Next Article in Journal
The Impact of Special Marine Environments Such as the Kuroshio on Hydroacoustic Detection Equipment
Next Article in Special Issue
Contribution of Onshore Power Supply (OPS) and Batteries in Reducing Emissions from Ro-Ro Ships in Ports
Previous Article in Journal
Numerical Investigation of Oblique Currents’ Effects on the Hydrodynamic Characteristics of Ships in Restricted Waters
Previous Article in Special Issue
Joint Ship Scheduling and Speed Optimization for Naval Escort Operations to Ensure Maritime Security
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
JMSE
Volume 12
Issue 9
10.3390/jmse12091593
jmse-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite question_answer Discuss in SciProfiles thumb_up
...
Endorse textsms
...
Comment
first_page
settings
Order Article Reprints
Font Type:
Arial Georgia Verdana
Font Size:
Aa Aa Aa
Line Spacing:
Column Width:
Background:
Article

Assessing Critical Entities: Risk Management for IoT Devices in Ports

by
Ioannis Argyriou
and
Theocharis Tsoutsos
*
School of Chemical and Environmental Engineering, Renewable and Sustainable Energy Systems Laboratory, Technical University of Crete, 73100 Chania, Greece
*
Author to whom correspondence should be addressed.
J. Mar. Sci. Eng. 2024, 12(9), 1593; https://doi.org/10.3390/jmse12091593
Submission received: 8 August 2024 / Revised: 3 September 2024 / Accepted: 6 September 2024 / Published: 9 September 2024
(This article belongs to the Special Issue Smart Seaport and Maritime Transport Management)
Browse Figures
Versions Notes

Abstract

:
Integrating Internet of Things (IoT) devices into port operations has brought substantial improvements in efficiency, automation, and connectivity. However, this technological advancement has also introduced new operational risks, particularly in terms of cybersecurity vulnerabilities and potential disruptions. The primary objective of this scientific article is to comprehensively analyze and identify the primary security threats and vulnerabilities that IoT devices face when deployed in port environments. This includes examining potential risks, such as unauthorized access, cyberattacks, malware, etc., that could disrupt critical port operations and compromise sensitive information. This research aims to assess the critical entities associated with IoT devices in port environments and develop a comprehensive risk-management framework tailored to these settings. It also aims to explore and propose strategic measures and best practices to mitigate these risks. For this research, a risk-management framework grounded in the principles of ORM, which includes risk avoidance, reduction, sharing, and retention strategies, was developed. The primary outcome of this research is the development of a comprehensive risk-management framework specifically tailored for IoT devices in port environments, utilizing Operational Risk-Management (ORM) methodology. This framework will systematically identify and categorize critical vulnerabilities and potential threats for IoT devices. By addressing these objectives, the article seeks to provide actionable insights and guidelines that can be adopted by port authorities and stakeholders to safeguard their IoT infrastructure and maintain operational stability in the face of emerging threats.

1. Introduction

According to Directive (EU) 2022/2557, Critical entities (CEs) include power grids, the transport network, and information and communication systems. CEs security is one of the most rapidly developing areas where the EU has made significant strides in recent years [1]. It is a challenging process requiring the involvement and cooperation of many different public and private sector actors. CEs provide essential services for maintaining vital societal functions, economic activities, public health and safety, and the environment [2].
In a modern critical entity, the quality of the electronic services and information and communication systems provided to stakeholders is based on the security of the information resources that support them [3]. Shielding digital systems makes a decisive contribution to achieving the objectives of public organizations, ensuring their prestige and enabling compliance with legal obligations and international standards [4]. The complexity of digital systems, the highly dynamic operating environment of the institutions, and the risk of threats require the adoption of a holistic approach through the implementation of a security plan for the development and implementation of protection measures, ensuring that the desired level of security is established and maintained [5].
The Internet of Things (IoT) has brought unprecedented advancements and efficiencies to various industries, including the maritime sector [6]. More specifically, the integration of IoT devices has revolutionized port operations, allowing for enhanced monitoring, streamlined logistics, and advanced data analytics [7]. IoT technology can be beneficial for port operators who must contend with escalating competition, stringent regulations, and pressure to cut operational costs [8]. IoT makes real-time monitoring and data analysis possible, giving port operators insights to improve their decision-making, reduce waste, and boost productivity. IoT can also help ports take a more proactive stance toward security and safety [9]. IoT sensors can also find possible safety issues, including broken equipment, spills, or unauthorized entry into prohibited areas [10]. Moreover, improving sustainability is another important benefit of IoT in port operations. IoT sensors can track emissions from port activities like ships and trucks, which can substantially negatively influence the environment. This information can then be utilized to create pollution-reduction plans, such as encouraging the use of electric vehicles or utilizing renewable energy sources to run ports. However, this technological leap also introduces vulnerabilities requiring a focused risk assessment and mitigation approach. Conducting a thorough risk assessment becomes imperative to understand these critical IoT devices’ potential threats and vulnerabilities. Factors such as data breaches, cyberattacks, natural disasters, sabotage, and system failures must be meticulously evaluated. Identifying and comprehending these risks is pivotal in devising effective risk-management strategies encompassing preventative measures, incident response plans, and continuous monitoring.
One of the main reasons why IoT devices are more vulnerable at ports compared to other activity areas is the current complex ecosystem of ports. First, too many stakeholders can be involved in a port’s operations, including shipping companies, freight forwarders, customs agents, and port authorities [11,12]. Each infrastructure has its systems and devices connected to the port’s network. This complexity creates challenges in managing the entire system’s security, making it easier for attackers to find and exploit vulnerabilities. This makes them a high-value target for cybercriminals seeking to disrupt supply chains or cause economic damage, as an attack on a port’s IoT devices could significantly affect global trade and commerce. Moreover, the wide range of IoT devices used at ports, including sensors, cameras, and tracking systems, creates a larger attack surface for cybercriminals. The more connected the devices, the greater the risk of a security breach [13,14].
Therefore, the novelty of this research lies in its targeted examination of the vulnerabilities of IoT devices within the complex ecosystem of ports, which differentiates it from existing studies on IoT security. Unlike other areas of activity, ports involve many stakeholders, including shipping companies, freight forwarders, customs agents, and port authorities, each with its interconnected systems and devices. This intricate network creates significant challenges for managing overall system security, making ports particularly susceptible to cyberattacks. Furthermore, the diversity and volume of IoT devices—such as sensors, cameras, and tracking systems—expand the attack surface, increasing the risk of security breaches.
Risk assessment for IoT devices in ports using Operational Risk Management (ORM) methodologies presents a promising yet underexplored area for research. Despite the increasing adoption of IoT devices in port infrastructures, there remains a significant research gap in establishing comprehensive frameworks specifically tailored for assessing risks associated with these interconnected devices. One additional research gap lies in the development of standardized ORM methodologies that address the unique challenges posed by IoT devices within port environments.
The research questions that arise through the above research gaps and will be discussed are the following:
What are the primary security threats and vulnerabilities associated with IoT devices deployed in port environments, and what strategies can be implemented to ensure resilience and continuity of port operations in the face of these vulnerabilities?
Therefore, the objectives of this research are the following:
(a)
To Identify and Classify Critical Entities
The first objective is to identify and classify the critical IoT entities within port environment essential for maintaining operational continuity and security.
(b)
To Analyze Security Threats and Vulnerabilities
The second objective is to comprehensively analyze the primary security threats and vulnerabilities associated with IoT devices in ports.
(c)
To Develop a Specialized Risk-Management Framework
The third objective is to develop a risk-management framework specifically tailored to the unique needs of IoT systems in port environments. This framework provides guidelines and best practices for mitigating identified risks, enhancing the security of IoT devices, and ensuring the resilience and continuity of port operations.
(d)
To Propose Practical Strategies and Recommendations
The final objective is to propose practical, actionable strategies for port authorities, IoT developers, and other stakeholders to implement effective risk management.
This research can be highly innovative due to its exploration of an evolving technological landscape, its addressing of complexities within interconnected networks, and its potential for substantial real-world impact on the port industry’s security and operational efficiency. Integrating IoT devices within port infrastructures represents a relatively new and rapidly evolving technological landscape. Research offers the opportunity to delve deeply into this emerging field, exploring uncharted territories and offering innovative methodologies to assess and manage risks associated with these interconnected devices.
The rest of the article is organized as follows: Section 2 of this paper is devoted to a survey of the relevant literature concerning the developments of IoT devices and examines the most crucial threats to them. Section 3 analyses the steps that follow for the applied methodology. Section 4 discusses the research results in detail, while Section 5 presents the study’s implications and its value to the port environment.

