Anchoring Security in Maritime: Defining and Protecting Critical Assets for Business Continuity

Abstract

This study highlights maritime operations increasingly relying on digital technologies, creating new cybersecurity vulnerabilities that threaten global trade. The study addresses this gap by developing a systematic approach to identify business-critical digital assets, focusing on cargo management systems that directly impact revenue generation. The methodology employs Attack Tree analysis, examining maritime digital assets through factors of production lens. Systems enabling cargo booking, loading, and revenue generation to determine criticality are analysed. Initial findings indicate that cargo management systems represent vital digital assets, directly impacting operational continuity. This study evaluates a framework for maritime operators to assess and protect their critical digital infrastructure, ensuring business continuity while bridging the gap between onshore and offshore cybersecurity requirements. Offshore maritime operators fall under International Maritime Organization (IMO) legislation. Onshore operations follow traditional frameworks, leaving no unified cybersecurity framework for maritime operators. The mixed methods approach combines qualitative interviews with maritime small and medium-sized enterprises (SMEs) and quantitative analysis of cybersecurity frameworks and risk management methods. Given SMEs’ limited resources and expertise, the study focuses on implementing a suitable risk management concept to help SMEs ensure business continuity and protect essential operations. Findings revealed that maritime operations increasingly depend on digital technologies, a trend already evident in both onshore and offshore operations. When focusing on business continuity and examining typical frameworks used by maritime operators, gaps between onshore and offshore operations were identified. Research is centred on addressing this gap, specifically through the ISO 22301 framework. The findings highlight a notable distinction between onshore and offshore operations. This study shows that small maritime companies must protect their crucial digital systems, especially cargo management. Using a simple security framework (ISO 22301) helps these companies stay safe both onshore and offshore. This method aids SMEs in focusing on protecting what matters most. Future research should find cheaper, easier ways to help these companies improve their cybersecurity smoothly.