Linkedin X-twitter

Control tower

The main concept developed in TRANSCEND is a modular Control Tower, a digital platform with embedded business intelligence to operationally implement policy measures and continuously monitor threats and risks. By combining multiple data streams collected from various sources, the platform will provide insights to better understand the current situation with a better visibility of potential risks, and make appropriate decisions, as well as make predictions about the future based on machine-learning and artificial intelligence. Besides increasing the visibility of each stakeholder of the business ecosystem (e.g. other CI operator, CI user), the Control Tower will provide an opportunity to share data and information with them.

Its primary aim is to advance the understanding, monitoring, and enhancement of ecosystem resilience, particularly in contexts where cargo integrity, rerouting, and infrastructure security are critical.

The TRANSCEND Control Tower consists of six main components:

Ecosystem Analysis

Resilience Assessment

Process Mining

Cargo Integrity Monitoring

Regional Orchestration

Security Incident Monitoring

Together, these modules contribute to a robust and scalable architecture of the Control Tower capable of supporting decision-makers in anticipating, managing, and recovering from disruptions, thereby strengthening the resilience and security of the Critical Infrastructure ecosystems. 

Rationale

Ensuring the resilience of Critical Infrastructures (CIs), particularly in the transport sector, has become increasingly vital. Today, there is a strong emphasis on securing information systems and effectively managing risks that could disrupt these essential services. Moreover, CIs are becoming progressively more interdependent across sectors; for example, energy is essential for telecommunications, which in turn supports logistics and transport operations. This growing interconnectedness increases systemic complexity and makes CIs more vulnerable to sophisticated cyber-physical attacks. As a result, understanding and modelling dependencies both across different sectors and domains, and within operators of the same CI, is not only required by regulations, but also crucial for improving preparedness, risk management, and coordinated incident response.

Objective

 The primary objective of the ecosystem modelling module is to analyse an ecosystem surrounding a CI as a whole and to provide the foundations for simulating potential impacts on the resilience of a supply chain composed of multiple entities (both internal and external to the CI) by propagating risk consequences across dependencies (domino effect).

Rationale

Operational resilience refers to an organization’s ability to anticipate, withstand, adapt to, and recover from disruptions that could impact its essential functions. A resilience module is crucial for predicting how terminal operations may be affected by potential threats. Additionally, this module helps terminal operators assess the timing of impacts in relation to the terminal’s performance. These metrics serve essential purposes: first, they enable operators to determine which resilience strategies should be implemented and when. Furthermore, they allow operators to compare the investments required for preparation, response, and recovery against the anticipated costs of disruptions. 

Objective 

The primary objective of the resilience modelling module is to receive early warning signals and based on the terminal current operational status, provide an estimation of the following metrics: 

  • Mean Time to Detected Failure (MTTDF). This measures the time it takes to identify a disruption or incident. In other words, this metric tells how much time is left between the moment the organization receives an early warning and the time the disruptive event takes place. 
  • Time to Survive (TTS). This represents how long an organization can continue operating during the disruption before reaching a critical failure point. 
  • Time to Recover (TTR). Time duration between the disruption and the recovery of the terminal back to normal conditions or adapting to a “new” normal. 
Rationale

Logistics operators have procedures and systems in place to manage their CIs, but over time, deviations from the intended processes often emerge unnoticed. These deviations can weaken operational resilience by introducing inefficiencies, vulnerabilities, or risks of non-compliance. Process mining offers a powerful solution by analysing the digital footprints (the event logs) left in information systems, providing operators with valuable insights into how processes are actually executed. This visibility helps identify non-compliant security operations, detect bottlenecks, and support continuous process improvement to finally build proactive operational resilience. In times of crisis, process mining can help rapidly identify issues, so the CI can find a solution and gets back on track quickly and smoothly.  

Currently, process mining and simulation of threat scenarios on processes are largely manual tasks. To improve responsiveness and user experience, a tool should automate the overall workflow, allowing for continuous monitoring and early risk detection. 