2. Literature Review

Ports are essential to international trade, a hub through which commodities and cargo can be moved from one country to another [14,15]. The timely, efficient, and secure delivery of commodities depends on the smooth running of operations at the port. These involve many activities, including ship handling, cargo handling, customs and immigration clearance, and security measures [16]. Factors including port size and location, infrastructure and equipment availability, the competence of management and staff, and the degree to which ports have been digitalized all contribute to successful port operations [17] IoT has many applications in port operations, from cargo tracking and security to traffic management and predictive maintenance. Some examples of IoT tools used at ports are Radio-Frequency Identification, Global Positioning System, sensors, security cameras, and predictive maintenance tools [18]. Any disruption of IoT devices at ports can have significant economic and social consequences [19]. Many tools, such as risk assessments, identify potential threats and vulnerabilities and develop strategies to mitigate risks to avoid any disruption to port operations. The literature review on the risk assessment of IoT at ports involves a multidisciplinary approach that considers the technical, operational, environmental, and human factors involved in port operations.
Technical factors such as the design and security of IoT devices, communication protocols, and data management systems are essential considerations in the risk assessment of IoT at ports. A new risk-assessment approach for cyber-physical attacks against IoT-based wireless sensor networks was proposed by [20]. It identifies and proposes novel cyber-physical characteristics, such as threat source, vulnerability, and physical impacts. The results show that 76.6% of the simulated scenarios are high-risk and that cyber-physical risk can be reduced by 71.8% with control barriers operating in both physical and cyberspace. Essential features of cooperation and the impact of information technologies on the entire supply chain and its characteristics are explored by [21].
Operational factors such as the port’s layout, cargo handling procedures, and the number of stakeholders involved in port operations are also crucial. Several studies have investigated operational factors in IoT risk assessment at ports and proposed state-of-the-art approaches to address them. For example, a study by [22] identifies the importance of network segmentation in mitigating operational risks in IoT at ports. They propose the implementation of network segmentation to isolate IoT devices and systems from critical functional networks, minimizing the impact of any potential security incidents. Additionally, human factors, such as unintentional human error and sabotage, are also essential considerations of the risk assessment of IoT at ports. Several studies have also highlighted the importance of addressing the human factor in the risk assessment of IoT at ports.
Improvement of maritime safety by enhancing administrative management based on human factors is aimed by [23]. The fuzzy analytic hierarchy process was used to analyze risks and threats. Administrative reform is given the highest priority, including exploring the current crew training system, examining the marine surveyor, and inspecting the investigation system used by maritime safety investigators.
Seven human risk factors are analyzed by [24] using the modified risk calculation method. Human carelessness and omissions, as well as workers limited individual experiences, fall into the significant category, while operators’ mistakes and faults in operations, communication misunderstandings, and execution of job safety rules and regulations are categorized as moderate.
Moreover, several methodologies are used for risk assessment at ports, depending on the type of risks being assessed, the complexity of the port operations, and the available resources.
The potential for digitalization in Spanish ports is explored by [25] using the Strengths, Weaknesses, Opportunities, and Threats (SWOT) methodology. It discusses the mportance of digitalization in the maritime industry, including increased efficiency, improved safety, and reduced costs. The analysis finds that while there are challenges to overcome, such as the need for investment in digital infrastructure and regulatory reforms, the potential benefits of digitalization in Spanish ports are significant.
Hazard Identification and Risk Assessment is used by [26] to identify potential hazards and evaluate their likelihood and impact on a container terminal. The analysis finds that the most significant safety risks in the container terminal are related to human error, such as improper handling of containers and inadequate training. This study proposes an integrated cyber risk-assessment method for a container port, analyzing four exemplary cyberattack scenarios. The method considers the cyber-physical assets of the port and applies an integrated cybersecurity management approach. The results show the risks for specified cyber threats, and mitigation strategies are briefly presented by [27].
The selection of a specific methodology depends on the risks being assessed, the complexity of the port operations, and the available resources. For conducting this research, ORM was applied, a systematic process for identifying, evaluating, and mitigating risks associated with an organization’s operations. In the context of port operations, ORM is a critical process for identifying and managing risks related to loading, unloading, and transporting goods and other activities such as maintenance and repair.
The effectiveness of ORM practices in the banking industry is analyzed by [28]. The authors identify several key factors contributing to successful ORM, including risk culture, governance, and assessment methodologies. They also emphasize the importance of communication and collaboration across different functions within an institution.
Potential risks associated with the production, transportation, and storage of hydrogen fuel, as well as the operation of fuel cell electric vehicles (FCEVs), are examined by [29]. The article uses a risk analysis methodology to assess the risks associated with introducing FCEVs in a Mediterranean town, considering population density, traffic patterns, and infrastructure. The analysis finds that the risks associated with FCEVs are generally low, and the benefits of FCEVs, such as reduced emissions and improved energy security, outweigh the risks. The article concludes by emphasizing the importance of ongoing monitoring and risk management to ensure FCEVs’ safe introduction and operation.
While each methodology has unique strengths and weaknesses, ORM differs from other risk-management methodologies in several ways. Firstly, ORM takes a broader perspective by encompassing a wide range of risks that arise from an organization’s day-to-day operations. It goes beyond financial or project-specific risks and considers factors like internal processes, systems, human resources, and external events. This comprehensive approach allows organizations to identify and address risks that other methodologies may not capture, leading to a more robust risk-management framework. Secondly, ORM emphasizes a proactive and holistic approach incorporating qualitative and quantitative analysis. It assesses the likelihood and impact of risks and delves into their root causes and potential interconnections. This proactive and holistic perspective enhances an organization’s ability to anticipate and address risks, improving overall operational resilience.
Despite the growing interest in the risk analysis of IoT on ports, several research gaps need to be addressed to improve our understanding of the risks associated with deploying and operating IoT systems in ports. While there is growing recognition of the importance of addressing the human factors involved in the deployment and operation of IoT systems in ports, there still needs to be a greater understanding of the specific factors contributing to security incidents and how they can be addressed. Moreover, cybersecurity is a critical concern in the deployment and operation of IoT systems in ports, and it is essential to consider the potential cyber threats and vulnerabilities associated with these systems. Therefore, further research must be conducted on the specific cybersecurity risks associated with IoT systems in ports and how these risks can be effectively managed. In addition, the COVID-19 pandemic has significantly impacted port operations, highlighting the need for effective risk-management strategies to address pandemics and other global crises. However, there has been limited research on the specific risks and vulnerabilities associated with IoT systems in ports in the context of pandemics. Finally, natural disasters will likely significantly impact port operations, which may affect risk analysis practices. There is a need for more research on how climate change may impact risk analysis practices and how these practices can be adapted to account for changing climate conditions. Addressing these research gaps will require a broad and holistic approach, considering the perspectives of different stakeholders and the various contextual factors that may affect the deployment and operation of IoT systems in ports. The analysis revealed the hazards related to IoT devices at port operations, as represented in Table 1.

