The European Commission (EC) has funded the Scalable multidimensionAl sitUation awaReness sOlution for protectiNg european ports (SAURON) project to reduce the vulnerabilities of EU ports, as one of the main European critical infrastructures, and increase their systemic resilience in the face of a physical, cyber or combined cyber-physical threat. The goal of SAURON has been to provide a multidimensional yet installation-specific Situational Awareness platform to help port operators anticipate and withstand potential cyber, physical or combined threats to their businesses and to people. During the SAURON project port authorities and stakeholders stated that it would be very helpful to have generic guidance to help ports respond to the combined cyber-physical security threat. The goal of this paper is to help ports understand the hybrid cyber-physical security threat, and how to reduce port vulnerabilities, based on lessons from the SAURON project. The paper is structured in line with the International Ship and Port Facility Security (ISPS) Code Port Facility security assessment process, and relates port security planning based on the ISPS guidelines to insights and lessons from SAURON. This paper demonstrates the importance of understanding the interdependencies between the cyber and physical domains and improving security situational awareness when incidents (including deliberate attacks) cause cascading effects across these domains. Furthermore, the paper draws conclusions and makes recommendations to ports and policy makers to reduce the vulnerability of ports to hybrid cyber-physical attacks.
This is a preview of subscription content, access via your institution.
Buy single article
Instant access to the full article PDF.
Tax calculation will be finalised during checkout.
Subscribe to journal
Immediate online access to all issues from 2019. Subscription will auto renew annually.
Tax calculation will be finalised during checkout.
Data availability (data transparency)
Data sharing is not applicable to this article as it is based on insights from work carried out in the SAURON project whose data is proprietary to the partners. Results that can be shared are reported at www.sauronproject.eu.
Code availability (software application or custom code)
Code sharing is not applicable to this article as it is based on insights from work carried out in the SAURON project which has used and developed modelling tools which are proprietary to the partners. Results that can be shared are reported at www.sauronproject.eu.
SAURON Horizon 2020 project, Grant agreement 740,477, May 2017–September 2020, Website: https://www.sauronproject.eu/.
For more information go to European Union Agency for Cyber Security Website: https://www.enisa.europa.eu/.
Austrian Institute of Technology SAURON propagation engine editor: https://atlas.ait.ac.at/sauron/.
Bring Your Own Device
Cyber Situational Awareness
Department of Transport, Tourism and Sport [Ireland]
Electronic Chart Display and Information System
European Union Agency for Cybersecurity
Emergency Population Warning System
General Data Protection Regulation
Hybrid Situational Awareness
Information and Communications Technology
Intrusion Detection System
International Maritime Organisation
Internet of Things
Intellectual Property Rights
International Safety Management
International Ship and Port Facility Security
Maritime Security Risk Analysis Model
Port Community System
Port Facility Security Assessment
Port Facility Security Officer
Physical Situational Awareness
Physical Security Information Management
Recognized Security Organization
Scalable multidimensionAl sitUation awaReness sOlution for protectiNg european ports
Security Management System
Security Operations Centre
Safety of Life at Sea
Terminal Operating System
Unmanned Air Vehicle
Adams N, Chisnall R, Pickering C, Schauer S (2020) How Port Security has to evolve to address the Cyber-Physical Security Threat: lessons from the SAURON project. Int J Transp Dev Integr 4:1. https://doi.org/10.2495/TDI-V4-N1-29-41
BBC News (2013) Police warning after drug traffickers' cyber-attack. https://www.bbc.co.uk/news/world-europe-24539417, 16 October 2013
Bell S (2013) Bullguard Blog, Cyber-attacks and underground activities in Port of Antwerp, https://www.bullguard.com/blog/2013/10/cyber-attacks-and-underground-activities-in-port-of-antwerp.html. Accessed 21 Oct 2013
Cooper D (2017) LCDR United States coast guard, United States Coast Guard Risk Management Overview, Presentation for Department of Homeland Security Summit. https://www.orau.gov/DHSsummit/presentations/March17/plenary/Cooper_Mar17.pdf
