Neptargos Research Project

Project description

Neptargos focuses on Dutch North Sea cyber physical security, with the goal of identifying which cyber threat scenarios create the highest risk and how they can be modelled and prioritised. Our research questions cover (1) the current state of maritime cybersecurity in the Dutch North Sea, (2) the most critical cyber physical assets and dependencies, (3) which threats matter most and should be prioritised, (4) which existing security solutions address these challenges, and (5) how resilience to key attack vectors can be tested. Domain: maritime critical infrastructure and cyber physical systems (ports, vessels, offshore energy, subsea cables, and the supporting IT and OT environment).

Context

Neptargos sits in the Dutch North Sea maritime domain, where ports, shipping routes, offshore energy (wind, oil and gas), and subsea cables connect to each other through shared logistics and shared digital systems. Operations rely heavily on situational awareness and communications, for example AIS, GPS, satellite links, radio, and port and vessel networks. This connectivity improves efficiency, but it also creates wider attack paths and chain effects, where a problem in one organisation or system can trigger disruption in others.

Recent threat patterns relevant to this domain include service disruption (DDoS), initial access via phishing and social engineering, and ransomware or malware that interrupts operations and forces recovery work. The maritime setting adds extra risk from interference and spoofing, where trust in location and communication signals can be attacked, leading to confusion, unsafe routing decisions, or delayed response. Neptargos addresses the gap between cyber and physical security by bringing scenarios, dependencies, and testing methods together in a structured way that supports analysis, simulation, and prioritisation for blue team resilience.

Results

Main outcomes (products):

Research plan and research report covering the Dutch North Sea maritime environment, key assets, dependencies, threat patterns, and testing approaches aligned to the project research questions.

Scenario set (use cases) describing threat actors, targets, attack steps, assumptions, likely impacts, and what to measure during testing. Scenarios focus on recurring real world patterns: DDoS disruption, phishing led compromise, ransomware or malware disruption, and jamming or spoofing of communications and positioning signals.

Personas and user stories based on researched operational roles. These support storytelling in demos by keeping attention on what people see, decide, and do under pressure.

Proof of concept demo direction for a map based dashboard that shows vessels, ports, and relevant infrastructure in the North Sea, and demonstrates simulated attack effects (for example service outage and spoofed situational awareness) to make chain effects visible.

Key insights:

The highest risk does not come from one isolated asset. It comes from dependencies across organisations and systems, where loss of availability or trust in data can spread fast (ports, suppliers, vessels, comms links).

The most relevant threats are the ones that scale and repeat across the domain: disruption (DDoS), access via people (phishing), and operational shutdown (ransomware or malware), plus interference and spoofing that targets navigation and coordination.

Validation and TRL positioning:

Validation is based on iterative sprint reviews and stakeholder feedback, including the request to deliver detailed, comparable use cases and to focus on realistic scenarios with clear attack steps, assumptions, and impact.

The work sits around TRL 3 to 4: proof of concept with lab based demonstration planning and scenario driven modelling, but not tested in live operational environments or integrated into production systems.