How Port Security Has to Evolve to Address the Cyber-Physical Security Threat: Lessons from the Sauron Project

How Port Security Has to Evolve to Address the Cyber-Physical Security Threat: Lessons from the Sauron Project

N.P.H. Adams R.J. Chisnall C. Pickering S. Schauer

InnovaSec Ltd, UK

Austrian Institute of Technology, Austria

Available online: 
| Citation



Ports are organisationally complex critical infrastructures that have to deliver reliable movement of goods and the safe transport of people. The EU is concerned that there is an increasing number of cases where ports have been subject to combined attacks on their IT and physical infrastructure for criminal gain or other malign purposes. The European Commission has funded the SAURON project (Scalable multidimensionAl sitUation awaReness sOlution for protectiNg European ports) to help protect European ports from a physical, cyber or a combined cyber-physical attack. The aim of this paper is to provide guidance on how port security needs to evolve to respond to the cyber-physical security threat, drawing on concepts developed in SAURON. This paper reviews the current port security approaches and the cyber-physical security threat and then assesses how new systems and technologies under development, including SAURON technologies, may help to reduce port vulnerabilities. For example, to detect combined attacks on port infrastructure in the physical and cyber domains and identify the cascading effects of an incident in both domains to enable effective countermeasures, the SAURON hybrid situational awareness tool incorporates inputs from the physical and cyber domains and analyses their interdependencies. The goal is that once a physical and/or cyber threat is detected, the potential consequences including cascading effects in both planes will be automatically shown to decision-makers in order to give them integrated situational awareness of what is happening and how the situation could evolve, thus supporting decision-making. The benefits of such approaches are described. Security technologies need to be complemented by effective security processes operated by personnel with appropriate training: the paper uses results of a table-top exercise supported by analysis of port user requirements to identify the importance of multidisciplinary training in combatting complex combined cyber-physical security threats.


port security, cyber security, physical security, cyber-physical security, situational awareness, training


[1] IMO Interim Guidelines on Maritime Cyber Risk Management, MSC.1/Circ. 1526– 2016.

[2] IMO resolution MSC.428(98) 2017, Maritime Cyber Risk Management in Safety Management System (SMS).

[3] Irish Government Department of Transport, Tourism and Sport: Maritime Security Ports Publications - Port Facility Security Assessment Checklist, Port Facility Security Assessment Template.

[4] Bell S., Bullguard Blog, Cyber-attacks and underground activities in Port of Antwerp, October 2013.

[5] BBC News, Police warning after drug traffickers’ cyber-attack, 16 October 2013.

[6] Europol EC3, Hackers deployed to facilitate drugs smuggling, Intelligence Notification 004-2013, June 2013.

[7] SANS Institute and US Electricity Information Sharing and Analysis Center: Analysis of the Cyber Attack on the Ukrainian Power Grid, Defense Use Case, March 2016.

[8] Assante, M. & Lee, R.M., The Industrial Control System Cyber Kill Chain, SANS Institute Information Security Reading Room, October 2015.

[9] Loukas, G., Butterworth-Heinemann, Cyber-Physical Attacks (1st Edition): A Growing Invisible Threat – Chapter 5 Cyber Physical Attack Steps, June 2015. Paperback ISBN: 9780128012901. eBook ISBN: 9780128014639.

[10] Kantarcioglu, M. & Xi, B., Adversarial data mining: Big data meets cyber security. Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security (Vienna), pp. 1866–1867, October 2016. DOI: 10.1145/2976749.2976753.

[11] Proctor, M., Drools: A rule engine for complex event processing. Applications of Graph Transformations with Industrial Relevance. AGTIVE 2011. Lecture Notes in Computer Science, eds. A. Schürr, D. Varró & G. Varró, vol. 7233. Springer: Berlin, Heidelberg, 2012. DOI: 10.1007/978-3-642-34176-2_2.

[12] ISPS Part A Section 13.7.

[13] Vendrell, E.G. & Watson, S.A., Part of ‘The Professional Protection Officer’, 2010, Elsevier.

[14] Schauer, S., Rainer, B., Museux, N. et al, Conceptual framework for hybrid situational awareness in critical port infrastructures. Critical Information Infrastructures Security. 13th International Conference, CRITIS 2018, Kaunas, Lituania; September 24–26, Revised Selected Papers, 2019, Springer, Cham.

[15] König, S., Rass, S., Rainer, B. & Schauer, S., Hybrid dependencies between cyber and physical systems. Intelligent Computing. Proceedings of the 2019 Computing Conference, vol. 2, 2019, Springer Cham.