MITIGATE

a dynamic supply chain cyber risk assessment methodology

Stefan Schauer, Nineta Polemi, Haralambous Mouratidis

Research output: Contribution to journalArticleResearchpeer-review

Abstract

Modern port infrastructures have become highly dependent on the operation of complex, dynamic ICT-based maritime supply chains. This makes them open and vulnerable to the rapidly changing ICT threat landscape and many ports are not yet fully prepared for that. Furthermore, these supply chains represent a highly interrelated cyber ecosystem, in which a plethora of distributed ICT systems of various business partners interact with each other. Due to these interrelations, isolated threats and vulnerabilities within a system of a single business partner may propagate and have cascading effects on multiple other systems, thus resulting in a large-scale impact on the whole supply chain. In this context, this article proposes a novel evidence-driven risk assessment methodology, i.e., the MITIGATE methodology, to analyze the risk level of the whole maritime supply chain. This methodology builds upon publicly available information, well-defined mathematical approaches and best practices to automatically identify and assess vulnerabilities and potential threats of the involved cyber assets. As a major benefit, the methodology provides a constantly updated risk evaluation not only of all cyber assets within each business partner in the supply chain but also of the cyber interconnections among those business partners. Additionally, the whole process is based on qualitative risk scales, which makes the assessment as well as the results more intuitive. The main goal of the MITIGATE methodology is to support the port authorities as well as the risk officers of all involved business partners.

Original languageEnglish
Pages (from-to)1–35
JournalJournal of Transportation Security
Volume12
Issue number1-2
DOIs
Publication statusPublished - 1 Sep 2018

Fingerprint

Risk assessment
risk assessment
Supply chains
supply
methodology
Industry
threat
assets
vulnerability
interconnection
available information
Ecosystems
best practice
Methodology
Supply chain dynamics
Supply chain
infrastructure
evaluation
evidence
Threat

Keywords

  • Cascading effects
  • Critical information infrastructures (CIIs)
  • Maritime supply chain services
  • Risk assessment

Cite this

@article{c7fc2c51ec5f40bd8e38dfdf0db8b21a,
title = "MITIGATE: a dynamic supply chain cyber risk assessment methodology",
abstract = "Modern port infrastructures have become highly dependent on the operation of complex, dynamic ICT-based maritime supply chains. This makes them open and vulnerable to the rapidly changing ICT threat landscape and many ports are not yet fully prepared for that. Furthermore, these supply chains represent a highly interrelated cyber ecosystem, in which a plethora of distributed ICT systems of various business partners interact with each other. Due to these interrelations, isolated threats and vulnerabilities within a system of a single business partner may propagate and have cascading effects on multiple other systems, thus resulting in a large-scale impact on the whole supply chain. In this context, this article proposes a novel evidence-driven risk assessment methodology, i.e., the MITIGATE methodology, to analyze the risk level of the whole maritime supply chain. This methodology builds upon publicly available information, well-defined mathematical approaches and best practices to automatically identify and assess vulnerabilities and potential threats of the involved cyber assets. As a major benefit, the methodology provides a constantly updated risk evaluation not only of all cyber assets within each business partner in the supply chain but also of the cyber interconnections among those business partners. Additionally, the whole process is based on qualitative risk scales, which makes the assessment as well as the results more intuitive. The main goal of the MITIGATE methodology is to support the port authorities as well as the risk officers of all involved business partners.",
keywords = "Cascading effects, Critical information infrastructures (CIIs), Maritime supply chain services, Risk assessment",
author = "Stefan Schauer and Nineta Polemi and Haralambous Mouratidis",
year = "2018",
month = "9",
day = "1",
doi = "10.1007/s12198-018-0195-z",
language = "English",
volume = "12",
pages = "1–35",
journal = "Journal of Transportation Security",
issn = "1938-7741",
number = "1-2",

}

MITIGATE : a dynamic supply chain cyber risk assessment methodology. / Schauer, Stefan; Polemi, Nineta; Mouratidis, Haralambous.

In: Journal of Transportation Security, Vol. 12, No. 1-2, 01.09.2018, p. 1–35.

Research output: Contribution to journalArticleResearchpeer-review

TY - JOUR

T1 - MITIGATE

T2 - a dynamic supply chain cyber risk assessment methodology

AU - Schauer, Stefan

AU - Polemi, Nineta

AU - Mouratidis, Haralambous

PY - 2018/9/1

Y1 - 2018/9/1

N2 - Modern port infrastructures have become highly dependent on the operation of complex, dynamic ICT-based maritime supply chains. This makes them open and vulnerable to the rapidly changing ICT threat landscape and many ports are not yet fully prepared for that. Furthermore, these supply chains represent a highly interrelated cyber ecosystem, in which a plethora of distributed ICT systems of various business partners interact with each other. Due to these interrelations, isolated threats and vulnerabilities within a system of a single business partner may propagate and have cascading effects on multiple other systems, thus resulting in a large-scale impact on the whole supply chain. In this context, this article proposes a novel evidence-driven risk assessment methodology, i.e., the MITIGATE methodology, to analyze the risk level of the whole maritime supply chain. This methodology builds upon publicly available information, well-defined mathematical approaches and best practices to automatically identify and assess vulnerabilities and potential threats of the involved cyber assets. As a major benefit, the methodology provides a constantly updated risk evaluation not only of all cyber assets within each business partner in the supply chain but also of the cyber interconnections among those business partners. Additionally, the whole process is based on qualitative risk scales, which makes the assessment as well as the results more intuitive. The main goal of the MITIGATE methodology is to support the port authorities as well as the risk officers of all involved business partners.

AB - Modern port infrastructures have become highly dependent on the operation of complex, dynamic ICT-based maritime supply chains. This makes them open and vulnerable to the rapidly changing ICT threat landscape and many ports are not yet fully prepared for that. Furthermore, these supply chains represent a highly interrelated cyber ecosystem, in which a plethora of distributed ICT systems of various business partners interact with each other. Due to these interrelations, isolated threats and vulnerabilities within a system of a single business partner may propagate and have cascading effects on multiple other systems, thus resulting in a large-scale impact on the whole supply chain. In this context, this article proposes a novel evidence-driven risk assessment methodology, i.e., the MITIGATE methodology, to analyze the risk level of the whole maritime supply chain. This methodology builds upon publicly available information, well-defined mathematical approaches and best practices to automatically identify and assess vulnerabilities and potential threats of the involved cyber assets. As a major benefit, the methodology provides a constantly updated risk evaluation not only of all cyber assets within each business partner in the supply chain but also of the cyber interconnections among those business partners. Additionally, the whole process is based on qualitative risk scales, which makes the assessment as well as the results more intuitive. The main goal of the MITIGATE methodology is to support the port authorities as well as the risk officers of all involved business partners.

KW - Cascading effects

KW - Critical information infrastructures (CIIs)

KW - Maritime supply chain services

KW - Risk assessment

UR - http://www.scopus.com/inward/record.url?scp=85053239560&partnerID=8YFLogxK

U2 - 10.1007/s12198-018-0195-z

DO - 10.1007/s12198-018-0195-z

M3 - Article

VL - 12

SP - 1

EP - 35

JO - Journal of Transportation Security

JF - Journal of Transportation Security

SN - 1938-7741

IS - 1-2

ER -