Objective 

The TRANSCEND module on the process mining will continuously ingests and preprocesses event log data from operational systems to enable automated process mining, real-time analysis, and scenario-based threat simulation modelling. The target processes address freight transport operations and security-related processes but it should be applicable to all kind of processes. 

Rationale 

At the Luxembourg airport Cargo Center, thousands of supply chains cross each other, and a vast array of commodities are handled, stored and processed in one single place. As a crossing point of various commodities that are sent to multiple destinations across the globe, it is a golden opportunity for criminals and terrorists to study and identify vulnerabilities that could help them inject prohibited items into the supply chain, from narcotics to guns via counterfeit goods for criminals to improvised destructive devices for terrorists. As a generic rule, air cargo should be secured, and from the moment it is secured, its integrity should be maintained until delivery. Traditional inspection methods, often reliant on manual checks or rule-based systems, struggle to keep pace with the scale and sophistication of modern threats.  

To address this challenge, an import/export anomaly detection tool becomes essential to flag suspicious transactions—such as unusual trade routes, uncommon commodity origins, or the sudden appearance of new shippers.  

Objective 

The TRANSCEND module on the cargo integrity is designed to analyse trade data to detect suspicious shipments indicative of fraud, smuggling, or other high-risk activities, enabling logistics operators to prioritise inspections and improve border security. This proactive and intelligence-driven approach significantly enhances risk detection, supports compliance with customs and security regulations, and enables logistics operators to focus resources on the most high-risk shipments. 

Rationale 

The intense freight activity of recent years has rendered the management of logistics nodes and transport routes increasingly intricate. The lack of seamless communication and visibility on the status of the terminal and truck and rail appointments among various stakeholders has given rise to bottlenecks, causing delays that reverberate across the entire supply chain (domino effects).

In the event of disruption or failure of critical elements caused by extreme events (cyber and/or physical), it is necessary to rapidly find alternate routes that can ensure the highest possible traffic throughflows. To address this challenge, information on the service level of the affected CI, as well as other available CI, should be made accessible to logistics operator to support the adjustment of transport plans.  

Objective 

The TRANSCEND module on the regional orchestration is designed to enhance communication between CI operators and CI users, addressing key operational challenges and improving overall efficiency. It supports the following essential needs: 

  • Enhancing transparency providing real-time visibility into the operational status and service levels of the CI, ensuring stakeholders have accurate and up-to-date information. 
  • Disruption management informing users about disruptive events to enable proactive decision-making. 
  • Dynamic rerouting assistance supporting carriers by providing alternative routing options in case of disruptions, ensuring minimal delays and maintaining supply chain continuity. 
  • Operational efficiency facilitating seamless coordination among CI operators, logistics service providers to reduce inefficiencies. 

The module will support operational efficiency in normal periods and improve preparedness and recovery when extreme events occur. 

Rationale

The Port of Valencia, one of Europe’s largest containers ports, stands as a pivotal gateway for world trade. Within this bustling port, the CSP terminal commands significance as the largest container terminal, serving as a critical nexus for trade activities. The burgeoning railway connection linking Valencia and Zaragoza has significantly bolstered traffic in recent years, augmenting the port’s regional importance. However, the heightened reliance on these infrastructures also underscores their vulnerability to potential threats, whether physical or cyber-attacks. A disruption to these key nodes could precipitate a substantial economic impact, jeopardising not only local but also regional and international trade flows. Recognising the interconnectedness of these operations, collaboration and seamless information exchange among the multifaceted entities involved in transport operations emerge as essential pillars of resilience, ensuring the continued smooth functioning and safeguarding against potential disruptions.  

Objective 

The TRANSCEND module on Security incident monitoring is designed to centralize any physical or cyber security event that could disrupt the nominal operation of the terminal. 

Linkedin-in X-twitter