About | HeinOnline Law Journal Library | HeinOnline Law Journal Library | HeinOnline
LOG IN
LOG IN

12 J. Transp. Sec. 1 (2019)

handle is hein.journals/jtransps12 and id is 1 raw text is: Journal of Transportation Security (2019) 12:1-35 https://doi.org/10.1007/s12198-018-0195-z CmrssMark MITIGATE: a dynamic supply chain cyber risk assessment methodology Stefan Schauer' Nineta Polemi2 - Haralambos Mouratidis3 Received: 7 August 2017 /Accepted: 25 July 2018 /Published online: 1 September 2018 O Springer Science+Business Media, LLC, part of Springer Nature 2018, corrected publication 2018 Abstract Modern port infrastructures have become highly dependent on the operation of com- plex, dynamic ICT-based maritime supply chains. This makes them open and vulner- able to the rapidly changing ICT threat landscape and many ports are not yet fully prepared for that. Furthermore, these supply chains represent a highly interrelated cyber ecosystem, in which a plethora of distributed ICT systems of various business partners interact with each other. Due to these interrelations, isolated threats and vulnerabilities within a system of a single business partner may propagate and have cascading effects on multiple other systems, thus resulting in a large-scale impact on the whole supply chain. In this context, this article proposes a novel evidence-driven risk assessment methodology, i.e., the MITIGATE methodology, to analyze the risk level of the whole maritime supply chain. This methodology builds upon publicly available information, well-defined mathematical approaches and best practices to automatically identify and assess vulnerabilities and potential threats of the involved cyber assets. As a major benefit, the methodology provides a constantly updated risk evaluation not only of all cyber assets within each business partner in the supply chain but also of the cyber interconnections among those business partners. Additionally, the whole process is based on qualitative risk scales, which makes the assessment as well as the results more intuitive. The main goal of the MITIGATE methodology is to support the port authorities as well as the risk officers of all involved business partners. W Stefan Schauer stefan.schauer@ait.ac.at Nineta Polemi dpolemi@gmail.com Haralambos Mouratidis H.Mouratidis @brighton.ac.uk Austrian Institute of Technology, Klagenfurt, Austria 2 European Commission, Brussels, Belgium 3 School of Computing, Engineering and Mathematics, University of Brighton, Brighton, UK 4_ Springer

What Is HeinOnline?

HeinOnline is a subscription-based resource containing thousands of academic and legal journals from inception; complete coverage of government documents such as U.S. Statutes at Large, U.S. Code, Federal Register, Code of Federal Regulations, U.S. Reports, and much more. Documents are image-based, fully searchable PDFs with the authority of print combined with the accessibility of a user-friendly and powerful database. For more information, request a quote or trial for your organization below.



Short-term subscription options include 24 hours, 48 hours, or 1 week to HeinOnline.

Purchase Access

Contact us for annual subscription options:

Contact Us

Already a HeinOnline Subscriber?

Log In

profiles profiles most