Abstract
In this paper, we present challenges and risks concerning cyber security in a supply chain environment. In particular, we focus on the MITIGATE (Multidimensional, IntegraTed, rIsk assessment framework and dynamic, collaborative risk manaGement tools for critical information infrAstrucTrurEs) Supply Chain Risk Assessment methodology, which is in compliance with ISO28001 and can be applied in order to assess the security risks of all the organizations involved in a supply chain. To validate the MITIGATE approach, we provide use cases based on real-life maritime scenarios and real-world data collection. To this end, a number of best practices in the form of guidelines for a successful application of the MITIGATE risk management system in supply chain environments are presented. The main advantages of the Mitigate Risk Assessment approach over existing maritime initiatives and efforts are also highlighted.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
C. Alberts, J. Haller et al., Assessing DoD system acquisition supply chain risk management. CrossTalk 30(3), 4–9 (2017)
S. Boyson, Cyber supply chain risk management: revolutionizing the strategic control of critical IT systems. Technovation 34(7), 342–353 (2014)
K. Burgess, P.J. Singh et al., Supply chain management: a structured literature review and implications for future research. Int. J. Oper. Prod. Manag. 26(7), 703–729 (2006)
P. Chen, L. Desmet et al., A study on advanced persistent threats. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). LNCS, vol. 8735 (2014), pp. 63–72
R. Cigolini, M. Pero et al., Reinforcing supply chain security through organizational and cultural tools within the intermodal rail and road industry. Int. J. Logist. Manag. 27(3), 816–836 (2016)
D.J. Closs, E.F. McGarrell, Enhancing security throughout the supply chain (IBM Center for the Business of Government Washington, DC, 2004)
A. Couce-Vieira, S.H. Houmb, The role of the supply chain in cybersecurity incident handling for drilling rigs. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). LNCS, vol. 9923 (2016), pp. 246–255
J.K. Deane, C.T. Ragsdale et al., Managing supply chain risk and disruption from IT security incidents. Oper. Manag. Res. 2(1), 4–12 (2009)
J.E. Gould, C. Macharis et al., Emergence of security in supply chain management literature. J. Transp. Secur. 3(4), 287–302 (2010)
X. Gutiérrez, J. Hintsa et al., Voluntary supply chain security program impacts: an empirical study with basic member companies. World Cust. J. 1(2), 31–48 (2007)
ISO 28000:2007, Specification for security management systems for the supply chain, Geneva, Switzerland: ISO/IEC
ISO 28001:2007, Security management systems for the supply chain—Best practices for implementing supply chain security, assessments and plans—Requirements and guidance, Geneva, Switzerland: ISO/IEC
ISO/IEC 27005:2008, Information technology—Security techniques—Information security risk management, ISO/IEC
ISO/IEC 27001:2013, Information technology—Security techniques—Information security management systems—Requirements, ISO/IEC
E.-M. Kalogeraki, D. Apostolou et al., Knowledge management methodology for identifying threats in maritime/logistics supply chains. Knowl. Manag. Res. Pract. 16(4), 508–524 (2018)
E.-M. Kalogeraki, S. Papastergiou et al., A novel risk assessment methodology for SCADA maritime logistics environments. Appl. Sci. (Switzerland) 8(9), 1477 (2018)
C. Keegan, Cyber security in the supply chain: a perspective from the insurance industry. Technovation 34(7), 380–381 (2014)
S. Kenny, Strengthening the network security supply chain. Comput. Fraud Secur. 2017(12), 11–14 (2017)
P. Kotzanikolaou, S. Papastergiou et al., Design and validation of the Medusa supply chain risk assessment methodology and system. Int. J. Crit. Infrastruct. 14(1), 1–39 (2018)
P. Kotzanikolaou, M. Theoharidou et al., Interdependencies between critical infrastructures: analyzing the risk of cascading effects, in International Workshop on Critical Information Infrastructures Security (Springer, 2011)
P. Kotzanikolaou, M. Theoharidou et al., Assessing n-order dependencies between critical infrastructures. Int. J. Crit. Infrastruct. 9(1–2), 93–110 (2013)
