Abstract
The interrelationships between critical infrastructures (CIs) have become more complex, rendering the security and resilience management of cyber-physical attacks and natural hazard threats more challenging. The EU-funded PRECINCT project connects private and public CI stakeholders in a geographical area to a common cyber-physical security management method that will produce a protected territory for citizens and CIs. The project delivers a framework specification for systematic CI security and resilience management, a cross-facility collaborative management infrastructure enabling stakeholder communities to create PRECINCT ecosystems and increased resilience support services through PRECINCT blueprints, a vulnerability assessment tool using Serious Games and PRECINCT’s Digital Twins. PRECINCT Ecosystem will be deployed and tested in four large-scale living labs and three transferability validation demonstrators. This paper reports on the framework deployed in the Athens Living Lab pilot study and the findings concerning the user experience evaluation aspects of the PRECINCT framework conducted with intended end users.
You have full access to this open access chapter, Download chapter PDF
Keywords
Introduction
EU Critical Infrastructures (CIs) are becoming more and more vulnerable to physical and cyberattacks as well as natural disasters. The focus of research and newly developed solutions is on the protection of individual CIs, however as most of the CI interrelationships have grown more intricate and rely on interconnected networks and devices, the failures in a critical sector may result in cross-sector—or even cross-border—cascading effects. The lack of proper awareness makes it difficult for operators to anticipate risks, protect the CI’s critical services, and enable rapid recovery in the event of disruptions.
Through the application of PRECINCT project methodological framework and technological solutions developed, the work presented in this paper concentrates on improving the phases of crisis management that deal with the preparedness and response capabilities of interconnected CI’s operating in the same geographical area. In this regard, the two out of three main tools, namely Digital Twin and its components, along with the Coordination Center for providing a common situational awareness picture to all relevant stakeholders involved during a crisis are described.
The findings and developments presented, are linked with the EU-funded project PRECINCT aiming to link private and public CI stakeholders in a geographic area to a common cyber-physical security management approach that will result in a protected area for people and infrastructure.
Methodology
PRECINCT [1] will develop a comprehensive Ecosystem Platform, connecting various stakeholders of interdependent CIs and Emergency Services, enabling them to collaboratively manage security challenges and enhancing their resilience against hybrid attacks. The overall goal is to provide new services and capabilities to CI operators, utilizing Artificial Intelligence (AI) and Machine Learning (ML) techniques, for early detecting and managing cyber-physical threats, thus strengthening CI defenses against vulnerabilities.
The following are the areas in which the project’s research has been conducted along this line:
Understanding
PRECINCT uses State of the Art (SOTA) modeling techniques to precisely determine the present and future risks in territory-based interdependent CIs under various multihazard conditions and configurations, to gain a deeper understanding of interdependent CIs. A key goal is to enable CI actors to anticipate sophisticated attacks, detect anomalies, and incentivize optimized command structures and coordinated responses between CIs and first responders, thereby minimizing cascading effects and allowing rapid recovery.
Improving
The Digital Twins will help improve accuracy and automation in identification, remediation, and threat elimination. The application of Digital Twins to multihazard risk management yields a circular process of anticipating, preventing, protecting, and responding during events as well as recovering and learning after events.
Sustaining
Modeling CI interdependencies to identify, forecast or simulate potential cascading effects has limitations in identifying vulnerabilities in complex and codependent CI threat contexts. The dynamic nature of the threat canvas reshapes based on new weekly exploits, the ingenuity of attackers in finding new and creative angles of attack, thus static and dynamic modeling approaches require considerable time and effort to maintain.
By the end of the project, through a series of validation scenarios demonstrated in four Living Labs (LL), the project will produce tools that are ready for use. The current paper will mainly focus on the demonstrations of the Athens LL, involving several operators, i.e., the Athens International Airport, the Attikes Diadromes S.A., and the Attiko Metro S.A., having as an end goal to increase the involved CIs’ overall resilience against cyber-physical incidents affecting urban transport. Since the Athens LL participants represent the city’s main transportation system (the rail and road network along the Athens Airport/Attiki Odos corridor as well as along the urban rail and road network), with a population of over 4 million and which is typically visited by more than 25 million people annually, the demonstration represents a difficult but essential case for resilience management of interconnected transportation systems as well as for demonstrating the efficiency and importance of PRECINCT tools.
