ForCyS

Maritime infrastructures such as ports, shipping and offshore wind farms have become critical parts of modern societies. Their efficiency is continuously improved by means of automation and digitization. However, this comes at the cost of introducing cyber risks. The number and severity of successful cyber-attacks is constantly increasing with no change of trend in sight. This suggests most established cyber security practices do not meet the requirements of critical infrastructures and clearly indicates the urgent need for further research.

Goals and Methodology

The ForCyS project aims at the development of well-founded methodologies for the security evaluation of critical systems as a foundation for the future design and operation of cyber resilient maritime infrastructures. These methodologies will be specifically designed to remediate the imprecision, informality and the fragmented nature of most contemporary cyber security practices as far as possible. They will be embedded into a formal framework for the unification and analysis of models representing different views as required in the design, development and operation processes of critical systems. The unification of conceptually adjacent models will allow for the formal evaluation of complex properties across multiple domains, applications and layers of abstraction. It will also provide means of identifying missing links and underspecification, two major causes of ambiguities regarding the effectiveness of counter-measures and the significance of metrics in cyber security practices. As the models, transformations and calculations of the framework are specified and evaluated in a mathematically formal way, they will also serve as a toolset for the derivation of scientifically well-founded proof on the performance of cyber security practices.

Innovations and Perspectives

The formal methods developed as part of the ForCyS project enable novel technologies for cyber resilient maritime infrastructures. They should be employed to improve tools and workflows for system design, development and operation, as well as situational awareness platforms. Most importantly, they provide a well-founded basis for future cyber security research.