Why this challenge?
This Challenge forms part of a cybersecurity study in the port sector conducted by Naval-Group in partnership with GPMM.
The Challenge consists of developing a method for mapping all digital technical components in the port (digital equipment on the docks, crane equipment, gantries, electrical grid, computer system piloting containers, internal port computer systems, access control systems, etc.).
Identify and reference the digital port systems that are potential targets of cyberattacks.
Possess a set of methods/tools for mapping digital assets used in all port trades.
- Methodology to establish mapping of sensitive assets for all port systems.
- Qualify the methodology on one of the port systems to be defined (as a test).
- Use mapping (as exhaustive as possible) as a basic element for a risk analysis that constitutes the starting point for a cyber posture. Note that the risk analysis is a legal obligation for OVIs (Operators of Vital Importance).
Trial, resources and co‑innovation
Port video-surveillance digital systems; trial will consist of verifying the methodology with a practical case, a digital system identified during preparatory meetings for launching the Challenge.
Experimentation will then determine, for example, the gaps between the hard-copy mapping available and technical identification of all digital assets emerging from application of the methodology and tools. This will be used to validate the approach.
State of technical facilities available, made available by GPMM or its partners, to facilitate development of the methodology; technical and trade expertise
Specific guidance in innovation and co-innovation between the selected company and the extended group.
Profile for the expected startup
- Knowledge of IT-type as well as boarded or industrial (OT) digital systems as industrial automation
- Knowledge of mapping and analysis methodologies
- Possess the ANSSI PASSI qualification (or possibly pending approval).
Note as well that the systems mapping to be performed under the Challenge is a potentially sensitive component that must be protected. Security criteria will be required for company selection (such as PASSI – Prestataires d’Audit de la Sécurité des Systèmes d’Information certification). For this reason, the analysis results will be “RESTRICTED DISTRIBUTION” and protected by an NDA signed by stakeholders.