A Conceptual Cyber-Risk Assessment of Port Infastructure

Abstract

Cyber-security is a growing issue across the world, however increasing concerns are being directed at ports, as they are a hub for multiple transport operations. Ransomware has shown its potential effects in recent events, infecting logistic infrastructure at Maersk and United States of America oil pipelines. As a part of a European Union Project called Cyber-MAR, researchers have been given data from several ports on the cyber-environment of their facilities. The main goal is to raise awareness of cyber-risks in ports and potential mitigations with the novel application of a dynamic risk assessment tool (Maritine Cyber Risk Assessment or MaCRA) to ports. MaCRA methodology uses a dynamic risk model to analyse maritime risks specifically, as cyber-attacks on ships and at the ports can have hard implications in both the cyber and real world. This paper uses generalised port data to create a preliminary, conceptual cyber risk assessment of ports, to raise awareness by building general risk profiles without revealing real port vulnerabilities. From this risk assessment, the authors expect to find several high-level cyber-risks that ports may need to address, as well as some scenarios that could increase or decrease those risks. The limitation of this research is the availability of data, which is somewhat mitigated by Cyber-MAR port partners. The main goal is to raise awareness of cyber-risks in ports and potential mitigation measures with the novel application of a dynamic risk assessment tool (MaCRA) to ports. This also provides a basis for further research in Cyber-MAR, as the authors will be using simulation and more real-world data to enhance the findings in this conceptual paper.