PRECINCT Living Lab Athens: Threat Scenario and Digital Twin Architecture
The main threat scenario created and tested by the end users of Athens LL revolves around a coordinated cyber-physical terrorist attack against the Athens International Airport, the cascading effects of these attacks in the surrounding vicinity, and to the other interconnected Critical Infrastructure in the area.
In more detail, the threat scenario starts when the terrorist party collaborates with an airport third party vendor and manages to install malware and infiltrate airport critical systems such as the Access Control (AC) and the Flight Information Display (FID). Following this, the attackers can move undetected within the airport, and strategically place baggage containing improvised Explosive Devices (IEDs) in critical areas as well as in the adjoining metro station. In the last step, the attackers in order to maximize their damages and causalities try to steer people suited in the airport premises close to the explosive locations through fake announcements and information displayed to them through airport’s information display screens. Upon the confirmation of the attack, the airport’s crisis management procedures are activated and all the relevant parties are notified including the critical infrastructures operating in the same geographical area (i.e., Attiko Metro and Attikes Diadomes).
In response to this situation, Attikes Diadromes displays through its road Video Messages Screens instructions to alert road users to avoid proceeding to the Airport as well as deploys and coordinates with the road patrols, through their Traffic Management Center, to reroute traffic away from road lanes, and exits close to the airport. Additionally, the Metro Operation Center advises train drivers to stop at the closest railway station and suspend operations on the suburban metro segment leading to and from the airport once the incident has been confirmed. Finally, the Airport’s Police with the assistance of terminal and security staff proceed with the passengers’ evacuation process and assist passengers to leave the airport premises safely.
Under this context and the identified Athens CI operators’ needs, PRECINCT Digital Twin solution aimed at improving end users’ capabilities of detecting cyber-physical threats in their installations/systems, supporting the efficient and in time exchange of information among CIs stakeholders, and finally the efficient decision-making. The developed Athens Digital Twin ecosystem offers an integrated solution, utilizing cutting-edge modeling and simulation technologies, for resilience management against cyber-physical threats and their cascading effects in the interconnected infrastructures as explained below.
To begin with, the deployed Digital Twin Cyber Security and Detection layer consists of the following three components: (i) Security and Privacy Monitoring, (ii) Root Cause Analysis (RCA), and (iii) Test and Simulation (TaS) components. The aforementioned component’s goal is to monitor the status of the CIs’ network traffic and Internet of Things (IoT) devices status for detecting anomalies or relevant cyberattacks against them by using Machine Learning (ML) techniques. Furthermore, the Athens Digital Twin consists of a Knowledge Graph acting as a database consuming and connecting the heterogeneous datasets and information provided by the participating CIs’ sources as well as producing alerts upon receiving up-normal values as input from them.
The developed PRECINCT Athens DT Complex Event Processing component combines and fuses the different cyber-physical threats or alerts detected, by the other components, into a deeper level for helping the CIs’ operators to have a more accurate understanding of the situation and the events occurring. The Cascading Effect Simulation Engine allows the user to model how a threat, or combined attacks may spread, have cascade consequences, and affects the Athens transport network/CIs region.
In addition, the Digital Twin incident reporting feature and the integration with the Hellenic Coordination Center for Critical Infrastructure Protection (H3CIP) [2] as demonstrated in the Athens LL sought to provide a common operational picture in near-real-time to all stakeholders connected to the 3HCIP platform; support the exchange of information among participating AMETRO, AIA, ATTIKES DIADROMES operators during an incident; and to facilitate coordination among the involved stakeholders during a crisis. Finally, the Digital Twin Supervisory Resilience Control component supports the end users’ decision-making by providing a list of optimal mitigation actions, using Machine Learning (ML) and Artificial Intelligence (AI) algorithms, for minimizing the impact of the cascading effects and restoring the nodes of the network.
Concluding, as can be seen in Table 12.1, the developed DT comprises of various components clustered in three high-level modules: (i) a Cyber Detection module, where the network traffic and other CI data are analyzed to detect possible threats, (ii) a Preparedness and Alerting module, consolidating all information and providing the CI operators a single-user interface for increased situation awareness as well as simulation of threats and their cascading effects, and (iii) a Response and Coordination module to support crisis management procedures with decision support and other tools.