3. Methodology

3.1. Mathematical Tool and Model

The following flowchart (Figure 1) represents the sequence of steps for our methodology.
ORM is a critical process for any organization looking to ensure the success of its operations. It is a systematic approach to identifying, assessing, and managing risks from people, systems, processes, and external events affecting an organization’s objectives. ORM is key, as it helps organizations avoid losses and reputational damage and ensures they can continue operating effectively in the face of uncertainty.
The research utilizes the Operational Risk Management (ORM) methodology to assess and mitigate the cybersecurity risks associated with IoT devices in port environments. ORM is a systematic process designed to identify, assess, control, and monitor risks that could potentially impact an organization’s operations. It is widely used in various industries to manage risks proactively by balancing risk-taking and risk avoidance to achieve optimal outcomes. In this study, the ORM approach is adapted to the specific context of cybersecurity for IoT devices in ports, providing a structured and iterative process to manage these risks effectively. The following steps outline the ORM methodology applied in this research:
  • Risk Identification: In addressing risk identification, we expanded our analysis to provide a comprehensive overview of the specific threats and vulnerabilities that IoT devices in port environments face. This involved a detailed examination of various factors contributing to the heightened risk profile of port IoT systems. Our approach included categorizing the types of threats these devices are vulnerable to, such as unauthorized access, malware infections, natural disasters, etc.
  • Risk Assessment and Analysis: Once the risks were identified, the next step involved assessing their potential impact and likelihood. Assessments involved expert judgment to estimate the probability and severity of occurrence.
  • Risk Mitigation and Decision: Based on the risk assessment, the research formulated strategies to control and mitigate identified risks.
The effectiveness of risk-mitigation strategies should be regularly evaluated to ensure that they remain effective and relevant.
Finally, ORM is an ongoing process that requires continuous improvement. This involves regularly reviewing the risk-management strategies to ensure that they remain effective and relevant, as well as incorporating new risks and changing business processes into the risk-management framework. By adopting a continuous improvement approach to ORM, organizations can stay ahead of potential risks and ensure the long-term success of their operations.
The Risk Assessment Matrix (Figure 2) is used to assign Risk Assessment Codes to each hazard that may be experienced while completing an objective. This matrix is based on the concept that Risk = Probability × Severity. It consists of two areas:
  • Probability categories.
  • Severity/consequences categories.
The probability of each possible outcome is displayed along the top axis of the matrix and has been divided into five distinct categories: almost certain, likely, possible, unlikely, and rare. The severity of an incident is measured by its impact on achieving objectives. The left side of the matrix displays four categories used to rate the severity: catastrophic, critical, moderate, and negligible.
The cells of the matrix are typically color-coded or labeled to represent the level of risk associated with each cell. For example, the cells in the upper right corner of the matrix, where risks have a high likelihood and impact, might be labeled “critical” or colored red to indicate the need for immediate attention and action. The Risk Assessment Matrix is a valuable tool for risk management because it helps prioritize risks and allocate resources accordingly. Risks that fall into the higher-risk categories should be addressed first, while lower-risk items can be addressed later or monitored closely.
In addition to identifying and prioritizing risks, the Risk Assessment Matrix can help organizations make informed decisions about risk-mitigation strategies. For example, risks that fall into the “critical” category may require more proactive measures, such as developing a contingency plan or investing in additional resources to minimize their impact. It is important to note that the Risk Assessment Matrix should be regularly reviewed and updated as new risks arise or existing risks change. This ensures that organizations continuously monitor potential threats and take appropriate actions to mitigate them.

3.2. Description of Survey Phases

The research was conducted to develop risk-management strategies for ports. Initially, the research aimed to identify events to be examined through a literature review. Twenty-five events were selected after a comprehensive literature review and given to fourteen (14) experts (four researchers, four users sellers of IoT devices, three policymakers, and three engineers) for evaluation and ranking, and then were divided into six broad categories. The experts who participated in the survey were selected because of their experience in port facility operations, including developing and implementing technologies to improve safety and functionality. The research was conducted using a questionnaire and interviews. The questionnaire requested the experts to evaluate the degree of probability and severity of each event against the Likert Scale [probability (1: Rare to 5: Almost Certain) and the severity (1: Negligible to 4: Catastrophic) correspondingly], whereas the follow-up interviews aimed at allowing the respondents to justify and elaborate on their answers. In addition, the respondents were interviewed to explain their responses regarding the potential risks associated with IoT devices. The data-collection process lasted roughly 2 months (early March to late April 2023).

