A Conceptual Model of Port Cybersecurity and Threats: Knowledge and Understanding

Yıl 2022, Sayı: 21, 23 - 32, 18.05.2022

Hakan Akyıldız

Öz

The use of risk analysis methods as decision support tools is getting more and more acceptance to analyze, recover or mitigate potential risks in engineering applications. Through the analysis to obtain more reliable and realistic solutions, level of understanding, quality of knowledge, uncertainty level of cybersecurity and threats, sensitivity levels of model parameters, are integrated to model parameters to analyze port cybersecurity and threats. In the port activities to increase their competitiveness, the digitalization of port operators with the integrated cyber technology becomes the major vulnerability for cybersecurity and threats. In order to investigate the cybersecurity measures, a risk perspective for the integrated risk management and decision making process conceptualized in terms of human, infrastructure, and procedure factors. Additionally, it is investigated the relationships between port cybersecurity hygiene and cyber threats in terms of hacktivism, cyber criminality, cyber espionage, cyber terrorism, and cyber war. The results indicated that ports tended to encounter hacktivism when their human, infrastructure, and procedure factors were vulnerable. The weakness of the human factor could also lead to cyber terrorism, while the deficiency of the infrastructure factor could lead to cyber criminality. Moreover, ports were likely to be harmed by cyber espionage if their procedure factor was poorly implemented.

Anahtar Kelimeler

Port cybersecurity and Threats, Cyber technology, Port digitalization, integrated risk assessment, uncertainty analysis

