Skip to main content
SpringerLink
Log in

Challenges and Issues in Risk Assessment in Modern Maritime Systems

  • Chapter
  • First Online:
Advances in Core Computer Science-Based Technologies

Part of the book series: Learning and Analytics in Intelligent Systems ((LAIS,volume 14))

Abstract

In this paper, we present challenges and risks concerning cyber security in a supply chain environment. In particular, we focus on the MITIGATE (Multidimensional, IntegraTed, rIsk assessment framework and dynamic, collaborative risk manaGement tools for critical information infrAstrucTrurEs) Supply Chain Risk Assessment methodology, which is in compliance with ISO28001 and can be applied in order to assess the security risks of all the organizations involved in a supply chain. To validate the MITIGATE approach, we provide use cases based on real-life maritime scenarios and real-world data collection. To this end, a number of best practices in the form of guidelines for a successful application of the MITIGATE risk management system in supply chain environments are presented. The main advantages of the Mitigate Risk Assessment approach over existing maritime initiatives and efforts are also highlighted.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 109.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. C. Alberts, J. Haller et al., Assessing DoD system acquisition supply chain risk management. CrossTalk 30(3), 4–9 (2017)

    Google Scholar 

  2. S. Boyson, Cyber supply chain risk management: revolutionizing the strategic control of critical IT systems. Technovation 34(7), 342–353 (2014)

    Google Scholar 

  3. K. Burgess, P.J. Singh et al., Supply chain management: a structured literature review and implications for future research. Int. J. Oper. Prod. Manag. 26(7), 703–729 (2006)

    Google Scholar 

  4. P. Chen, L. Desmet et al., A study on advanced persistent threats. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). LNCS, vol. 8735 (2014), pp. 63–72

    Google Scholar 

  5. R. Cigolini, M. Pero et al., Reinforcing supply chain security through organizational and cultural tools within the intermodal rail and road industry. Int. J. Logist. Manag. 27(3), 816–836 (2016)

    Google Scholar 

  6. D.J. Closs, E.F. McGarrell, Enhancing security throughout the supply chain (IBM Center for the Business of Government Washington, DC, 2004)

    Google Scholar 

  7. A. Couce-Vieira, S.H. Houmb, The role of the supply chain in cybersecurity incident handling for drilling rigs. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). LNCS, vol. 9923 (2016), pp. 246–255

    Google Scholar 

  8. J.K. Deane, C.T. Ragsdale et al., Managing supply chain risk and disruption from IT security incidents. Oper. Manag. Res. 2(1), 4–12 (2009)

    Google Scholar 

  9. J.E. Gould, C. Macharis et al., Emergence of security in supply chain management literature. J. Transp. Secur. 3(4), 287–302 (2010)

    Google Scholar 

  10. X. Gutiérrez, J. Hintsa et al., Voluntary supply chain security program impacts: an empirical study with basic member companies. World Cust. J. 1(2), 31–48 (2007)

    Google Scholar 

  11. ISO 28000:2007, Specification for security management systems for the supply chain, Geneva, Switzerland: ISO/IEC

    Google Scholar 

  12. ISO 28001:2007, Security management systems for the supply chain—Best practices for implementing supply chain security, assessments and plans—Requirements and guidance, Geneva, Switzerland: ISO/IEC

    Google Scholar 

  13. ISO/IEC 27005:2008, Information technology—Security techniques—Information security risk management, ISO/IEC

    Google Scholar 

  14. ISO/IEC 27001:2013, Information technology—Security techniques—Information security management systems—Requirements, ISO/IEC

    Google Scholar 

  15. E.-M. Kalogeraki, D. Apostolou et al., Knowledge management methodology for identifying threats in maritime/logistics supply chains. Knowl. Manag. Res. Pract. 16(4), 508–524 (2018)

    Google Scholar 

  16. E.-M. Kalogeraki, S. Papastergiou et al., A novel risk assessment methodology for SCADA maritime logistics environments. Appl. Sci. (Switzerland) 8(9), 1477 (2018)

    Google Scholar 

  17. C. Keegan, Cyber security in the supply chain: a perspective from the insurance industry. Technovation 34(7), 380–381 (2014)

    Google Scholar 

  18. S. Kenny, Strengthening the network security supply chain. Comput. Fraud Secur. 2017(12), 11–14 (2017)

    Google Scholar 

  19. P. Kotzanikolaou, S. Papastergiou et al., Design and validation of the Medusa supply chain risk assessment methodology and system. Int. J. Crit. Infrastruct. 14(1), 1–39 (2018)

    Google Scholar 

  20. P. Kotzanikolaou, M. Theoharidou et al., Interdependencies between critical infrastructures: analyzing the risk of cascading effects, in International Workshop on Critical Information Infrastructures Security (Springer, 2011)

    Google Scholar 

  21. P. Kotzanikolaou, M. Theoharidou et al., Assessing n-order dependencies between critical infrastructures. Int. J. Crit. Infrastruct. 9(1–2), 93–110 (2013)

    Google Scholar 

  22. G. Lu, X.A. Koufteros, Adopting security practices for transport logistics: institutional effects and performance drivers. Int. J. Shipp. Transp. Logist. 6(6), 611–631 (2014)

    Google Scholar 

  23. A. Marucheck, N. Greis et al., Product safety and security in the global supply chain: issues, challenges and research opportunities. J. Oper. Manag. 29(7–8), 707–720 (2011)