4. Results

4.1. By Incident

(i).
Terrorism
The findings indicate a possible probability (2.9) and high severity (3.6) of cyberattacks due to terrorist attacks. According to the respondents’ explanations, the results can be explained by the fact that ports play a critical role in the global market chain, and any disruption to the port’s infrastructure may result in significant economic losses and delays in the supply chain. According to Table S1, the results (ORM) depict an extremely high risk (10.1) of cyberattacks due to terrorism, affecting the proper functioning of IoT devices.
The answers provided by the respondents depict that the probability of a chemical attack at a port cannot be completely ruled out. The combination of strict regulations, security measures, and safety protocols in place significantly reduces the probability (1.6) of such an event occurring. The low portability result can be explained because the use of chemical agents in terrorist attacks is complex and requires specialized knowledge and equipment. On the other hand, the severity of a terrorist attack on IoT devices in ports using chemical factors is ranked between moderate and critical (2.5). Based on the insights provided by the respondents, this result can be explained because such an attack could have devastating consequences on port operations, public health, and the environment. ORM’s result (4.2) on this event shows a moderate risk.
According to the respondents, the probability of an attack by an armed man on IoT devices at ports is unlikely (1.8). The comments received from the respondents provide a further understanding of why the probability is unlikely, revealing that security checks and other screening measures are in place to ensure that it is difficult for an armed person to access port infrastructures. These measures act as deterrents to would-be attackers, making it difficult for them to gain entry into port facilities undetected. Conversely, the severity (3.3) of an attack by an armed man on IoT cannot be underestimated. A successful attack can result in numerous fatalities and injuries, causing significant social and economic distress. The result of the ORM (4) of armed attack on IoT devices at ports ranks as moderate risk. Mitigating terrorist attacks on IoT devices at ports demands a multifaceted approach encompassing physical and network security enhancements, employee training, incident response planning, collaboration, and regulatory compliance. By implementing these measures, port authorities can minimize vulnerabilities, enhance situational awareness, and maintain the continuity of port operations. The probability of IoT devices at ports being affected by terrorist attacks involving explosives is possible (approximately 3), given the increased vulnerability of ports, the sophistication of attack methods, inadequate security measures, potential insider threats, and the implications for economic and national security. The severity (approximately 3) of a terrorist attack involving explosives on IoT devices at ports is critical due to the potential disruption of port operations, economic implications, safety and security risks, environmental consequences, and psychological and societal impacts. According to the ORM results, these events present high/extremely high risk.
(ii).
Pandemic
The responses from the participants highlight that the likelihood of another pandemic is low. While it is impossible to eliminate the risk of pandemics, the collective experience, scientific advancements, and strengthened global cooperation resulting from the COVID-19 pandemic have significantly lowered the likelihood of another pandemic of similar magnitude. By building on the lessons learned and continuing to invest in preparedness, surveillance, and research, the world is better prepared to detect and respond swiftly to emerging threats, minimizing their impact and preventing widespread outbreaks. On the other side, the results indicate that in case of a new pandemic, there is a likely probability of an increase in demand for IoT devices at ports (3.9), staff reduction (3.7), and disruption to the supply chain (3.5). For example, the COVID-19 pandemic has increased the use of IoT devices at ports for several reasons. Firstly, the pandemic has accelerated the maritime industry’s digital transformation, with more organizations adopting remote work and digital technologies to maintain operations. IoT devices are being used to enable remote work, reduce face-to-face interactions, and manage logistics and supply chain operations. Secondly, as countries worldwide implemented lockdowns and travel restrictions, the movement of goods and people was severely impacted. This disruption can lead to critical goods and raw materials shortages, delayed shipments, and increased costs for businesses and consumers, including those utilizing IoT technology at ports. Another challenge facing supply chains using IoT technology at ports during the pandemic has been manufacturing disruption. As factories and plants were forced to shut down or reduce operations, the production of goods was significantly impacted. This led to shortages of critical components and raw materials, further exacerbating the disruptions in supply chains utilizing IoT technology at ports. In addition to the above-mentioned factors, the pandemic has highlighted the importance of cutting down personnel. However, as IoT devices require human oversight and decision-making, the reduction in personnel could impact their reliability and performance. Suppose there are fewer personnel available to perform routine maintenance and repairs. In that case, the devices may be more prone to failure or breakdown, which could impact the efficiency and safety of port operations. Furthermore, the survey responses reveal that in case of a pandemic, the effects on the operation of IoT devices will be severe. Finally, using the ORM methodology for all three events examined, the overall result (Table S2) highlighted the extremely high risk for the proper operation of IoT devices during a pandemic. Mitigating the impact of a pandemic on IoT devices at ports requires specific measures to ensure their uninterrupted functionality and minimize the risk of contamination. Firstly, implementing remote management and monitoring systems for IoT devices can help reduce the reliance on physical interaction. Secondly, ports can execute a thorough sanitation and hygiene protocol to ensure the cleanliness of IoT devices. Regular cleaning and disinfection of devices and their surrounding areas can help reduce the risk of virus transmission. Lastly, developing a comprehensive business-continuity plan specific to IoT devices is crucial. This plan should outline procedures and strategies for maintaining IoT device operations during a pandemic. It should include provisions for remote maintenance, alternative supply chains for necessary components, and guidelines for handling device failures or disruptions.
(iii).
Human effect
Based on the feedback provided by the respondents, there is a possible probability (2.8) of malfunctioning IoT devices at ports due to human factors. However, despite technological advancements and the increasing use of IoT devices in ports, human error remains a significant factor that can lead to the malfunctioning or failure of IoT devices. For example, one reason for the possible probability of dysfunction of IoT devices at ports due to human factors is the lack of awareness and training among port personnel. Moreover, the potential for malevolent action on IoT devices at ports is a growing concern, given the increasing reliance on these devices for critical infrastructure and operations. A malicious insider could cause physical damage to equipment or disrupt critical systems, leading to shipping delays and financial losses. Each of the above events can create serious problems for the unobtrusive operation of IoT devices. The ORM methodology findings (Table S3) indicate a high risk of unintentional human error (7.8) and a high risk of sabotage. Mitigating human error and sabotage on IoT devices at ports requires a multi-faceted approach focusing on training and awareness, access control, incident reporting, and continuous monitoring. By implementing these measures, ports can minimize the risks associated with human factors and intentional sabotage, ensuring the security, reliability, and continuity of IoT devices and safeguarding critical ports.
(iv).
Cyberattacks
In today’s interconnected world, the increasing reliance on IoT devices at ports has brought numerous benefits regarding efficiency and automation. However, this interconnectedness also introduces the risk of cyberattacks targeting these devices. Cyberattacks can target critical systems, such as cargo tracking, vessel communication, or security surveillance, compromising the overall functionality and safety of the port. The probability of IoT devices at ports being affected by cyberattacks such as hacking, malware, phishing attacks, and network loss is possible as the growing number of IoT devices at ports provides a larger attack surface for cybercriminals. The respondents mentioned several reasons for the possible probability of occurrence. Firstly, each connected device can be a potential entry point for unauthorized access or exploitation. Secondly, the port environment is an attractive target for cybercriminals due to the potential impact of a successful attack. On the other hand, the severity of cyberattacks affecting IoT devices at ports is also considered catastrophic due to several critical factors. The interconnected nature of IoT devices, the value of the data they generate, and the complexity of securing their ecosystem all contribute to the potential severity of cyberattacks. A successful attack on one device can quickly spread to other connected devices, compromising the entire port infrastructure. Disrupting port operations can cause significant economic losses, impact global supply chains, and even pose risks to national security. The results (Table S4) by ORM indicates that the overall risk due to cyberattacks is exceptionally high. Implementing tight security protocols, employing network segmentation and isolation, updating and patching regularly, and training employees on cybersecurity best practices are some of the mitigating measures to protect critical infrastructure and IoT devices at ports from cyberattacks and ensure the continuity of port operations.
(v).
Maintenance
Maintaining IoT devices at ports is a critical task that requires regular monitoring, firmware updates, and a robust asset-management system. The comments provided by the respondents emphasize that the probability of maintenance issues related to network loss, circuit outages, and power interruptions for IoT devices at ports can be attributed to a combination of factors. The presence of robust infrastructure, professional installation and maintenance practices, comprehensive monitoring systems, preventive maintenance approaches, and technological advancements collectively minimize the probability of such issues. On the other hand, these devices work non-stop. Ports operate around the clock, and IoT devices may be required to work continuously without a break. The constant use of these devices can cause components to wear out, leading to reduced performance and potential failure. In addition, installing IoT devices in areas exposed to heavy machinery or equipment can lead to increased wear and tear. Vibrations and shocks from these sources can cause damage to the devices’ components and lead to premature failure. Based on the feedback provided by the respondents, the critical severity of maintenance issues can be attributed to the presence of redundancy systems, well-prepared contingency plans, proactive monitoring and maintenance practices, technological advancements, and efforts to reduce single points of failure. Ports recognize the significance of these issues and implement measures to minimize the severity and duration of maintenance requirements, ensuring reliable and uninterrupted operation of IoT devices to support efficient port management. Finally, the results (Table S5) from ORM indicate that, overall, there is a medium risk for this category. By investing in these areas, ports can proactively manage their IoT devices, ensuring reliable and uninterrupted operation and optimizing the efficiency of port operations. Mitigating maintenance challenges for IoT devices at ports requires effective strategies and measures to ensure optimal performance and longevity. Firstly, implementing a proactive maintenance approach is essential. This involves conducting regular inspections, preventive maintenance, and predictive analytics to identify potential issues before they escalate into major problems. Secondly, establishing a comprehensive asset-management system is crucial for effectively maintaining IoT devices at ports. This involves keeping an up-to-date inventory of all devices, tracking their locations, and recording their maintenance history.
(vi).
Natural disaster
With the increasing use of IoT devices at ports, there is a growing concern about their vulnerability to environmental factors such as temperature or extreme weather phenomena [58]. While high and low temperatures can potentially affect the performance and longevity of IoT devices, the results and comments provided by the respondents emphasize that the likelihood of such effects is considered medium. One of the primary reasons why the probability of temperature affecting IoT devices at ports is considered of medium importance is due to technological advances. Moreover, modern IoT devices are designed to withstand a wide range of temperatures, making them less susceptible to damage or malfunction due to high or low temperatures. While the probability of temperature changes affecting IoT devices at ports may be unlikely/possible, the severity of such effects can be moderate. High temperatures can cause IoT devices to overheat, leading to performance issues, hardware damage, and even system failure. In ports, high temperatures can be caused by extreme weather conditions or proximity to heat-emitting equipment, such as machinery or vehicles. Low temperatures, however, can cause devices to freeze or become unresponsive, potentially leading to system downtime and decreased productivity. Based on the ORM results, the risk is moderate.
Weather phenomena such as rainstorms, hail, and thunder or natural disasters, e.g., floods, can also pose significant risks to IoT devices. Firstly, the durability and quality of IoT devices play a crucial role in their ability to withstand extreme weather conditions [54]. Devices not designed to operate in harsh weather environments are more likely to fail, resulting in potential damage or loss of critical data. Secondly, the location of the IoT devices is essential. Although the probability of affecting IoT devices at ports due to rainstorms, hail, or thunder is considered unlikely/possible, the severity of the impact can be high/moderate. A damaged or malfunctioning IoT device can delay or disrupt port operations, leading to financial losses and reduced productivity. Moreover, a malfunctioning device can compromise the safety and security of the port, potentially resulting in accidents or security breaches. ORM outcomes highlight the high/moderate risk for these events.
Earthquakes are also natural disasters that can devastate infrastructure and technology. Several factors, including the geological history of the area and the proximity to active fault lines, determine the probability of an earthquake occurring at a particular location. Areas close to fault lines have a higher likelihood of experiencing earthquakes. On the other hand, the severity of the impact of an earthquake on IoT devices at ports depends on several factors, including the magnitude of the earthquake, the distance from the epicenter, and the strength of the infrastructure. In general, the higher the earthquake’s magnitude, the more severe the impact on IoT devices. The findings (Table S6) from ORM present low risk as a result of the earthquake. Mitigating the effects of natural disasters on IoT devices at ports requires a proactive and comprehensive approach. By protecting physical infrastructure, ensuring resilient network connectivity, implementing remote monitoring capabilities, establishing data backup and recovery mechanisms, and investing in training and preparedness, ports can enhance their resilience and minimize the disruptions caused by natural disasters. These measures protect critical IoT devices and contribute to the overall safety, efficiency, and continuity of port operations in the face of natural disasters.