PRECINCT Athens LL User Experience Evaluation
The design of PRECINCT considered user satisfaction as one of the top priorities and one of the main goals of the Living Lab study was to thoroughly assess it. PRECINCT questionnaires were produced using standardized questionnaires for assessing user satisfaction, acceptability, and system usability during the PRECINCT project’s LL research. The questionnaires have been designed by relying on existing standardized questionnaires such as the System Usability Scale (SUS) [3], the Software Usability Measurement Inventory (SUMI) [4], and the Computer System Usability Questionnaire (CSUQ) [5] that have been used in various studies [6]. The questionnaires were organized around the dimensions of usability as recommended by ISO/IEC TR 25060:2010 [7], ISO 9241-11:2018 [8], and the quality requirements as recommended by ISO/IEC 25010:2011 [9] namely effectiveness (accuracy and completeness with which users achieve specified goals); efficiency (resources expended in relation to the accuracy and completeness with which users achieve goals); satisfaction (extent to which the product or service meets the user’s needs and expectations). Other metrics such as ease of learning were also considered.
The main objective of the PRECINCT User Experience evaluation was to collect end users’ (transport operators, cyber-physical security professionals, etc.) feedback to identify needs for further optimizations of the PRECINCT framework. Participants could respond on a Likert scale ranging from 1 to 5, with 1 indicating “strongly disagree” and 5 indicating “strongly agree.” Scores more than 3 are considered positive replies; nevertheless, each answer is evaluated independently based on the type of question. The findings reported in this section are based on responses from fourteen (14) survey participants in the Athens LL. The mean Likert-scale scores of the responses received in each question, as well as the Standard Deviation (SD) value, are used to draw conclusions. End users were given questionnaires to fill out after (posttest) utilizing the PRECINCT framework to assess their experience. The results are as follows:
Survey Results of the Entire PRECINCT Framework
Based on the survey, most participants found that PRECINCT is an acceptable solution to improve the capabilities of end users to manage cyber-physical threats more efficiently (4.20|SD = 0.79). Most of them agreed that PRECINCT could improve the operational resilience in the CIs’ region (4.30|SD = 0.67), could increase the accuracy in cyber and/or physical threats detection (4.30|SD = 0.82), could enhance the response and mitigation actions taken by the stakeholders during and after crisis (4.10|SD = 0.88) and that understanding the interdependencies and cascading effects among the various CIs engaged in a crisis could be improved by PRECINCT (4.30|SD = 0.67). This is very encouraging feedback because the end users attest to the PRECINCT framework’s ability to achieve the project’s primary goals. The worst-rated statement was the statement “It is easy to integrate the PRECINCT framework with the current systems in my organization” (3.40|SD = 0.70), which is still positive feedback. Given the difficulty of integration in present operating settings and the need for changes, it is anticipated that this be communicated.
Survey Results of Digital Twin (DT) Framework by End Users
On top of the entire PRECINCT framework evaluation documented in the previous section, the Digital Twin (DT) has been evaluated separately. The metrics considered were related to the perception of errors, comprehension of objectives, the level of completed objectives, the ease of learning, and basic subjective user satisfaction metrics.
Based on the survey, the majority of the participating end users understood the objectives of the DT (4.40|SD = 0.70), they agreed that the DT correctly identified (4.26|SD = 0.63) and correlated the cyber and or physical threats (4.20|SD = 0.63), and the statements of the threat scenarios were easy to understand (4.30|SD = 0.67). They also agreed that the results of the demonstration were appropriate to the threat scenario(s) presented (4.20|SD = 0.74) and that the DT is overall a significant improvement compared to their current methodology (4.40|SD = 0.70). Based on the answers to the basic subjective user satisfaction questions, the DT managed to meet user expectations. The majority of participants were satisfied with how simple it was to utilize the DT (4.00|SD = 0.82) and how simple it was to acquire significant insights from the data shown through the DT user interface (4.20|SD = 0.63).
Conclusions
Based on the feedback received from Athens Living Lab operators (e.g., operations, networks, security, crisis managers, et al.) and associated risk analysis, the key challenges and responsibilities they face are the early detection of threats and accessing the damages; ensuring business continuity and public safety in the event of an incident; mobilization of crisis management teams and emergency plans; coordination with first responders and implementation of recovery actions. Therefore, protecting critical infrastructure against complex and hybrid cyber-physical threats requires a comprehensive framework for modeling these attacks and their potential impact, as well as providing new tools and enhanced capabilities to the end users for managing them and coordinating.
