The first pilot scenario was about testing and validating an initial version of the Cyber-MAR system in the scope of a cyber-attack scenario on the port authority’s electrical grid, in the Port of Valencia. The scenario was focused on the simulation of a remote access attack on the IT and OT infrastructure, and energy grid of the Port of Valencia. The first objective of this attack was to cut off the power supply to the port, by shutting down the grid management OT system, with the OT manager’s computer as the the original infection point. The second objective was to simulate a Ransomware attack triggered by the Command & Control server, that will cryptolock all workstations within the infrastructure of the port.

During the demo, the Cyber-MAR Cyber Range provided insights of the scenario through different points of view: from an attacker’s perspective and from a defender’s perspective using Intrusion Detection System (IDS) and SIEM.

More information about the first pilot demonstration can be found here.

The vessel scenario constituted a scenario where an attacker launched an attack that allowed him to temporarily alter the course of a large container vessel and in so doing cause a blockage on the approach channel.

Progression of Attack was broken down into a number of stages:

– Downloading and Propagation of Attack (Within IT Infrastructure)
– Installing and Initiating the Attack on Vessel Control Systems
– Attack realisation and crew response

More information about the second pilot demonstration can be found here.

This scenario presented and tested a combined attack targeting initially the SCADA system that controls the traffic around the train yard, aiming for a collision between heavy trucks and incoming trains, followed by the main attack to the port’s network, wiping out the entire network’s IT and OT infrastructure.

More information about the third pilot can be found here.