4.2. Overall Results

The analysis of results on risk assessment for IoT devices reveals several key findings, as depicted in Figure 3. Firstly, it is evident that IoT devices possess vulnerabilities that expose them to various risks. According to Figure 3, the results indicate that factors such as CE 1, CE 2, CE 3, PE 1, PE 2, PE 3, HE 2, ME 3, TE 2, and TE 4. present an extremely high risk. Additionally, the analysis highlights the high risk for many factors, such as HE 1, ND 1, TE 5, and NP 7. Furthermore, it’s also clear from the results that factors like ND 2, ND 3, ND 4, ND 5, ND 6, TE 1, TE3, and ME 2 pose a moderate risk. Therefore, manufacturers, developers, and users must prioritize security measures and adopt robust risk-mitigation strategies to safeguard IoT devices according to the risk analysis.

4.3. Discussion of Results

The expected score range would be 0 to 25. Table 2 indicates that the most risky scenarios had the highest mean score.
The scenarios with the highest mean score are related to cybersecurity threats (phishing/Wi-Fi access). The risk of phishing and unauthorized access to Wi-Fi at ports is notably high due to the critical nature of port operations and the vast array of interconnected systems and devices. With numerous personnel, contractors, and visitors accessing Wi-Fi networks, there’s an increased likelihood of unwittingly falling victim to phishing attempts or inadvertently granting unauthorized access to critical systems. The sprawling and diverse network infrastructure at ports, often comprising legacy systems alongside modern technology, creates complexities in maintaining a robust security posture, leaving potential vulnerabilities that cyberattackers can exploit. A comprehensive security strategy should be adopted to minimize the risk of phishing and unauthorized access to Wi-Fi at ports. This involves the implementation of robust encryption protocols for Wi-Fi networks, frequent password changes, and using robust authentication methods. Network segmentation helps isolate critical systems from public access, while regular software updates and patch management address known vulnerabilities. Firewalls, intrusion detection systems, and employee cybersecurity training are pivotal in detecting and preventing phishing attempts and other cyber threats. Additionally, routine security audits, physical access controls, and compliance with relevant regulations form essential components of a multifaceted approach to fortify the port’s cybersecurity infrastructure.
The following most critical scenarios are related to the pandemic (increased demand for the use of IoT devices and staff reduction). The risk posed by a pandemic at ports is notably elevated due to the confluence of increased reliance on IoT devices and the challenges associated with staff reductions. Pandemics often necessitate changes in operational procedures at ports, leading to heightened demand for IoT devices to enable remote monitoring, automated processes, and enhanced efficiency. However, this increased reliance on IoT devices can widen the attack surface, potentially exposing ports to cyber threats, as these devices may have security vulnerabilities or lack adequate protection measures. Simultaneously, staff reductions and operational adjustments due to health concerns and safety protocols can strain resources, limiting the workforce available to manage and secure the expanded IoT infrastructure effectively. This reduction in personnel can result in inadequate oversight, slower response times to security incidents, and difficulties in maintaining stringent cybersecurity protocols, thus amplifying the risk of cyberattacks and disruptions to port operations during a pandemic. Regular staff training and awareness programs should focus on cybersecurity and pandemic-specific safety protocols, ensuring employees are equipped to handle operational challenges and cybersecurity risks effectively.
This research presents several strengths that significantly contribute to the understanding of cybersecurity risks for IoT devices in port environments. Firstly, the application of Operational Risk Management (ORM) methodology provides a structured and systematic approach to identifying and mitigating cybersecurity threats. Additionally, the study’s focus on tailoring the risk-management framework to the operational context of ports addresses a critical gap in the literature, providing practical and actionable solutions specific to this domain.
However, the research also has some notable limitations, which primarily stem from the scope of data collection and the evolving nature of cybersecurity threats. The research draws on data from selected ports, which may not fully capture the diversity of port operations worldwide. This limitation could impact the generalizability of the findings to different types of ports or geographical regions. Furthermore, the rapidly changing cybersecurity landscape means that the findings may become less relevant as new threats and technologies emerge. Continuous updates and revisions to the risk-management framework may be necessary to address these evolving challenges effectively.
Furthermore, integrating mean scores, standard deviations, and confidence levels into the ORM framework evaluation provides a rigorous approach to assessing the reliability of the results. These quantitative measures support the validity of the risk-management strategies proposed and underscore the effectiveness of the ORM methodology in addressing cybersecurity risks for IoT devices in port environments.