Kaynakça

• [1] Aharoni, E. (2018). Cybercriminals are industrious when hacking industries.. Retrieved from https://blog.cymulate.com/cybercriminals-are-industrious-whenhacking-industries
• [2] Ahokas, J., Kiiski, T., Malmsten, J., & Ojala, L. (2017). Cybersecurity in ports: A conceptual approach. Hamburg International Conference of Logistics, 23.
• [3] Barnes, P., & Oloruntoba, R. (2005). Assurance of security in maritime supply chains: Conceptual issues of vulnerability and crisis management. Journal of International Management, 11(4), 519–540.
• [4] Baumberger, C., 2011. Understanding and its Relation to Knowledge. 34th International Wittgenstein Symposium, 16–18, Kirchberg am Wechsel.
• [5] Baumberger, C, 2014. Art and understanding. In defence of aesthetic cognitivism. In: Wagner, C., Greenlee, M., Hammwöhner, R., Körber, B., Wolff, C., editors. Bilder sehen. Perspektiven der Bildwissenschaft. Regensburg: SchnellþSteiner.
• [6] Boiko, A., Shendryk, V., & Boiko, O. (2019). Information systems for supply chain management: Uncertainties, risks and cyber security. Procedia Computer Science, 149, 65–70.
• [7] Boyes, H., Isbell, R., & Luck, A. (2016). Code of practice cyber security for ports. London: Institution of Engineering and Technology.
• [8] Chao, S.-L., & Lin, P.-S. (2009). Critical factors affecting the adoption of container security service: The shippers’ perspective. International Journal of Production Economics, 122(1), 67–77.
• [9] Cherdantseva, Y., Burnap, P., Blyth, A., Eden, P., Jones, K., Soulsby, H., & Stoddart, K. (2016). A review of cyber security risk assessment methods for SCADA systems. Computers & Security, 56, 1–27.
• [10] Choong-Hee, H., Soon-Tai, P., & Sang-Joon, L. (2019). The Enhanced Security Control model for critical infrastructures with the blocking prioritization process to cyber threats in power system. International Journal of Critical Infrastructure Protection, 26, 103–112.
• [11] Christou, G. (2016). Cybersecurity in the European Union. London: Palgrave Macmillan.
• [12] Elgin, C., 2006. Understanding and the facts. Philosophical Studies, 132(1), 33–42.
• [13] Fosen, J. (2019). Cyber security awareness in the maritime industry.. Retrieved from http://www.gard.no/Content/25634225/Cyber%20Security resentation%20(ID%201418279).pdf
• [14] Green, J. A. (2015). Cyber warfare: A multidisciplinary analysis. Abington: Routledge.
• [15] Homeland Security. (2018). Examining physical security and cybersecurity at our nation’s ports. Washington: U.S. Government Publishing Office.
• [16] International Chamber of Shipping (2018). The Guidelines on Cyber Security Onboard Ships.. Retrieved from https://www.ics-shipping.org/docs/default-source/ resources/safety-security-and-operations/guidelines-on-cyber-securityonboard-ships.pdf?sfvrsn=20
• [17] International Maritime Organization (IMO). (2014). Maritime (ISPS Code) Regulations 2014. Retrieved from http://extwprlegs1.fao.org/docs/pdf/fij152587.pdf
• [18] International Maritime Organization (IMO). (2014). Guidelines on maritime cyber risk management. Retrieved from http://www.imo.org/en/OurWork/ Security/Guide to Maritime Security/Documents/MSC-FAL.1-Circ.3%20%20Guidelines%20On%20Maritime%20Cyber%20Risk%20Management%20 (Secretariat).pdf
• [19] IMO (2019a). Air pollution, energy efficiency and greenhouse gas emissions.. Retrieved from http://www.imo.org/en/OurWork/Environment/PollutionPrevention/AirPollution/Pages/Default.aspx
• [20] IMO (2019b). AIS transponders. Retrieved from http://www.imo.org/en/OurWork/Safety/Navigation/Pages/AIS.aspx
• [21] IMO (2019c). SOLAS XI-2 and the ISPS code.. Retrieved from The International Ship and Port Facility (ISPS) Code: http://www.imo.org/en/OurWork/Security/Guide to Maritime Security/ Pages/SOLAS-XI-2%20ISPS%20Code.aspx
• [22] Kapalidis, C. (2018, November 27). Port Cyber Security: Maersk, Cosco, Barcelona, San Diego. Who is next? Retrieved from http://www.boussiasconferences.gr/files/ boussias conferences content/presentations/portdevelopment/2018/chronis kapalidis portdevelopment 18.pdf
• [23] Lee, H. L., & Whang, S. (2005). Higher supply chain security with lower cost: Lessons from total quality management. International Journal of Production Economics, 96(3), 289–300.
• [24] Lewis, J. A. (2002, November 1). Assessing the risks of cyber terrorism, cyber war and other cyber threats.. Retrieved from https://www.csis.org/analysis/assessingrisks-cyber-terrorism-cyber-war-and-other-cyber-threats
• [25] Limnéll, J., Majewski, K., Salminen, M., & Samani, R. (2015). Cyber security for decision makers. Aalborg: Docendo.
• [26] McLay, L. A., & Dreiding, R. (2012). Multilevel, threshold-based policies for cargo container security screening systems. European Journal of Operational Research, 220(2), 522–529.
• [27] McNicholas, M. A. (2016). Vulnerabilities in the cargo supply chain. Maritime Security, 137–168.
• [28] Michel, S., Mendes, M., Ruiter, J. C., Koomen, G. C., & Schwaninger, A. (2014). Increasing X-ray image interpretation competency of cargo security screeners. International Journal of Industrial Ergonomics, (44), 551–560.
• [29] Moerel, L., & Dezeure, F. (2017). Cyber security in port: Business as usual?
• [30] Retrieved from http://www.vndelta.eu/files/3215/1125/0649/Cyber Security in Ports Whitepaper VND vonference november 2017.pdf
• [31] Montewka, J., Ehlers, S., Goerlandt, F., Hinz, T., Tabri, K., Kujala, P., 2014. A framework for risk assessment for maritime transportation systems – A case study for open sea collisions involving RoPax vessels. Reliability Engineering and System Safety, 124, 142–57.
• [32] National Crime Agency. (2017). Cyber crime.. Retrieved from https://www.nationalcrimeagency.gov.uk/what-we-do/crime-threats/cyber-crime
• [33] Pallis, P. L. (2017). Port risk management in container terminals. Transportation Research Procedia, 25, 4411–4421.
• [34] Pintong, W. (2010). GMS trade facilitation enhancement thailands contributions.. Retrieved from https://www.nesdb.go.th/ewt dl link.php?nid=3358
• [35] Platt, V. (2011). Still the fire-proof house? An analysis of Canada’s cyber security strategy. International Journal: Canada’s Journal of Global Policy Analysis, 67(1), 155–167.
• [36] Polatidis, N., Pavlidis, M., & Mouratidis, H. (2018). Cyber-attack path discovery in a dynamic supply chain maritime risk management system. Computer Standards & Interfaces, 56, 74–82.
• [37] Ralston, P., Graham, J. H., & Hieb, J. L. (2007). Cyber security risk assessment for SCADA and DCS networks. ISA Transactions, 46(4), 583–594.
• [38] Shepherd, J. (2004). What is the digital era? Social and Economic Transformation in the Digital Era, 18.
• [39] Tonn, G., Kesan, J. P., Zhang, L., & Czajkowski, J. (2019). Cyber risk and insurance for transportation infrastructure. Transport Policy, 79, 103–114.
• [40] Tsai, M.-C. (2006). Constructing a logistics tracking system for preventing smuggling risk of transit containers. Transportation Research Part A: Policy and Practice, 40(6), 526–536.
• [41] Vorakulpipat, C. (2013). Good practices and challenges in Cyber Security Thailand.. Retrieved from www.connect2sea.eu/news-and-events/news/details/EU-SEA- Workshop-International-Cooperation-on-Cyber-Security-Towards-the-NewAvenues-organised-in-Hanoi-Vietnam.html%3Ffile%3Dfiles/connect2sea/files/ Workshops/Good%2520Practices%2520and%2520Challenges%2520in
• [42] Windelberg, M. (2016). Objectives for managing cyber supply chain risk. International Journal of Critical Infrastructure Protection, 12, 4–11.
• [43] Yeo, G.-T., Pak, J.-Y., & Yang, Z. (2013). Analysis of dynamic effects on seaports adopting port security policy. Transportation Research Part A: Policy and Practice, 49, 285–301.