European Union Agency for Cyber Security (ENISA) (2019) Port Cybersecurity - Good practices for cybersecurity in the maritime sector
Hutchison Ports (2018) Press Release, Hutchison Ports rolls out Cyber-Security Recovery Programme, https://hutchisonports.com/media/stories/hutchison-ports-rolls-out-cyber-security-recovery-programme/
International Labour Organisation and International Maritime Organisation (2003) Working Group on Port Security, ‘International Ship and Port Facility Security Code and SOLAS Amendments 2002’
International Maritime Organisation Maritime Safety Committee, Resolution MSC.428(98) on Maritime Cyber Risk Management in Safety Management Systems, June 2017 and Circular MSC-FAL.1/Circ3 Guidelines on maritime cyber risk management, 2017
International Maritime Organisation (2018) IMO117Ee - International Safety Management Code (ISM) and Guidelines on Implementation of the ISM Code
Irish Government Department of Transport, Tourism and Sport: Maritime Security Ports Publications - Port Facility Security Assessment Checklist and Port Facility Security Assessment Template dated 31st January 2019 and updated Port Facility Plan and Port Security Plan dated 24th July 2019. http://www.dttas.ie/maritime/publications/english/maritime-security-ports-publications. Accessed Jul 2019
König S, Rass S, Rainer B, Schauer S (2019) Hybrid Dependencies Between Cyber and Physical Systems. In: Arai K, Bhatia R, Kapoor S (eds) Advances in Intelligent Systems and Computing, vol 998. Springer, Cham, Intelligent Computing. CompCom http://doi.org/10.1007/978-3-030-22868-2_40
König S, Gouglidis A, Rass S, Adams N, Smith P, Hutchison D (2020) Analysing disaster-induced cascading effects in hybrid critical infrastructures: a practical approach, chapter 31 of ‘guide to disaster-resilient communication networks’ Springer. https://doi.org/10.1007/978-3-030-44685-7
Munro K (2017) Pen test partners blog, maritime cyber security - Sinking container ships by hacking load plan software, https://www.pentestpartners.com/security-blog/sinking-container-ships-by-hacking-load-plan-software. Accessed 16 Nov 2017
Munro K (2018) Pen test partners blog, maritime cyber security - hacking, tracking, stealing and sinking ships, https://www.pentestpartners.com/security-blog/hacking-tracking-stealing-and-sinking-ships/. Accessed 4 Jun 2018
Proctor M (2012) In: Schürr A, Varró D, Varró G (eds) Drools: a rule engine for complex event processing; applications of graph transformations with industrial relevance, AGTIVE 2011, lecture notes in computer science, vol 7233. Springer, Berlin. https://doi.org/10.1007/978-3-642-34176-2_2
SAURON (2018) First Newsletter. https://www.sauronproject.eu. Accessed Sept 2020
SAURON (2019) Second newsletter. https://www.sauronproject.eu. Accessed Sept 2020
SAURON (2020a) Piraeus Port Pilot Demonstration Presentation: Video and Slides. https://www.youtube.com/watch?v=J9qH1x3GmSQ&feature=youtu.be. Accessed Sept 2020
SAURON (2020b) Third Presentation of Valencia Port project Pilot. https://www.sauronproject.eu. Accessed Sept 2020
The Indian Express (2017) PTI: New malware hits JNPT operations as APM Terminals hacked globally, https://indianexpress.com/article/india/cyber-attack-newmalware-hits-jnpt-ops-as-apm-terminals-hacked-globally-4725102/
UK Department for Transport and UK Civil Aviation Authority (2018) Framework for an Aviation Security Management System (SeMS)
UK Home Office and Department for Transport (2010) Airport Security Planning Quick Guide
This work was supported in part by the EC SAURON project (http://sauronproject.eu) under grant agreement No. 740477 addressing the topic CIP-01-2016-2017. The authors would like to thank other SAURON project members for their valuable insights.
This work was supported in part by the European Commission SAURON project (http://sauronproject.eu) under grant agreement No. 740477 addressing the topic CIP-01-2016-2017.
Conflicts of interest/Competing interests (include appropriate disclosures)
The authors have no conflicts of interest to declare that are relevant to the content of this article.
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
About this article
Cite this article
Adams, N., Chisnall, R., Pickering, C. et al. Guidance for ports: security and safety against physical, cyber and hybrid threats. J Transp Secur (2021). https://doi.org/10.1007/s12198-021-00234-6
- Port security
- Cyber security
- Physical security
- Cyber-physical security
- Situational awareness
- Critical infrastructure