5. Conclusions

This research has highlighted the critical importance of effective risk-management strategies for IoT devices within port environments. The rapid proliferation of interconnected devices in ports has presented unprecedented opportunities and daunting challenges regarding security, safety, and operational efficiency. Through an extensive analysis of risk factors, vulnerabilities, and potential threats associated with IoT devices, this research has underscored the necessity for comprehensive risk-management frameworks explicitly tailored to the port industry. The findings of this study emphasize the need for a multidimensional approach to risk management, integrating technological solutions, policy frameworks, and collaborative efforts among stakeholders.
As the IoT continues to expand its footprint within port ecosystems, the recommendations and insights offered in this thesis serve as a foundation for developing proactive risk-management strategies. Implementing these strategies will fortify the security of IoT devices and ensure the resilience and reliability of port operations in the face of potential threats. Ultimately, this research contributes to the advancement of knowledge in the field of risk management for IoT devices in ports and provides a roadmap for safeguarding these critical infrastructures in an increasingly interconnected world.
The results of this study effectively address the research questions outlined in the introduction, providing clear and actionable insights into the cybersecurity risks associated with IoT devices in port environments. The primary research question—how to systematically identify and mitigate cybersecurity risks for IoT devices in ports—has been comprehensively answered through the development of a tailored Operational Risk Management (ORM) framework. This framework not only identifies critical IoT entities and their associated vulnerabilities but also proposes targeted mitigation strategies, directly addressing the need for a structured approach to risk management in this context.
The secondary questions explored the specific vulnerabilities of IoT devices in port. The detailed risk assessment reveals significant vulnerabilities such as phishing, access to Wi-Fi, and staff reduction due to the pandemic. These findings align closely with the introductory objectives, demonstrating that the research effectively answered the critical questions posed at the outset.
The analysis of this research revealed that the most significant risks affecting IoT devices at ports come from cybersecurity threats. IoT devices are vulnerable to cyberattacks due to their connectivity and the sensitive data they transmit. A cybersecurity breach could lead to data theft, system disruptions, and even physical harm to port personnel. Such an attack could also compromise port operations’ safety and security, leading to cargo loss or significant delays. Moreover, the assessment of the findings unveiled that physical disasters are also substantial risks that affect IoT devices at ports. These devices are exposed to various environmental conditions, such as extreme temperatures, humidity, and weather conditions, that could lead to physical damage. The consequences of a physical disaster impacting IoT devices at ports can include cargo handling delays, supply chain visibility disruptions, increased security risks, compromised safety protocols, and financial losses for port operators and businesses relying on port services. The assessment of findings also highlights the importance of implementing robust disaster recovery plans and cybersecurity measures to mitigate such risks and ensure the continuity of port operations.
Future research in cybersecurity for IoT devices in port environments holds significant promise for advancing both theoretical knowledge and practical applications. One of the most promising areas is the development of advanced threat detection and response systems. With the rapid evolution of cyber threats, integrating artificial intelligence into these systems offers the potential to greatly enhance anomaly detection and real-time response capabilities.
Another fertile area for future research is the intersection of cybersecurity and energy efficiency, particularly as ports work toward becoming Near Zero Energy Ports (NZEP). Exploring the cybersecurity challenges associated with advanced energy management systems, smart grids, and renewable energy sources presents an opportunity to develop tailored security protocols that protect these critical technologies while supporting sustainability goals.

Supplementary Materials

The following supporting information can be downloaded at: https://www.mdpi.com/article/10.3390/jmse12091593/s1, Table S1: Terrorism; Table S2: Pandemic; Table S3: Human effect; Table S4: Cybersecurity; Table S5: Maintenance; Table S6: Natural disasters.

Author Contributions

Conceptualization, I.A.; data curation, I.A.; formal analysis, I.A.; investigation, I.A.; methodology, I.A.; writing—original draft, I.A.; writing—review and editing, I.A. and T.T.; supervision, T.T.; validation, T.T. All authors have read and agreed to the published version of the manuscript.

Funding

This research received no external funding.

Institutional Review Board Statement

Not applicable.

Informed Consent Statement

Informed consent was obtained from all subjects involved in the study.

Data Availability Statement

All data referred to in the manuscript.

Conflicts of Interest

The authors declare no conflicts of interest.

Abbreviations

Critical entities (CEs), Fuel cell electric vehicles (FCEVs), Internet of Things (IoT), Operational Risk Management (ORM), Photovoltaic (PV).