The PRECINCT Framework aims to establish a unified and holistic approach to managing cyber-physical attacks in order to address the multifaceted challenges outlined above. This was achieved in the LL through the DT solution, which enables the various CIs and first responders to have a common and holistic situational awareness picture of the area. This is accomplished by integrating sophisticated algorithms, real-time data analysis, and simulation-based capabilities, as well as facilitating communication among them using a robust and secure platform to exchange messages and alerts.
According to the overall user experience evaluation findings, the PRECINCT framework is approved by the system’s intended end users and managed to meet their expectations. Regarding the DT, the survey demonstrated that the DT performed all the tasks that it was designed for, supporting the operators in their further investigation and response actions in the context of the Athens LL threat scenarios. All the incidents identified by the DT were received with almost no delay and provided the operators with all the required details they needed to proceed with their standard operating procedures. The operators agreed that PRECINCT is an acceptable solution to improve the capabilities of end users to manage cyber-physical threats more efficiently and that the framework could enhance the response and mitigation actions taken by the stakeholders during and after a crisis. The validation results depict the usefulness of such a framework, improving the collaboration among the several stakeholders involved during a crisis compared to the current situation. At the same time, the PRECINCT interface was proven to be user-friendly and intuitive, as well as providing the right information to the users during their operations.
In conclusion, the PRECINCT framework has successfully brought together private and public stakeholders operating within the same geographic region within LL3 to effectively respond to and mitigate threats, thus enhancing the overall security of the citizens in the area.
References
PRECINCT. [Online] https://www.precinct.info/en/about/
CIPROTECTION. [Online] [Cited: July 26, 2023] http://www.ciprotection.gr/index.php/en/
SUS. [Online] [Cited: July 26, 2023] https://www.usability.gov/how-to-and-tools/methods/system-usability-scale.html
SUMI. [Online] [Cited: July 26, 2023] https://sumi.uxp.ie/en/index.php
Lewis, J. R. (1992). Psychometric evaluation of the post-study system usability questionnaire: The PSSUQ. Proceedings of the Human Factors Society Annual Meeting, 36(16), 1259–1260.
Tullis, T., & Albert, B. (2013). Chapter 6: Self-reported metrics. In B. Albert & T. Tullis (Eds.), Measuring the user experience (2nd ed.). Morgan Kaufmann.
ISO. ISO 25060. Systems and software engineering – Systems and software product Quality Requirements and Evaluation (SQuaRE). [Online] https://www.iso.org/standard/35786.html
ISO 9241-11:2018. Ergonomics of human-system interaction – Part 11: Usability. [Online] https://www.iso.org/standard/63500.html
ISO/IEC 25010:2011. [Online] [Cited: July 26, 2023.] https://www.iso.org/obp/ui/#iso:std:iso-iec:25010:ed-1:v1:en
Acknowledgments
This project has received funding from the European Union’s Horizon 2020 research and innovation program under grant agreement No. 101021668. This article reflects only the authors’ views, and the Research Executive Agency and the European Commission are not responsible for any use that may be made of the information it contains.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Open Access This chapter is licensed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license and indicate if changes were made.
The images or other third party material in this chapter are included in the chapter's Creative Commons license, unless indicated otherwise in a credit line to the material. If material is not included in the chapter's Creative Commons license and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder.
Copyright information
© 2025 The Author(s)
About this chapter
Cite this chapter
Lymaxis, I., Georgiou, E. (2025). Security Challenges in Critical Infrastructures in Transport: The PRECINCT Athens Use Case. In: Gkotsis, I., Kavallieros, D., Stoianov, N., Vrochidis, S., Diagourtas, D., Akhgar, B. (eds) Paradigms on Technology Development for Security Practitioners. Security Informatics and Law Enforcement. Springer, Cham. https://doi.org/10.1007/978-3-031-62083-6_12
Download citation
DOI: https://doi.org/10.1007/978-3-031-62083-6_12
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-62082-9
Online ISBN: 978-3-031-62083-6
eBook Packages: Physics and AstronomyPhysics and Astronomy (R0)