A Proposal For A Monte Carlo Simulation-Based Risk Framework With Optimal Cost Balance For The Maritime Industry

Yıl 2024, Cilt: 6 Sayı: 3, 268 - 289, 31.12.2024

Saim Atalay Keleştemur , Süha Atatüre , Güldem Elmas

https://doi.org/10.38009/ekimad.1516613

Öz

The maritime industry has played a vital role in international trade since the earliest periods of human history, facilitating the movement of approximately 90% of global trade. Modern ships are increasingly equipped with sophisticated computing infrastructure to enhance navigation, communication, and operational efficiency. This technological evolution has transformed maritime operations, providing numerous advantages such as improved safety, efficiency, and communication. However, the integration of advanced computer systems also introduces significant cyber threats, which can compromise vessel operations, safety, and security. This study proposes a comprehensive cyber risk framework tailored for the maritime industry, employing Monte Carlo simulation to analyze and quantify risks for each vessel component. The risk calculation is based on the MITRE Common Attack Pattern Enumeration and Classification (CAPEC) database, providing a detailed and structured approach to identifying potential cyber threats. The study utilizes the Multiplicative Effect Approach in its cyber risk analysis methods, allowing for a nuanced understanding of how various risk factors interact and amplify the overall risk profile. The framework is designed to help maritime companies prioritize risk mitigation efforts, ensuring that available funds are allocated in a manner that maximizes risk reduction. By simulating various scenarios and their potential impacts, the framework provides actionable insights into the most effective cybersecurity measures. This approach enables maritime organizations to develop targeted strategies for enhancing their cyber resilience, ultimately contributing to the safety and reliability of global maritime trade.

Anahtar Kelimeler

Maritime, Cybersecurity, Risk Analysis, Monte Carlo, Optimal Cost Balance

Denizcilik Endüstrisi İçin Optimum Maliyet Dengesi İle Monte Carlo Simülasyonu Tabanlı Bir Risk Çerçevesi Önerisi

Öz

Denizcilik endüstrisi, insanlık tarihinin en eski dönemlerinden beri uluslararası ticarette hayati bir rol oynamış ve dünya ticaretinin yaklaşık %90'ının taşınmasını sağlamıştır. Modern gemiler, navigasyon, iletişim ve operasyonel verimliliği artırmak için giderek daha fazla sofistike bilgi işlem altyapısıyla donatılmaktadır. Bu teknolojik evrim, denizcilik operasyonlarını dönüştürmüş, gelişmiş güvenlik, verimlilik ve iletişim gibi birçok avantaj sağlamıştır. Ancak, gelişmiş bilgisayar sistemlerinin entegrasyonu, gemi operasyonlarını, güvenliğini ve emniyetini tehlikeye atabilecek önemli siber tehditleri de beraberinde getirmektedir. Bu çalışma, denizcilik endüstrisi için özel olarak tasarlanmış kapsamlı bir siber risk çerçevesi önermektedir. Her bir gemi bileşeni için riskleri analiz etmek ve nicelleştirmek amacıyla Monte Carlo simülasyonu kullanılmaktadır. Risk hesaplaması, potansiyel siber tehditleri belirlemek için ayrıntılı ve yapılandırılmış bir yaklaşım sunan MITRE Common Attack Pattern Enumeration and Classification (CAPEC) veritabanına dayanmaktadır. Çalışma, siber risk analiz yöntemlerinde Çarpan Etkisi Yaklaşımı'nı kullanarak, çeşitli risk faktörlerinin nasıl etkileşime girdiğini ve genel risk profilini nasıl artırdığını daha ince bir şekilde anlamayı sağlamaktadır. Önerilen çerçeve, denizcilik şirketlerinin risk azaltma çabalarını önceliklendirmelerine yardımcı olacak şekilde tasarlanmıştır ve mevcut bütçenin risk azaltımını maksimize edecek şekilde tahsis edilmesini sağlamaktadır. Çereve, farklı senaryoları ve bunların potansiyel etkilerini simüle ederek, en etkili siber güvenlik önlemleri hakkında uygulanabilir içgörüler sunmaktadır. Bu yaklaşım, denizcilik işletmelerinin siber dayanınıklığını artırmak için hedeflenmiş stratejiler geliştirmelerine olanak tanımakta ve küresel deniz ticaretinin güvenliği ve güvenilirliğine katkıda bulunmaktadır.