References

  1. Alcaraz, C.; Zeadally, S. Critical Infrastructure Protection: Requirements and Challenges for the 21st Century. Int. J. Crit. Infrastruct. Prot. 2015, 8, 53–66. [Google Scholar] [CrossRef]
  2. Pursiainen, C.; Kytömaa, E. From European Critical Infrastructure Protection to the Resilience of European Critical Entities: What Does It Mean? Sustain. Resilient Infrastruct. 2023, 8, 85–101. [Google Scholar] [CrossRef]
  3. Mir, U.; Kar, A.K.; Gupta, M.P. AI-Enabled Digital Identity—Inputs for Stakeholders and Policymakers. J. Sci. Technol. Policy Manag. 2022, 13, 514–541. [Google Scholar] [CrossRef]
  4. Kechagias, E.P.; Chatzistelios, G.; Papadopoulos, G.A.; Apostolou, P. Digital Transformation of the Maritime Industry: A Cybersecurity Systemic Approach. Int. J. Crit. Infrastruct. Prot. 2022, 37, 100526. [Google Scholar] [CrossRef]
  5. Meland, P.H.; Nesheim, D.A.; Bernsmed, K.; Sindre, G. Assessing Cyber Threats for Storyless Systems. J. Inf. Secur. Appl. 2022, 64, 103050. [Google Scholar] [CrossRef]
  6. Gallo, M.; Moreschi, L.; Mazzoccoli, M.; Marotta, V.; Del Borghi, A. Sustainability in Maritime Sector: Waste Management Alternatives Evaluated in a Circular Carbon Economy Perspective. Resources 2020, 9, 41. [Google Scholar] [CrossRef]
  7. Boryczko, K.; Piegdoń, I.; Szpak, D.; Żywiec, J. Risk Assessment of Lack of Water Supply Using the Hydraulic Model of the Water Supply. Resources 2021, 10, 43. [Google Scholar] [CrossRef]
  8. Svaetichin, I.; Inkinen, T. Port Waste Management in the Baltic Sea Area: A Four Port Study on the Legal Requirements, Processes and Collaboration. Sustainability 2017, 9, 699. [Google Scholar] [CrossRef]
  9. Othman, A.; El Gazzar, S.; Knez, M. Investigating the Influences of Smart Port Practices and Technology Employment on Port Sustainable Performance: The Egypt Case. Sustainability 2022, 14, 14014. [Google Scholar] [CrossRef]
  10. Ye, Y.; Geng, P. A Review of Air Pollution Monitoring Technology for Ports. Appl. Sci. 2023, 13, 5049. [Google Scholar] [CrossRef]
  11. Bouhlal, A.; Aitabdelouahid, R.; Marzak, A. The Internet of Things for Smart Ports. Procedia Comput. Sci. 2022, 203, 819–824. [Google Scholar] [CrossRef]
  12. Argyriou, I.; Sifakis, N.; Tsoutsos, T. Ranking Measures to Improve the Sustainability of Mediterranean Ports Based on Multicriteria Decision Analysis: A Case Study of Souda Port, Chania, Crete. Env. Dev. Sustain. 2022, 24, 6449–6466. [Google Scholar] [CrossRef]
  13. Hammi, B.; Zeadally, S.; Khatoun, R.; Nebhen, J. Survey on Smart Homes: Vulnerabilities, Risks, and Countermeasures. Comput. Secur. 2022, 117, 102677. [Google Scholar] [CrossRef]
  14. Argyriou, I.; Daras, T.; Tsoutsos, T. Challenging a Sustainable Port. A Case Study of Souda Port, Chania, Crete. Case Stud. Transp. Policy 2022, 10, 2125–2137. [Google Scholar] [CrossRef]
  15. Noorali, H.; Flint, C.; Abbas Ahmadi, S.; Noorali, H. Port Power: Toward a New Geopolitical World Order. J. Transp. Geogr. 2022. [Google Scholar] [CrossRef]
  16. Agüero-Tobar, M.A.; González-Araya, M.C.; González-Ramírez, R.G. Assessment of Maritime Operations Efficiency and Its Economic Impact Based on Data Envelopment Analysis: A Case Study of Chilean Ports. Res. Transp. Bus. Manag. 2023, 46, 100821. [Google Scholar] [CrossRef]
  17. Wagner, N.; Kotowska, I.; Pluciński, M. The Impact of Improving the Quality of the Port’s Infrastructure on the Shippers’ Decisions. Sustainability 2022, 14, 6255. [Google Scholar] [CrossRef]
  18. Bajaj, C.; Upadhyay, D.K.; Kumar, S.; Kanaujia, B.K. Compact Circularly Polarized Cross Dipole Antenna for RFID Handheld Readers/IoT Applications. AEU Int. J. Electron. Commun. 2022, 155, 154343. [Google Scholar] [CrossRef]
  19. Shrestha, M.; Johansen, C.; Noll, J.; Roverso, D. A Methodology for Security Classification Applied to Smart Grid Infrastructures. Int. J. Crit. Infrastruct. Prot. 2020, 28, 100342. [Google Scholar] [CrossRef]
  20. Jardas, M.; Dundović, Č.; Gulić, M.; Ivanić, K. The Role of Internet of Things on the Development of Ports as a Holder in the Supply Chain. J. Marit. Transp. Sci. 2018, 54, 61–73. [Google Scholar] [CrossRef]
  21. Sunitiyoso, Y.; Nuraeni, S.; Pambudi, N.F.; Inayati, T.; Nurdayat, I.F.; Hadiansyah, F.; Tiara, A.R. Port Performance Factors and Their Interactions: A Systems Thinking Approach. Asian J. Shipp. Logist. 2022, 38, 107–123. [Google Scholar] [CrossRef]
  22. Wang, W.; Harrou, F.; Bouyeddou, B.; Senouci, S.M.; Sun, Y. Cyber-Attacks Detection in Industrial Systems Using Artificial Intelligence-Driven Methods. Int. J. Crit. Infrastruct. Prot. 2022, 38, 100542. [Google Scholar] [CrossRef]
  23. Kadir, Z.A.; Mohammad, R.; Othman, N.; Chelliapan, S.; Amrin, A. RISK Assessment of Human Risk Factors in Port Accidents. Int. J. Mech. Eng. Technol. 2017, 8, 535–551. [Google Scholar]
  24. Lin, W.C.; Cheng, H.H. Enhancing Marine Administrative Management Based on Human Factor through Safety Criteria. J. Mar. Sci. Technol. 2021, 29, 266–276. [Google Scholar] [CrossRef]
  25. González-Cancelas, N.; Serrano, B.M.; Soler-Flores, F.; Camarero-Orive, A. Using the SWOT Methodology to Know the Scope of the Digitalization of the Spanish Ports. Logistics 2020, 4, 20. [Google Scholar] [CrossRef]
  26. Da Rosa, I.O.; De Abreu, J.C.; De Castro Junior, D.F.L.; Silveira-Martins, E.; Miura, M.N. Safety Risk Assessment of Port Facilities. Int. J. Sci. Manag. Tour. 2023, 9, 165–194. [Google Scholar] [CrossRef]
  27. Gunes, B.; Kayisoglu, G.; Bolat, P. Cyber Security Risk Assessment for Seaports: A Case Study of a Container Port. Comput. Secur. 2021, 103, 102196. [Google Scholar] [CrossRef]
  28. Vasiliev, I.I.; Smelov, P.A.; Klimovskih, N.V.; Shevashkevich, M.G.; Donskaya, E.N. Operational Risk Management in A Commercial Bank. Int. J. Eng. Technol. 2018, 7, 524–529. [Google Scholar] [CrossRef]
  29. Smaragdakis, A.; Kamenopoulos, S.; Tsoutsos, T. How Risky Is the Introduction of Fuel Cell Electric Vehicles in a Mediterranean Town? Int. J. Hydrog. Energy 2020, 45, 18075–18088. [Google Scholar] [CrossRef]
  30. Tzezana, R. Scenarios for Crime and Terrorist Attacks Using the Internet of Things. Eur. J. Futures Res. 2016, 4, 18. [Google Scholar] [CrossRef]
  31. Lecue, M.; Darbra, R.M. Accidents in European Ports Involving Chemical Substances: Characteristics and Trends. Saf. Sci. 2019, 115, 278–284. [Google Scholar] [CrossRef]
  32. Yaacoub, J.P.A.; Noura, H.N.; Salman, O.; Chehab, A. Ethical Hacking for IoT: Security Issues, Challenges, Solutions and Recommendations. Internet Things Cyber-Phys. Syst. 2023, 3, 280–308. [Google Scholar] [CrossRef]
  33. Bueger, C.; Liebetrau, T. Critical Maritime Infrastructure Protection: What’s the Trouble? Mar. Policy 2023, 155, 105772. [Google Scholar] [CrossRef]
  34. Sivaraman, S.; Varadharajan, S. Investigative Consequence Analysis: A Case Study Research of Beirut Explosion Accident. J. Loss. Prev. Process Ind. 2021, 69, 104387. [Google Scholar] [CrossRef]
  35. Alsharif, M.; Mishra, S.; AlShehri, M. Impact of Human Vulnerabilities on Cybersecurity. Comput. Syst. Sci. Eng. 2021, 40, 1153–1166. [Google Scholar] [CrossRef]
  36. Tuptuk, N.; Hailes, S. Security of Smart Manufacturing Systems. J. Manuf. Syst. 2018, 47, 93–106. [Google Scholar] [CrossRef]
  37. Caballini, C.; Carboni, A.; Boero, F.; Parodi, F.; Valentini, I.; Paolucci, M.; Rappis, G.N.; Pagano, S. Augmented Reality and Portable Devices to Increase Safety in Container Terminals: The Testing of A4S Project in the Port of Genoa. Transp. Res. Procedia 2023, 69, 344–351. [Google Scholar] [CrossRef]