G. Lu, X.A. Koufteros, Adopting security practices for transport logistics: institutional effects and performance drivers. Int. J. Shipp. Transp. Logist. 6(6), 611–631 (2014)
A. Marucheck, N. Greis et al., Product safety and security in the global supply chain: issues, challenges and research opportunities. J. Oper. Manag. 29(7–8), 707–720 (2011)
J.T. Mentzer, W. DeWitt et al., Defining supply chain management. J. Bus. Logist. 22(2), 1–25 (2001)
A. Nagurney, P. Daniele et al., A supply chain network game theory model of cybersecurity investments with nonlinear budget constraints. Ann. Oper. Res. 248(1–2), 405–427 (2017)
M.S. Nikabadi, A. Jafarian et al., The effect of information security management on organizational processes integration in supply chain. Inf. Sci. Technol. 27(2), (2012)
S. Papastergiou, N. Polemi, MITIGATE: a dynamic supply chain cyber risk assessment methodology, in Smart Trends in Systems, Security and Sustainability, ed. by X.S. Yang, A. Nagar, A. Joshi. Lecture Notes in Networks and Systems, vol. 18 (Springer, 2018), pp. 1–9
M. Pero, I. Sudy, Increasing security and efficiency in supply chains: a five-step approach. Int. J. Shipp. Transp. Logist. 6(3), 257–279 (2014)
N. Polatidis, E. Pimenidis et al., From product recommendation to cyber-attack prediction: generating attack graphs and predicting future attacks, in Evolving Systems (Springer, 2018), pp. 1–12. ISSN: 1868-6478
N. Polemi, P. Kotzanikolaou, Medusa: a supply chain risk assessment methodology. Commun. Comput. Inf. Sci. 530, 79–90 (2015)
D. Power, Supply chain management integration and implementation: a literature review. Supply Chain Manag. 10(4), 252–263 (2005)
S. Rass, S. König et al., Uncertainty in Games: Using Probability-Distributions as Payoffs. Lecture Notes in Computer Science, vol. 9406 (2015), pp. 346–357
N.S. Safa, The information security landscape in the supply chain. Comput. Fraud Secur. 2017(6), 16–20 (2017)
P.N. Sindhuja, Impact of information security initiatives on supply chain performance an empirical investigation. Inf. Manag. Comput. Secur. 22(5), 450–473 (2014)
A.K. Sood, R.J. Enbody, Targeted cyberattacks: a superset of advanced persistent threats. IEEE Secur. Priv. 11(1), 54–61 (2013)
C. Speier, J.M. Whipple et al., Global supply chain design considerations: mitigating product safety and security risks. J. Oper. Manag. 29(7–8), 721–736 (2011)
G. Stergiopoulos, P. Kotzanikolaou et al., Risk mitigation strategies for critical Infrastructures based on graph centrality analysis. Int. J. Crit. Infrastruct. Prot. 10, 34–44 (2015)
G. Stergiopoulos, P. Kotzanikolaou et al., Time-based critical infrastructure dependency analysis for large-scale and cross-sectoral failures. Int. J. Crit. Infrastruct. Prot. 12, 46–60 (2016)
C. Tankard, Advanced persistent threats and how to monitor and deter them. Netw. Secur. 2011(8), 16–19 (2011)
S. Véronneau, J. Roy, Security at the source: securing today’s critical supply chain networks. J. Trans. Secur. 7(4), 359–371 (2014)
K. Yoshifu, M. Itoh et al., Cybersecurity consulting services in the world of IoT. NEC Tech. J. 12(2), 64–69 (2018)
S.H. Zailani, K.S. Subaramaniam et al., The impact of supply chain security practices on security operational performance among logistics service providers in an emerging economy: security culture as moderator. Int. J. Phys. Distrib. Logist. Manag 45(7), 652–673 (2015)
Acknowledgements
This work has been funded by the EU under the HORIZON2020 program’s Mitigate and Sauron projects, Grant Agreements No. 653212 and No. 740477.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this chapter
Cite this chapter
Papastergiou, S., Kalogeraki, EM., Polemi, N., Douligeris, C. (2021). Challenges and Issues in Risk Assessment in Modern Maritime Systems. In: Tsihrintzis, G., Virvou, M. (eds) Advances in Core Computer Science-Based Technologies. Learning and Analytics in Intelligent Systems, vol 14. Springer, Cham. https://doi.org/10.1007/978-3-030-41196-1_7
Download citation
DOI: https://doi.org/10.1007/978-3-030-41196-1_7
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-41195-4
Online ISBN: 978-3-030-41196-1
eBook Packages: EngineeringEngineering (R0)