More Web Proxy on the site http://driver.im/

research-article

Modelling Human Tasks to Enhance Threat Identification in Critical Maritime Systems

Authors:

Célia Martinie,

Christos Grigoriadis,

Eleni-Maria Kalogeraki,

Panayiotis KotzanikolaouAuthors Info & Claims

PCI '21: Proceedings of the 25th Pan-Hellenic Conference on Informatics

Pages 375 - 380

https://doi.org/10.1145/3503823.3503892

Published: 22 February 2022 Publication History

Abstract

Maritime supply chains involve various infrastructures and human actors, belonging to different organizations with diverse business and operational goals. Existing cybersecurity risk assessment methods are mainly focused on the identification of malicious actors and the relevant cyber threats. Nevertheless, threats can also arise from operators’ tasks and errors, while interacting with information systems. In this paper, we analyze how human task modeling techniques support the identification of cyber threats on supply chain operators’ tasks. In particular, we focus on external attackers threatening supply chain operators’ tasks, on internal supply chain operators making errors during planned tasks, as well as on insiders deviating from planned tasks. We present the application of the proposed technique on the MITIGATE risk assessment methodology. In addition, we describe an illustrative example of a maritime transport supply chain service process involving four types of users deriving from three types of organizations, who implement tasks ranging from the cargo manifest declaration to the maritime requested services preparation.

References

[1]

Jaap Boender, Marieta Georgieva Ivanova, Florian Kammüller, and Giuseppe Primiero. 2014. Modeling Human Behaviour with Higher Order Logic: Insider Threats. In 2014 Workshop on Socio-Technical Aspects in Security and Trust. 31–39.

[2]

Nicolas Broders, Célia Martinie, Philippe Palanque, Marco Winckler, and Kimmo Halunen. 2020. A Generic Multimodels-Based Approach for the Analysis of Usability and Security of Authentication Mechanisms. 12481 (2020), 61–83.

[3]

Chia-Hsun Chang, Jingjing Xu, and Dong-Ping Song. 2014. An analysis of safety and security risks in container shipping operations: A case study of Taiwan. Safety Science 63(2014), 168–178.

[4]

European Maritime Safety Agency EMSA. 2020. Analysis of marine casualties and incidents involving container vessels. V1.0. Safety analysis of EMCIP data. (September 2020).

[5]

Mark Evans, Ying He, Leandros Maglaras, and Helge Janicke. 2019. HEART-IS: A novel technique for evaluating human error-related information security incidents. Computers & Security 80(2019), 74–89.

[6]

Racim Fahssi, Célia Martinie, and Philippe Palanque. 2015. Enhanced Task Modelling for Systematic Identification and Explicit Representation of Human Errors, Vol. 9299. Springer, Cham.

[7]

European Union Agency for Cybersecurity ENISA. 2016. Threat taxonomy. (2016). https://www.enisa.europa.eu/topics/threat-risk-management/threats-and-trends/enisa-threat-landscape/threat-taxonomy/view

[8]

12. International Maritime Organization IMO. 2017. Guidelines on Maritime Cyber risk management. MSC-FAL.1/Circ.3. (July 2017).

[9]

Célia Martinie, David Navarre, Philippe Palanque, and Camille Fayollas. 2015. A Generic Tool-Supported Framework for Coupling Task Models and Interactive Applications. (2015), 244–253. https://doi.org/10.1145/2774225.2774845

Digital Library

[10]

Célia Martinie, Philippe Palanque, Elodie Bouzekri, Andy Cockburn, Alexandre Canny, and Eric Barboni. 2019. Analysing and Demonstrating Tool-Supported Customizable Task Notations. Proc. ACM Hum.-Comput. Interact. 3, EICS, Article 12 (June 2019), 26 pages.

Digital Library

[11]

NIST. 2021. National Vulnerability Database. https://nvd.nist.gov/

[12]

University of Piraeus. 2021. MITIGATE. http://cs4e-mtra.cs.unipi.gr/

[13]

James Reason. 1990. Human Error. Cambridge University Press.

[14]

Stefan Schauer, Nineta Polemi, and Haralambos Mouratidis. 2019. MITIGATE: a dynamic supply chain cyber risk assessment methodology. Journal of Transportation Security 12 (2019), 1–35.

[15]

Chalermpong Senarak. 2021. Port cybersecurity and threat: A structural model for prevention and policy development. The Asian Journal of Shipping and Logistics 37, 1 (2021), 20–36.

[16]

Ioannis Stellios, Panayiotis Kotzanikolaou, Mihalis Psarakis, Cristina Alcaraz, and Javier Lopez. 2018. A Survey of IoT-Enabled Cyberattacks: Assessing Attack Paths to Critical Infrastructures and Services. IEEE Communications Surveys Tutorials 20, 4 (2018), 3453–3495.

Digital Library

[17]

Yi-Chih Yang. 2011. Risk management of Taiwan’s maritime supply chain security. Safety Science 49, 3 (2011), 382–393.

Cited By

Dimakopoulou ARantos K(2024)Comprehensive Analysis of Maritime Cybersecurity Landscape Based on the NIST CSF v2.0Journal of Marine Science and Engineering10.3390/jmse1206091912:6(919)Online publication date: 30-May-2024
https://doi.org/10.3390/jmse12060919
Koutras DMalamas VKotzanikolaou PDasaklis T(2023)A Risk Assessment Methodology for Supply Chain Tracking Services2023 International Conference On Cyber Management And Engineering (CyMaEn)10.1109/CyMaEn57228.2023.10051006(555-559)Online publication date: 26-Jan-2023
https://doi.org/10.1109/CyMaEn57228.2023.10051006
Martinie CNaqvi B(2023)On using the Task Models for Validation and Evolution of Usable Security Design PatternsHuman Aspects of Information Security and Assurance10.1007/978-3-031-38530-8_32(405-417)Online publication date: 26-Jul-2023
https://doi.org/10.1007/978-3-031-38530-8_32

Index Terms

Modelling Human Tasks to Enhance Threat Identification in Critical Maritime Systems

Index terms have been assigned to the content through auto-classification.

Recommendations

Threat modeling – A systematic literature review
Abstract
Cyber security is attracting worldwide attention. With attacks being more and more common and often successful, no one is spared today. Threat modeling is proposed as a solution for secure application development and system security ...
Threat Modeling: Diving into the Deep End

Ford Motor Company is introducing threat modeling on strategically important IT applications and business processes. The objective is to support close collaboration between the IT security group and its internal business customers in analyzing threats ...
An Enhanced Threat Identification Approach for Collusion Threats
METRISEC '11: Proceedings of the 2011 Third International Workshop on Security Measurements and Metrics

Colluding threat agents are a serious and difficult problem to deal with in any organization. Collusion is possible at any level and with any entity inside or outside the organization. Traditional methods cannot effectively deal with legitimate users ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Other conferences

PCI '21: Proceedings of the 25th Pan-Hellenic Conference on Informatics

November 2021

499 pages

ISBN:9781450395557

DOI:10.1145/3503823

Copyright © 2021 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 22 February 2022

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Conference

PCI 2021

PCI 2021: 25th Pan-Hellenic Conference on Informatics

November 26 - 28, 2021

Volos, Greece

Acceptance Rates

Overall Acceptance Rate 190 of 390 submissions, 49%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

3
Total Citations
View Citations
87
Total Downloads

Downloads (Last 12 months)26
Downloads (Last 6 weeks)3

Reflects downloads up to 02 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Dimakopoulou ARantos K(2024)Comprehensive Analysis of Maritime Cybersecurity Landscape Based on the NIST CSF v2.0Journal of Marine Science and Engineering10.3390/jmse1206091912:6(919)Online publication date: 30-May-2024
https://doi.org/10.3390/jmse12060919
Koutras DMalamas VKotzanikolaou PDasaklis T(2023)A Risk Assessment Methodology for Supply Chain Tracking Services2023 International Conference On Cyber Management And Engineering (CyMaEn)10.1109/CyMaEn57228.2023.10051006(555-559)Online publication date: 26-Jan-2023
https://doi.org/10.1109/CyMaEn57228.2023.10051006
Martinie CNaqvi B(2023)On using the Task Models for Validation and Evolution of Usable Security Design PatternsHuman Aspects of Information Security and Assurance10.1007/978-3-031-38530-8_32(405-417)Online publication date: 26-Jul-2023
https://doi.org/10.1007/978-3-031-38530-8_32

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

HTML Format

View this article in HTML Format.

Figures

Tables

Media

View Table of Conten