  38. Yucel, G.; Cebi, S.; Hoege, B.; Ozok, A.F. A Fuzzy Risk Assessment Model for Hospital Information System Implementation. Expert. Syst. Appl. 2012, 39, 1211–1218. [Google Scholar] [CrossRef]
  39. Muñuzuri, J.; Onieva, L.; Cortés, P.; Guadix, J. Using IoT Data and Applications to Improve Port-Based Intermodal Supply Chains. Comput. Ind. Eng. 2020, 139, 105669. [Google Scholar] [CrossRef]
  40. Zhao, Z.; Tang, L. The Impact of COVID-19 on Maritime Pilots: Evidence and Lessons. Mar. Policy. 2023, 153, 105664. [Google Scholar] [CrossRef]
  41. Febriani, E.; Gamayuni, R.R.; Syaipudin, U. Employee Performance during the Covid-19 Pandemic: A Bibliographic Study from Various Perspectives. J. Econ. Financ. Manag. Stud. 2023, 6, 13–23. [Google Scholar] [CrossRef]
  42. Narayanamurthy, G.; Tortorella, G. Impact of COVID-19 Outbreak on Employee Performance—Moderating Role of Industry 4.0 Base Technologies. Int. J. Prod. Econ. 2021, 234, 108075. [Google Scholar] [CrossRef]
  43. Taj, S.; Imran, A.S.; Kastrati, Z.; Daudpota, S.M.; Memon, R.A.; Ahmed, J. IoT-Based Supply Chain Management: A Systematic Literature Review. Internet Things 2023, 24, 100982. [Google Scholar] [CrossRef]
  44. Anbarasan, M.; Muthu, B.A.; Sivaparthipan, C.B.; Sundarasekar, R.; Kadry, S.; Krishnamoorthy, S.; Samuel, D.J.; Dasel, A.A. Detection of Flood Disaster System Based on IoT, Big Data and Convolutional Deep Neural Network. Comput. Commun. 2020, 150, 150–157. [Google Scholar] [CrossRef]
  45. Rak, J.; Girão-Silva, R.; Gomes, T.; Ellinas, G.; Kantarci, B.; Tornatore, M. Disaster Resilience of Optical Networks: State of the Art, Challenges, and Opportunities. Opt. Switch. Netw. 2021, 42, 100619. [Google Scholar] [CrossRef]
  46. Wolf, K.; Dawson, R.J.; Mills, J.P.; Blythe, P.; Robson, C.; Morley, J. Assessing the Impact of Heavy Rainfall on the Newcastle upon Tyne Transport Network Using a Geospatial Data Infrastructure. Resilient Cities Struct. 2023, 2, 24–41. [Google Scholar] [CrossRef]
  47. Garcia-Alonso, L.; Moura, T.G.Z.; Roibas, D. The Effect of Weather Conditions on Port Technical Efficiency. Mar. Policy 2020, 113, 103816. [Google Scholar] [CrossRef]
  48. Arachchige, K.G.; Branch, P.; But, J. Evaluation of Correlation between Temperature of IoT Microcontroller Devices and Blockchain Energy Consumption in Wireless Sensor Networks. Sensors 2023, 23, 6265. [Google Scholar] [CrossRef]
  49. Hu, R.; Liu, G.; Huang, C.; Xu, Z.; Zhou, W. Power Cable Fired by Transient Arcing below the Action Value of Relay Protection: An Analysis of a Medium-Voltage Cable Joint Breakdown Fault. Eng. Fail. Anal. 2023, 145, 107028. [Google Scholar] [CrossRef]
  50. Salman, H.M.; Pasupuleti, J.; Sabry, A.H. Review on Causes of Power Outages and Their Occurrence: Mitigation Strategies. Sustainability 2023, 15, 15001. [Google Scholar] [CrossRef]
  51. Huang, K.; Peng, Y.; Dong, Y.; Chang, X.; Zhou, Z.; Lu, H.; Tang, W.; Wang, G.; Zhang, Q. Friction and Wear Behavior of Multiple Steel Wires with Different Corrosion Extents under Different Lubrication Conditions. Wear 2023, 524–525, 204889. [Google Scholar] [CrossRef]
  52. Schachenhofer, L.; Hirsch, P.; Gronalt, M. How Internet Blackouts Affect Information Flows in Organizations—Analyzing Cascade Effects and Feedback Loops. Int. J. Disaster Risk Reduct. 2023, 98, 104101. [Google Scholar] [CrossRef]
  53. Chaves, A.; Rice, M.; Dunlap, S.; Pecarina, J. Improving the Cyber Resilience of Industrial Control Systems. Int. J. Crit. Infrastruct. Prot. 2017, 17, 30–48. [Google Scholar] [CrossRef]
  54. Torabi, S.; Bou-Harb, E.; Assi, C.; Karbab, E.B.; Boukhtouta, A.; Debbabi, M. Inferring and Investigating IoT-Generated Scanning Campaigns Targeting a Large Network Telescope. IEEE Trans. Dependable Secur. Comput. 2022, 19, 402–418. [Google Scholar] [CrossRef]
  55. Shen, L.; Tang, Y.; Tang, L.C. Understanding Key Factors Affecting Power Systems Resilience. Reliab. Eng. Syst. Saf. 2021, 212, 107621. [Google Scholar] [CrossRef]
  56. Chiappetta, A. Hybrid Ports: The Role of IoT and CyberSecurity in the next Decade. J. Sustain. Dev. Transp. Logist. 2017, 2, 47–56. [Google Scholar] [CrossRef]
  57. Tsavdaroglou, M.; Al-Jibouri, S.H.S.; Bles, T.; Halman, J.I.M. Proposed Methodology for Risk Analysis of Interdependent Critical Infrastructures to Extreme Weather Events. Int. J. Crit. Infrastruct. Prot. 2018, 21, 57–71. [Google Scholar] [CrossRef]
  58. van den Honert, R.C. Improving Decision Making about Natural Disaster Mitigation Funding in Australia-A Framework. Resources 2016, 5, 28. [Google Scholar] [CrossRef]
Jmse 12 01593 g001
Figure 1. Flowchart: Steps of the proposed methodology.
Figure 1. Flowchart: Steps of the proposed methodology.
Jmse 12 01593 g001
Jmse 12 01593 g002
Figure 2. Risk Assessment Matrix.
Figure 2. Risk Assessment Matrix.
Jmse 12 01593 g002
Jmse 12 01593 g003
Figure 3. Risk Matrix based on results.
Figure 3. Risk Matrix based on results.
Jmse 12 01593 g003
Table 1. List of the potential ΙοΤ hazards.
Table 1. List of the potential ΙοΤ hazards.
Source HazardsEffect toLiterature
Terrorism
Attack from chemical agentTE 1Damage to IoT devices, HealthHuman, Environment, Equipment[30,31]
CyberattackTE 2Damage to IoT devicesEquipment[32]
Armed personTE 3Damage to IoT devices, HealthHuman, Equipment[33]
Explosive device explosion with loss of manpowerTE 4Health hazardHuman[34]
Explosive device
explosion with loss of logistical equipment		TE 5Damage to IoT
devices		Equipment
Human effect
Unintentional human errorHE 1Damage to IoT devicesHuman, Equipment[35]
SabotageHE 2Damage to IoT devicesHuman, Equipment[36,37,38]
Pandemic
Increased demand for the use of ΙοΤ devicesPE 1Damage to IoT devicesEquipment[39]
Staff reductionPE 2Health hazardHuman[40,41,42]
Supply chain disruptionsPE 3Damage to IoT devicesEquipment[43]
Natural disasters
Heavy rainfallND 1Damage to IoT DevicesEquipment[44,45,46]
EarthquakeND 2Damage to IoT devicesHuman, Environment, Equipment
High temperatureND 3Damage to IoT devicesEquipment[47]
Low temperatureND 4Damage to IoT devicesEquipment[48]
ThunderND 5Damage to IoT devicesEquipment
HailND 6Damage to IoT devicesEquipment
MoistureND 7Damage to IoT devicesEquipment[49]
Maintenance
Power outageME 1Damage to IoT devicesEquipment[50]
Physiological wear and tear of equipmentME 2Damage to IoT devicesEquipment[51]
Internet network lossME 3Damage to IoT devicesEquipment[52]
Power disturbanceME 4Damage to IoT devicesEquipment[53,54]
Short circuitME 5Damage to IoT devicesEquipment
Cybersecurity
MalwareCE 1Damage to IoT devicesEquipment[54]
PhishingCE 2Damage to IoT devicesEquipment[55]
Access to Wi-FiCE 3Damage to IoT devicesEquipment[56,57]
Table 2. Assessment of scenarios.
Table 2. Assessment of scenarios.
ScenarioMean ScoreStandard DeviationConfidence Level
CE211.64.151.9
CE312.33.501.6
PE213.13.31.5
PE311.52.71.2
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content.

Share and Cite

MDPI and ACS Style

Argyriou, I.; Tsoutsos, T. Assessing Critical Entities: Risk Management for IoT Devices in Ports. J. Mar. Sci. Eng. 2024, 12, 1593. https://doi.org/10.3390/jmse12091593

AMA Style

Argyriou I, Tsoutsos T. Assessing Critical Entities: Risk Management for IoT Devices in Ports. Journal of Marine Science and Engineering. 2024; 12(9):1593. https://doi.org/10.3390/jmse12091593

Chicago/Turabian Style

Argyriou, Ioannis, and Theocharis Tsoutsos. 2024. "Assessing Critical Entities: Risk Management for IoT Devices in Ports" Journal of Marine Science and Engineering 12, no. 9: 1593. https://doi.org/10.3390/jmse12091593

Note that from the first issue of 2016, this journal uses article numbers instead of page numbers. See further details here.

Article Metrics

Back to TopTop