S-Port: Collaborative security management of Port Information systems

Polemi, Despina; Ntouskas, Theodoros; Georgakakis, Emmanouil; Douligeris, Christos; Theoharidou, Marianthi; Gritzalis, Dimitris

doi:10.1109/iisa.2013.6623698

Cited by 10 publications

(6 citation statements)

References 21 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The already completed project S-PORT 1 took a first step towards a collaborative system for risk assessment and security management for maritime environments. However, the S-PORT methodology [26] focused on the internal security processes of a port, ignoring dimensions relating to the supply chain and the business partners therein. The main idea of the S-PORT project has been extended in the project CYSM 2 , which implemented risk management methodology that relies on collaborative modeling and group decision making techniques using the collective knowledge of all users [25].…”

Section: Research Projectsmentioning

confidence: 99%

“…After all, a general awareness for the need of cyber security and cyber risk management has established in the course of these events. Nevertheless, state-of-the-art security frameworks for maritime environments (like [13] or [14]) pay limited attention to cyber-security and do not adequately address security and risk management processes for international maritime supply chains [26].…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

MITIGATE: a dynamic supply chain cyber risk assessment methodology

2018

View full text Add to dashboard Cite

Modern port infrastructures have become highly dependent on the operation of complex, dynamic ICT-based maritime supply chains. This makes them open and vulnerable to the rapidly changing ICT threat landscape and many ports are not yet fully prepared for that. Furthermore, these supply chains represent highly interrelated cyber ecosystem, in which a plethora of distributed ICT systems of various business partners interact with each other. Due to these interrelations, isolated threats and vulnerabilities within a system of a single business partner may propagate and have cascading effects on multiple other systems, thus resulting in a large-scale impact on the whole supply chain. In this context, this article proposes a novel evidence-driven risk assessment methodology, i.e., the MITIGATE methodology, to analyze the risk level of the whole maritime supply chain. This methodology builds upon publicly available information, well-defined mathematical approaches and best practices to automatically identify and assess vulnerabilities and potential threats of the involved cyber assets. As a major benefit, the methodology provides a constantly updated risk evaluation not only of all cyber assets within each business partner in the supply chain but also of the cyber interconnections among those business partners. Additionally, the whole process is based on qualitative risk scales, which makes the assessment as well as the results more intuitive. The main goal of the MITIGATE methodology is to support the port authorities as well as the risk officers of all involved business partners.

show abstract

Section: Research Projectsmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

MITIGATE: a dynamic supply chain cyber risk assessment methodology

2018

View full text Add to dashboard Cite

show abstract

“…For this reason, the last few years have seen an increase in the number of tools, predictive modeling and machine learning techniques applied to risk analysis 47,48 and cyber risk management [49][50][51] with the aim of predicting risk and contrasting cyber crimes. 52 An idea to improve the quality of prediction is to use a collaborative approach [53][54][55][56][57] with a Trusted Server where users store their security assessment information in order for it to be used to calculate the prediction.…”

Section: Problem Descriptionmentioning

confidence: 99%

Dare‐to‐Share: Collaborative privacy‐preserving recommendations with (almost) no crypto

Russo

Bracciale

Bianchi

2021

Security and Privacy

View full text Add to dashboard Cite

Collaborative recommending systems aim to predict a potential user‐item rating on the basis of remaining ones. Since, in several contexts, sharing of other users' ratings may be prevented by confidentiality concerns, several works have effectively addressed the design of privacy preserving recommenders. Still, most of the proposed solutions rely on advanced cryptographic methodologies, whose may conflict with the simplicity and viability requirements of real world deployments. In contrast, we propose an approach which does not require any complex cryptography. We show that whenever we can tolerate recommendations based on average values, we can transform the recommender into a privacy‐preserving one, by using two noncolluding replicas of the same system, and by distributing randomly “blinded” data to these replicas. To protecting each user's rating, a key asset of our approach is the ability to conceal which specific items are rated by which users. Our proposal is secure under the honest‐but‐curious attacker's assumption, and we show how it can be extended to guarantee robustness also against malicious adversaries. Finally, as a proof‐of‐concept, we present an implementation of the proposed approach for our motivating use case—collaborative assessment of computer/network vulnerabilities without revealing which of them affect one own infrastructure.

show abstract

“…Existing security standards, best practices, maritime regulation, and risk assessment methodologies and tools fail to adequately address the specific needs of port authorities [11], [12]. Researchers in the S-Port project developed a prototype software platform consisting of a collaborative environment to host security management services and guide commercial ports to monitor and self-manage their port ICT security [13]. Safety standards and regulations were identified (specifically in ISO 27001 and ISPS Code), and then actions were taken to address some specific security management needs of port ICT systems.…”

Section: Related Workmentioning

confidence: 99%

An In-Depth Security Assessment of Maritime Container Terminal Software Systems

et al. 2020

View full text Add to dashboard Cite

Attacks on software systems occur worldwide on a daily basis targeting individuals, corporations, and governments alike. The systems that facilitate maritime shipping are at risk of serious disruptions, and these disruptions can stem from vulnerabilities in the software and processes used in these systems. These vulnerabilities leave such systems open to cyber-attack. Assessments of the security of maritime shipping systems have focused on identifying risks but have not taken the critical (and expensive) next step of actually identifying vulnerabilities present in these systems. While such risk assessments are important, they have not provided the detailed identification of security issues in the systems that control these ports and their terminals. In response, we formed a key collaboration between an experienced academic cybersecurity team and a well-known commercial software provider that manages maritime shipping. We performed an analysis of the information flow involved in the maritime shipping process, and then executed an in-depth vulnerability assessment of the software that manages freight systems. In this paper, we show the flow of information involved in the freight shipping process and explain how we performed the in-depth assessment, summarizing our findings. Like every large software system, maritime shipping systems have vulnerabilities. INDEX TERMS ICT (Information and Communications Technologies), maritime container terminals, software assurance, software security, software systems, vulnerability assessment VOLUME thevolume, theyear

show abstract

S-Port: Collaborative security management of Port Information systems

Cited by 10 publications

References 21 publications

MITIGATE: a dynamic supply chain cyber risk assessment methodology

MITIGATE: a dynamic supply chain cyber risk assessment methodology

Dare‐to‐Share: Collaborative privacy‐preserving recommendations with (almost) no crypto

An In-Depth Security Assessment of Maritime Container Terminal Software Systems

Contact Info

Product

Resources

About