Abstract
In the modern era, the ports’ Supply Chains (SCs) are the blood veins of global trade and subject to protection in political crisis and warfighting. Nowadays, these ports’ SCs (e.g., container management, vehicle transport, liquefied natural gas (LNG) storage and transport, cruising) are very complex, diverse and involve many cross border partners (e.g., governmental bodies, maritime companies, airports, railways, energy providers, banks, transport/logistic companies) operating within their SCs having physical and cyber multi-interdependencies, interacting with all sectors of economy. For example, most physical processes in ports (e.g., vehicles and cargo loading/unloading, LNG distribution and storage) are executed with autonomous or semiautonomous systems under the control of sophisticated logistic software systems (e.g., Industrial Cyber-Physical Systems, SCADA). These cyber-physical systems are connected around the world through cyberspace with other SC operators (e.g., ship industry, trading, transport, maritime, and logistics companies) to ensure a seamless and swift data exchange and with that swift and seamless trade from the producer down to the end consumer.
Associate Professor Nineta Polemi served as technical and project manager of the European projects CYSM, MEDUSA, and MITIGATE.
This is a preview of subscription content, log in via an institution to check access.
References
Austrian Standards Institute. (2004). ONR 49000: Risikomanagement für Organisationen und Systeme: Begriffe und Grundlagen, Wien.
Bundesamt für Sicherheit in der Informationstechnik. (2013). IT-Grundschutz Kataloge. Online: https://www.bsi.bund.de/DE/Themen/ITGrundschutz/itgrundschutz_node.html
CCRA Working Group. (2006). Common criteria for information technology security evaluation, CCRA. [Online] Available: www.commoncriteriaportal.org
Common Criteria Working Group. (2007). Common methodology for information technology security evaluation – Evaluation methodology, CCMB-2007-09-004. http://www.commoncriteriaportal.org
European Commission. (2004). Regulation (EC) No 725/2004 of the European Parliament and of the Council of 31 March 2004 on enhancing ship and port facility security. Off J Eur Union, L 129/6, pp. 6–91.
European Network and Information Security Agency. (2010). Inventory of risk management/risk assessment methods. [Online] Available: http://rm-inv.enisa.europa.eu/rm_ra_methods.html
International Maritime Organisation. (2004). International Ship and Port Facility Security Code, London.
International Standardization Organization. (2005). ISO 20000: Information technology service management, Geneva.
International Standardization Organization. (2007). Ships and marine technology – Maritime port facility security assessments and security plan development, Geneva.
International Standardization Organization. (2009a). ISO 31000: Risk management – Principles and guidelines, Geneva.
International Standardization Organization. (2009b). ISO 31010: Risk management – Risk assessment techniques, Geneva.
International Standardization Organization. (2011). ISO 27005: Information security risk management, Geneva.
International Standardization Organization. (2013). ISO 27001: Information security management system requirements, Geneva.
Kalogeraki, E. M., Polemi, N., Papastergiou, S., & Panayiotopoulos, T. (2017). Modeling SCADA attacks. World conference on smart trends in systems, security and sustainability (WS4 2017), Springer Computer Science proceedings, 15–16 Feb 2017, London.
Karantjias, A., Polemi, D., & Papastergiou, S. (2014). Advanced security management system for critical infrastructures. Special session on “secure and sustainable maritime digital environment” within the fifth international conference on information, intelligence, systems and applications (IISA 2014), 07 July 2014, Chania Crete.
Papastergiou, S., & Polemi, D. (2014). Harmonizing commercial port security practices & procedures in Mediterranean Basin. Special session on “secure and sustainable maritime digital environment” within the fifth international conference on information, intelligence, systems and applications (IISA 2014), 07 July 2014, Chania Crete.
Papastergiou, S., & Polemi, D. (2016). Securing maritime logistics and supply chain: The Medusa and MITIGATE approaches. 1st NMIOTC conference on cyber security in the maritime environment, NATO Maritime Interdiction Operational Training Centre, 4–5 Oct 2016, Chania Crete.
Papastergiou, S., & Polemi, D. (2017). MITIGATE: A dynamic supply chain cyber risk assessment methodology. World conference on smart trends in systems, security and sustainability (WS4 2017), Springer Computer Science proceedings, 15–16 Feb 2017, London.
Papastergiou, S., Polemi, N., & Karantjias, A. (2015a). CYSM: An innovative physical/cyber security management system for ports. Third international conference, HAS 2015, held as part of HCI International 2015, Los Angeles, CA, 2–7 Aug 2015. Proceedings, pp. 219–230.
Papastergiou, S., Polemi, D., & Papagiannopoulos, I. (2015b). Business and threat analysis of ports’ supply chain services. Special session on “innovative risk management methodologies and tools for critical information infrastructures (CII)” within the 6th international conference on digital human modeling and applications in health, safety, ergonomics and risk management (HCI International 2015), 2–7 Aug 2015, Los Angeles, CA.
Peltier, T. R. (2001). Information security risk analysis. Boca Raton: Auerbach Publications.
Polemi, N., & Kotzanikolaou, P. (2015). Medusa: A supply chain risk assessment methodology. In Cyber security and privacy: Vol. 530. Communications in computer and information science. Cham: Springer
Polemi, D., & Papastergiou, S. (2015) Current efforts in ports and supply chains risk assessment. IEEE proceedings of the 10th international conference for internet technologies and secure transactions, London.
Polemi, N., Kotzanikolaou, P., & Papastergiou, S. (2017). Design and validation of the MEDUSA supply chain risk assessment methodology and system. International Journal of Critical Infrastructures. Inderscience Publishers (Status: Under review).
S. E. Schechter. (2004). Computer security strength and risk: A quantitative approach, Harvard University, Cambridge, MA.
The Stationery Office (TSO). (2007). Continual service improvement, ITIL V3.
Acknowledgments
This work has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No 653212, project MITIGATE . The authors also thank all partners of these projects. Finally, special thanks to University of Piraeus, Research Center for its continuous support.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Section Editor information
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this entry
Cite this entry
Polemi, N., Papastergiou, S. (2017). Assessing the Risk of Ports and Their Supply Chains: The CYSM, MEDUSA, and MITIGATE Approaches. In: Carayannis, E., Campbell, D., Efthymiopoulos, M. (eds) Handbook of Cyber-Development, Cyber-Democracy, and Cyber-Defense. Springer, Cham. https://doi.org/10.1007/978-3-319-06091-0_53-1
Download citation
DOI: https://doi.org/10.1007/978-3-319-06091-0_53-1
Received:
Accepted:
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-06091-0
Online ISBN: 978-3-319-06091-0
eBook Packages: Springer Reference Economics and FinanceReference Module Humanities and Social SciencesReference Module Business, Economics and Social Sciences