    Google Scholar 

  24. J.T. Mentzer, W. DeWitt et al., Defining supply chain management. J. Bus. Logist. 22(2), 1–25 (2001)

    Google Scholar 

  25. A. Nagurney, P. Daniele et al., A supply chain network game theory model of cybersecurity investments with nonlinear budget constraints. Ann. Oper. Res. 248(1–2), 405–427 (2017)

    MathSciNet  MATH  Google Scholar 

  26. M.S. Nikabadi, A. Jafarian et al., The effect of information security management on organizational processes integration in supply chain. Inf. Sci. Technol. 27(2), (2012)

    Google Scholar 

  27. S. Papastergiou, N. Polemi, MITIGATE: a dynamic supply chain cyber risk assessment methodology, in Smart Trends in Systems, Security and Sustainability, ed. by X.S. Yang, A. Nagar, A. Joshi. Lecture Notes in Networks and Systems, vol. 18 (Springer, 2018), pp. 1–9

    Google Scholar 

  28. M. Pero, I. Sudy, Increasing security and efficiency in supply chains: a five-step approach. Int. J. Shipp. Transp. Logist. 6(3), 257–279 (2014)

    Google Scholar 

  29. N. Polatidis, E. Pimenidis et al., From product recommendation to cyber-attack prediction: generating attack graphs and predicting future attacks, in Evolving Systems (Springer, 2018), pp. 1–12. ISSN: 1868-6478

    Google Scholar 

  30. N. Polemi, P. Kotzanikolaou, Medusa: a supply chain risk assessment methodology. Commun. Comput. Inf. Sci. 530, 79–90 (2015)

    Google Scholar 

  31. D. Power, Supply chain management integration and implementation: a literature review. Supply Chain Manag. 10(4), 252–263 (2005)

    Google Scholar 

  32. S. Rass, S. König et al., Uncertainty in Games: Using Probability-Distributions as Payoffs. Lecture Notes in Computer Science, vol. 9406 (2015), pp. 346–357

    Google Scholar 

  33. N.S. Safa, The information security landscape in the supply chain. Comput. Fraud Secur. 2017(6), 16–20 (2017)

    Google Scholar 

  34. P.N. Sindhuja, Impact of information security initiatives on supply chain performance an empirical investigation. Inf. Manag. Comput. Secur. 22(5), 450–473 (2014)

    Google Scholar 

  35. A.K. Sood, R.J. Enbody, Targeted cyberattacks: a superset of advanced persistent threats. IEEE Secur. Priv. 11(1), 54–61 (2013)

    Google Scholar 

  36. C. Speier, J.M. Whipple et al., Global supply chain design considerations: mitigating product safety and security risks. J. Oper. Manag. 29(7–8), 721–736 (2011)

    Google Scholar 

  37. G. Stergiopoulos, P. Kotzanikolaou et al., Risk mitigation strategies for critical Infrastructures based on graph centrality analysis. Int. J. Crit. Infrastruct. Prot. 10, 34–44 (2015)

    Google Scholar 

  38. G. Stergiopoulos, P. Kotzanikolaou et al., Time-based critical infrastructure dependency analysis for large-scale and cross-sectoral failures. Int. J. Crit. Infrastruct. Prot. 12, 46–60 (2016)

    Google Scholar 

  39. C. Tankard, Advanced persistent threats and how to monitor and deter them. Netw. Secur. 2011(8), 16–19 (2011)

    Google Scholar 

  40. S. Véronneau, J. Roy, Security at the source: securing today’s critical supply chain networks. J. Trans. Secur. 7(4), 359–371 (2014)

    Google Scholar 

  41. K. Yoshifu, M. Itoh et al., Cybersecurity consulting services in the world of IoT. NEC Tech. J. 12(2), 64–69 (2018)

    Google Scholar 

  42. S.H. Zailani, K.S. Subaramaniam et al., The impact of supply chain security practices on security operational performance among logistics service providers in an emerging economy: security culture as moderator. Int. J. Phys. Distrib. Logist. Manag 45(7), 652–673 (2015)

    Google Scholar 

Download references

Acknowledgements

This work has been funded by the EU under the HORIZON2020 program’s Mitigate and Sauron projects, Grant Agreements No. 653212 and No. 740477.

Author information

Authors and Affiliations

  1. Department of Informatics, University of Piraeus, Piraeus, Greece

    Spyridon Papastergiou, Eleni-Maria Kalogeraki, Nineta Polemi & Christos Douligeris

Authors
  1. Spyridon Papastergiou
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Eleni-Maria Kalogeraki
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Nineta Polemi
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Christos Douligeris
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Christos Douligeris .

Editor information

Editors and Affiliations

  1. Department of Informatics, University of Piraeus, Piraeus, Greece

    George A. Tsihrintzis

  2. Department of Informatics, University of Piraeus, Piraeus, Greece

    Maria Virvou

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Papastergiou, S., Kalogeraki, EM., Polemi, N., Douligeris, C. (2021). Challenges and Issues in Risk Assessment in Modern Maritime Systems. In: Tsihrintzis, G., Virvou, M. (eds) Advances in Core Computer Science-Based Technologies. Learning and Analytics in Intelligent Systems, vol 14. Springer, Cham. https://doi.org/10.1007/978-3-030-41196-1_7

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-41196-1_7

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-41195-4

  • Online ISBN: 978-3-030-41196-1

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation