No abstract
The integration of IT, OT, and human factor elements in maritime assets is critical for their efficient and safe operation and performance. This integration defines cyber physical systems and involves a number of IT and OT components, systems, and functions that involve multiple and diverse communication paths that are technologically and operationally evolving along with credible cyber security threats. These cyber security threats and risks as well as a number of known security breach scenarios are described in this paper to highlight the evolution of cyber physical systems in the maritime domain and their emerging cyber vulnerabilities. Current industry and governmental standards and directives related to cyber security in the maritime domain attempt to enforce the regulatory compliance and reinforce asset cyber security integrity for optimum and safe performance with limited focus, however, in the existing OT infrastructure and systems. The use of outside-of-the-maritime industry security risk assessment tools and processes, such the API STD 780 Security Risk Assessment (SRA) and the Bow Tie Analysis methodologies, can assist the asset owner to assess its IT and OT infrastructure for cyber and physical security vulnerabilities and allocate proper mitigation measures assuming their similarities to ICS infrastructure. The application of cyber security controls deriving from the adaptation of the NIST CSF and the MITRE ATT&CK Threat Model can further increase the cyber security integrity of maritime assets, assuming they are periodically evaluated for their effectiveness and applicability. Finally, the improvement in communication among stakeholders, the increase in operational and technical cyber and physical security resiliency, and the increase in operational cyber security awareness would be further increased for maritime assets by the convergence of the distinct physical and cyber security functions as well as onshore- and offshore-based cyber infrastructure of maritime companies and asset owners.
In an ever-evolving technological industry, the oil and gas sector is already moving forward through the adaptation of Industry 4.0 and the adaptation of advanced cyber technologies through Oil and Gas 4.0. As IT/OT (information technology/operational technology) systems are evolving technologically, so are the cyber security threats faced by the offshore oil and gas assets. This paper aims to raise the awareness of cyber security threats and the organizational and technical measures that need to be adopted by the oil and gas industry for remote and complex assets in the upstream sector. A comprehensive literature review covering the areas of new IT/OT systems integration and cyber security risk analysis and management is presented. The results of a survey on the subject of cyber security for offshore oil and gas assets are also presented, and they provide valuable insight into the current industry culture and the perception of cyber security concepts. The importance of organizational culture, personnel training and involvement, as well as corporate engagement and support in the subject of cyber security is highlighted.
The integration of Cloud Computing with information systems architectures continues to grow at a rapid pace due to the availability of high quality, low cost computing services and organizational efforts to improve efficiency and productivity. Enterprises are increasingly comfortable turning to the Cloud for IT solutions, where teams of dedicated, specialized experts deliver important capabilities and outcomes, instead of investing in the development of internal architectures. While data and systems security concerns remain, for many firms the economic arguments are so compelling in favor of Cloud deployments that adoption tends to proceed regardless of security and assurance worries. As a result, enterprise IT functions find themselves managing an array of risk issues in an environment of diminished transparency and with limited opportunities to directly treat observed risks. The mechanisms for managing technology risks associated with Cloud models differ from traditional approaches taken to control risk in internal architectures. This paper examines emerging threats in Cloud Computing within a financial services organization.This includes consideration of insider threats, data leakage, insecure software, and new Cloud attack patterns. The nature and characteristics of the threats are explained and the paper explores the risk treatment options chosen by the sample organization. The authors' observations are synthesized in a general model that describes Cloud Risks and Controls for financial services institutions.
This study examines how strategic positioning in industry may predict a firm's performance. Through simulation, we reveal that certain business positioning strategies correlate with eventual centrality and profit while other strategies correlate with isolation and poor performance. The paper also presents a novel classification method for centrality trajectories in industry, one that may be employed more generally as a predictor of industry change over time.
No abstract
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.