A conceptual cyber-risk assessment of port infrastructure

Cyber-security is a growing issue globally; however, increasing concerns are being directed at ports, as they are a hub for multiple transport operations. Ransomware has shown its potential effects in recent events, infecting logistic infrastructure at Maersk and United States of America oil pipelines. As a part of a European Union Project called Cyber-MAR, researchers have been given data from several ports on their facilities’ cyber-environment. The main goal is to raise awareness of cyber-risks in ports and potential mitigations with the novel application of a dynamic risk assessment tool (Maritime Cyber Risk Assessment or MaCRA) to ports. MaCRA methodology uses a dynamic risk model to analyse maritime risks specifically, as cyber-attacks on ships and at the ports can have hard implications in both the cyber and real world. This paper uses generalised port data to create a preliminary, conceptual cyber risk assessment of ports, to raise awareness by building general risk profiles without revealing real port vulnerabilities. From this risk assessment, the authors expect to find several high-level cyber-risks that ports may need to address, as well as some scenarios that could increase or decrease those risks. This research’s limitation is the availability of data, which is somewhat mitigated by Cyber-MAR port partners. The main goal is to raise awareness of cyber-risks in ports and potential mitigation measures with the novel application of a dynamic risk assessment tool (MaCRA) to ports. This also provides a basis for further research in Cyber-MAR, as the authors will be using simulation and more real-world data to enhance the findings in this conceptual paper.