg european ports (SAURON) project to reduce the vulnerabilities of EU ports, as one of the main European critical infrastructures, and increase their systemic resilience in the face of a physical, cyber or combined cyber-physical threat. The goal of SAURON has been to provide a multidimensional yet installation-specific Situational Awareness platform to help port operators anticipate and withstand potential cyber, physical or combined threats to their businesses and to people. During the SAURON project port authorities and stakeholders stated that it would be very helpful to have generic guidance to help ports respond to the combined cyber-physical security threat. The goal of this paper is to help ports understand the hybrid cyber-physical security threat, and how to reduce port vulnerabilities, based on lessons from the SAURON project. The paper is structured in line with the International Ship and Port Facility Security (ISPS) Code Port Facility security assessment process, and relates port security planning based on the ISPS guidelines to insights and lessons from SAURON. This paper demonstrates the importance of understanding the interdependencies between the cyber and physical domains and improving security situational awareness when incidents (including deliberate attacks) cause cascading effects across these domains. Furthermore, the paper draws conclusions and makes recommendations to ports and policy makers to reduce the vulnerability of ports to hybrid cyber-physical attacks.