Assessment of Cyber Security risks: A Smart Terminal Process


  • Jouni Pöyhönen University of Jyväskylä



In Finland, the connections to global maritime transportation logistics systems are an essential part of the national critical infrastructure. As a part of maritime logistics systems, the port's operations are important elements for global maritime traffic and the transportation supply chain. Digitalization of seaport services makes it possible to increase the efficiency of terminal systems in the logistic processes. At the same time, port logistic processes can notably reduce its CO2 emissions by optimizing port operations. The improvement of port processes relies very much on the development of Information and Communication Technology (ICT) and Industrial Control Systems (ICS) or Operation Technologies (OT) systems. In port environment there are parts that are controlled (ICS/OT) from the cyber environment but directly interact with the physical surroundings. These are called Cyber-Physical Systems (CPS). In this environment, the cyber security aspects of the port logistic need to be addressed. In Finland, the Port SMARTER research program has been on the way since 2021. The aim of the program is to create port services within new technology solutions, and that way improve cargo and people flows while improving the experience for all stakeholders. However, this development increase also complicated system dimensions in the use of ports and makes port operations complex systems of systems environment characterized by a conglomeration of interconnected networks and dependencies. This paper describes a practical approach to risk assessment work regarding the SMARTER research case. It provides a comprehensive cyber security investigation approach to port operations at the system level. In risk assessment work, the paper emphasizes the importation of description of probabilities to defend the system element against estimated probabilities of cyber-attacks at all parts of port processes. The findings of the study are related to the comprehensive cyber security architecture of the SMARTER research goals. The following research interests are related to the issue: "How a comprehensive cyber security investigation can be conducted in smart ports operations?” This paper emphasizes cyber security risks assessment work should be covered from services for operation, information flows in and between systems, as well as electricity supplies to achieve holistic risks assessment in the smart terminal process.