MITIGATE: a dynamic supply chain cyber risk assessment methodology

Stefan Schauer, Nineta Polemi, Haralambous Mouratidis

Research output: Contribution to journalArticle

Abstract

Modern port infrastructures have become highly dependent on the operation of complex, dynamic ICT-based maritime supply chains. This makes them open and vulnerable to the rapidly changing ICT threat landscape and many ports are not yet fully prepared for that. Furthermore, these supply chains represent a highly interrelated cyber ecosystem, in which a plethora of distributed ICT systems of various business partners interact with each other. Due to these interrelations, isolated threats and vulnerabilities within a system of a single business partner may propagate and have cascading effects on multiple other systems, thus resulting in a large-scale impact on the whole supply chain. In this context, this article proposes a novel evidence-driven risk assessment methodology, i.e., the MITIGATE methodology, to analyze the risk level of the whole maritime supply chain. This methodology builds upon publicly available information, well-defined mathematical approaches and best practices to automatically identify and assess vulnerabilities and potential threats of the involved cyber assets. As a major benefit, the methodology provides a constantly updated risk evaluation not only of all cyber assets within each business partner in the supply chain but also of the cyber interconnections among those business partners. Additionally, the whole process is based on qualitative risk scales, which makes the assessment as well as the results more intuitive. The main goal of the MITIGATE methodology is to support the port authorities as well as the risk officers of all involved business partners.

Original languageEnglish
Pages (from-to)1–35
JournalJournal of Transportation Security
Volume12
Issue number1-2
DOIs
Publication statusPublished - 1 Sep 2018

    Fingerprint

Keywords

  • Cascading effects
  • Critical information infrastructures (CIIs)
  • Maritime supply chain services
  • Risk assessment

Cite this