IDEAS home Printed from https://ideas.repec.org/a/spr/jtrsec/v12y2019i1d10.1007_s12198-018-0195-z.html
   My bibliography  Save this article

MITIGATE: a dynamic supply chain cyber risk assessment methodology

Author

Listed:
  • Stefan Schauer

    (Austrian Institute of Technology)

  • Nineta Polemi

    (European Commission)

  • Haralambos Mouratidis

    (University of Brighton)

Abstract

Modern port infrastructures have become highly dependent on the operation of complex, dynamic ICT-based maritime supply chains. This makes them open and vulnerable to the rapidly changing ICT threat landscape and many ports are not yet fully prepared for that. Furthermore, these supply chains represent a highly interrelated cyber ecosystem, in which a plethora of distributed ICT systems of various business partners interact with each other. Due to these interrelations, isolated threats and vulnerabilities within a system of a single business partner may propagate and have cascading effects on multiple other systems, thus resulting in a large-scale impact on the whole supply chain. In this context, this article proposes a novel evidence-driven risk assessment methodology, i.e., the MITIGATE methodology, to analyze the risk level of the whole maritime supply chain. This methodology builds upon publicly available information, well-defined mathematical approaches and best practices to automatically identify and assess vulnerabilities and potential threats of the involved cyber assets. As a major benefit, the methodology provides a constantly updated risk evaluation not only of all cyber assets within each business partner in the supply chain but also of the cyber interconnections among those business partners. Additionally, the whole process is based on qualitative risk scales, which makes the assessment as well as the results more intuitive. The main goal of the MITIGATE methodology is to support the port authorities as well as the risk officers of all involved business partners.

Suggested Citation

  • Stefan Schauer & Nineta Polemi & Haralambos Mouratidis, 2019. "MITIGATE: a dynamic supply chain cyber risk assessment methodology," Journal of Transportation Security, Springer, vol. 12(1), pages 1-35, June.
    • Handle: RePEc:spr:jtrsec:v:12:y:2019:i:1:d:10.1007_s12198-018-0195-z
    DOI: 10.1007/s12198-018-0195-z
    as

    Download full text from publisher

    File URL: http://link.springer.com/10.1007/s12198-018-0195-z
    File Function: Abstract
    Download Restriction: Access to the full text of the articles in this series is restricted.
    File URL: https://libkey.io/10.1007/s12198-018-0195-z?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    As the access to this document is restricted, you may want to search for a different version of it.

    References listed on IDEAS

    as
    1. Panayiotis Kotzanikolaou & Marianthi Theoharidou & Dimitris Gritzalis, 2013. "Assessing n-order dependencies between critical infrastructures," International Journal of Critical Infrastructures, Inderscience Enterprises Ltd, vol. 9(1/2), pages 93-110.
    2. David A. Wirth, 2013. "The International Organization for Standardization: private voluntary standards as swords and shields," Chapters, in: Geert Van Calster & Denise Prévost (ed.), Research Handbook on Environment, Health and the WTO, chapter 5, pages 139-163, Edward Elgar Publishing.
    Full references (including those not matched with items on IDEAS)

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Cheung, Kam-Fung & Bell, Michael G.H. & Bhattacharjya, Jyotirmoyee, 2021. "Cybersecurity in logistics and supply chain management: An overview and future research directions," Transportation Research Part E: Logistics and Transportation Review, Elsevier, vol. 146(C).
    2. de la Peña Zarzuelo, Ignacio, 2021. "Cybersecurity in ports and maritime industry: Reasons for raising awareness on this issue," Transport Policy, Elsevier, vol. 100(C), pages 1-4.
    3. M. J. Hermoso-Orzáez & J. Garzón-Moreno, 2022. "Risk management methodology in the supply chain: a case study applied," Annals of Operations Research, Springer, vol. 313(2), pages 1051-1075, June.
    4. Nishat Alam Choudhary & Shalabh Singh & Tobias Schoenherr & M. Ramkumar, 2023. "Risk assessment in supply chains: a state-of-the-art review of methodologies and their applications," Annals of Operations Research, Springer, vol. 322(2), pages 565-607, March.
    5. Bolbot, Victor & Kulkarni, Ketki & Brunou, Päivi & Banda, Osiris Valdez & Musharraf, Mashrura, 2022. "Developments and research directions in maritime cybersecurity: A systematic literature review and bibliometric analysis," International Journal of Critical Infrastructure Protection, Elsevier, vol. 39(C).

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. König, Sandra & Rass, Stefan & Schauer, Stefan, 2019. "Cyber-attack impact estimation for a port," Chapters from the Proceedings of the Hamburg International Conference of Logistics (HICL), in: Jahn, Carlos & Kersten, Wolfgang & Ringle, Christian M. (ed.), Digital Transformation in Maritime and City Logistics: Smart Solutions for Logistics. Proceedings of the Hamburg International Conference of Logistics, volume 28, pages 164-183, Hamburg University of Technology (TUHH), Institute of Business Logistics and General Management.
    2. Corinna Köpke & Jennifer Mielniczek & Christoph Roller & Kerstin Lange & Frank Sill Torres & Alexander Stolz, 2023. "Resilience management processes in the offshore wind industry: schematization and application to an export-cable attack," Environment Systems and Decisions, Springer, vol. 43(2), pages 161-177, June.
    3. Luiijf, Eric & Klaver, Marieke, 2021. "Analysis and lessons identified on critical infrastructures and dependencies from an empirical data set," International Journal of Critical Infrastructure Protection, Elsevier, vol. 35(C).
    4. Calvo-Pardo, Hector & Mancini, Tullio & Olmo, Jose, 2021. "Granger causality detection in high-dimensional systems using feedforward neural networks," International Journal of Forecasting, Elsevier, vol. 37(2), pages 920-940.
    5. Stergiopoulos, George & Kotzanikolaou, Panayiotis & Theocharidou, Marianthi & Lykou, Georgia & Gritzalis, Dimitris, 2016. "Time-based critical infrastructure dependency analysis for large-scale and cross-sectoral failures," International Journal of Critical Infrastructure Protection, Elsevier, vol. 12(C), pages 46-60.
    6. Martinez-Pastor, Beatriz & Nogal, Maria & O’Connor, Alan & Teixeira, Rui, 2022. "Identifying critical and vulnerable links: A new approach using the Fisher information matrix," International Journal of Critical Infrastructure Protection, Elsevier, vol. 39(C).
    7. Klein, Peter & Klein, Fabian, 2019. "Dynamics of interdependent critical infrastructures – A mathematical model with unexpected results," International Journal of Critical Infrastructure Protection, Elsevier, vol. 24(C), pages 69-77.
    8. Tsavdaroglou, Margarita & Al-Jibouri, Saad H.S. & Bles, Thomas & Halman, Johannes I.M., 2018. "Proposed methodology for risk analysis of interdependent critical infrastructures to extreme weather events," International Journal of Critical Infrastructure Protection, Elsevier, vol. 21(C), pages 57-71.
    9. Katina, Polinpapilinho F. & Ariel Pinto, C. & Bradley, Joseph M. & Hester, Patrick T., 2014. "Interdependency-induced risk with applications to healthcare," International Journal of Critical Infrastructure Protection, Elsevier, vol. 7(1), pages 12-26.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:spr:jtrsec:v:12:y:2019:i:1:d:10.1007_s12198-018-0195-z. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Sonal Shukla or Springer Nature Abstracting and Indexing (email available below). General contact details of provider: http://www.springer.com .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.