Modelling of Port Information Infrastructure Systems Security
University of Piraeus, Greece
A Supply Chain Service (SCS) is a complex network of interconnected business partners, including all the information, processes and assets required for the movement of goods and the performance of services. During the last decades, SCS has become a rapidly growing research area, studying the interactions and interrelations between heterogeneous systems, especially within the Industry Sector. Maritime Logistics and Supply Chain Services (MLoSCs) are typical industry SCS examples that include customs, shippers, maritime transport and port stakeholders. However, the smooth operation of an SCS could suffer from interruptions and delays due to a variety of reasons ranging from acknowledged business and financial factors (e.g. frequent changes in business partners leadership and demand uncertainty) to the exploitation of physical threats (e.g. bombing of a storage room) or cyber threats (e.g. gaining unauthenticated access to an alarm system and changing the alarm settings). Cyber threat exploitation results from the lack of implemented security controls, making the assets vulnerable to these threats. In the modern competitive digital maritime markets, where the provision of a SCS depends more than ever upon a multitude of interrelated cyber assets (e.g. networks, equipment, software and digital data), internal and external emerging cyber risks have become the main cause of a SCS disruption. By visualizing the processes of a SCS, one can identify the assets involved and their relationships and could help the various SCS business partners to better analyze the threats and their cascading effects within the SCS, thus preventing security incidents and making the right decisions to protect the SCS assets and properly provision the expected services. This lecture introduces a process-centric approach for modelling security concepts in MLoSCs in order to improve Supply Chain sustainability. We focus on the MLoSC Vehicle Transport Service (VTS). We present as a demonstration scenario, a business-process oriented model, which is developed via the ADOxx platform using the BPMN 2.0 specification. In this framework, three dominant maritime infrastructures have been modeled, namely the Port Community System (PCS), the Automatic Identification System (AIS) and the SCADA system. In order to show how security issues can be visualized in a MLoSC environment we apply simulation techniques on the developed process models. The three model infrastructures are component materials of the MITIGATE EU project, which has a goal the development of a platform that provides risk assessment techniques in critical maritime cyber assets aiming to manage risks that could compromise the organization’s information security.
Lecture at NEMO2017
Date/Time: Thursday, July 20, 2017 at 14:30