Anahtar Kelimeler

Denizcilik, Siber Güvenlik, Risk Analizi, Monte Carlo, Optimum Maliyet Dengesi

Kaynakça

• Al-Sada, B., Sadighian, A., & Oligeri, G. (2024). Analysis and characterization of cyber threats leveraging the mitre att&ck database. IEEE Access, 12, 1217-1234. https://doi.org/10.1109/access.2023.3344680
• Balduzzi, M., Pasta, A., & Wilhoit, K. (2014). A security evaluation of ais automated identification system. Proceedings of the 30th Annual Computer Security Applications Conference. https://doi.org/10.1145/2664243.2664257
• Bakar, N. A. (2019). Monte Carlo simulation for data volatility analysis of stock prices in Islamic finance for Malaysia composite index. International Journal of Advanced Engineering Research and Science, 6(3), 6-12. https://doi.org/10.22161/ijaers.6.3.2
• BBC. (2016). North Korea 'jamming GPS signals' near South border. Erişim adresi: https://www.bbc.com/news/world-asia-35940542
• Blonigen, B. A., & Wilson, W. W. (2007). Port efficiency and trade flows*. Review of International Economics, 16(1), 21-36. https://doi.org/10.1111/j.1467-9396.2007.00723.x
• Cuong, T. N., Xu, X., Lee, S., & You, S. (2020). Dynamic analysis and management optimization for maritime supply chains using nonlinear control theory. Journal of International Maritime Safety, Environmental Affairs, and Shipping, 4(2), 48-55. https://doi.org/10.1080/25725084.2020.1784530
• Data Breach Today. (2014). Navy Systems Admin. Faces Hacking Charge. Erişim adresi: https://www.databreachtoday.asia/navy-systems-admin-faces-hacking-charge-a-6816
• Dimitrov, V. (2023). Capec ontology. Annual of Sofia University St. Kliment Ohridski. Faculty of Mathematics and Informatics, 110, 63-83. https://doi.org/10.60063/gsu.fmi.110.63-83
• Drilling Contractor. (2015). Industry recognizing need for better cyber defenses as hackers become more sophisticated and drilling equipment becomes more interconnected. Erişim adresi: https://drillingcontractor.org/drilling-cybersecurity-36727
• Grapa, A., & Lemoncito, E. (2021). Maritime security in coastwise domestic shipping as perceived by cadets. Pedagogika-Pedagogy, 93(7s), 197-207. https://doi.org/10.53656/ped21-7s.17mari
• Karamperidis, S., Kapalidis, C., & Watson, T. (2021). Maritime cyber security: a global challenge tackled through distinct regional approaches. Journal of Marine Science and Engineering, 9(12), 1323. https://doi.org/10.3390/jmse9121323
• Kim, H., Kwon, H. J., & Kim, K. K. (2018). Modified cyber kill chain model for multimedia service environments. Multimedia Tools and Applications, 78(3), 3153-3170. https://doi.org/10.1007/s11042-018-5897-5
• Liu, R. (2024). Monte-Carlo simulations and applications in machine learning, option pricing, and quantum processes. Highlights in Science, Engineering and Technology, 88, 1132-1137. https://doi.org/10.54097/5yrtzt20
• Los Angeles Times. (2017). Cyberattack cost Maersk as much as $300 million and disrupted operations for 2 weeks. Erişim adresi: https://www.latimes.com/business/la-fi-maersk-cyberattack-20170817-story.html
• Maritime Executive. (2021). South Korean Shipbuilder DSME Confirms New Possible Cyber Attack. Erişim adresi: https://maritime-executive.com/article/south-korean-shipbuilder-dsme-confirms-new-possible-cyber-attack
• NHL Stenden University of Applied Sciences. (2023). MCAD Maritime Cyber Attack Database. Erişim adresi: https://maritimecybersecurity.nl
• Papageorgiou, P., Dermatis, Z., Anastasiou, A., Liargovas, P., & Papadimitriou, S. (2023). Using a proposed risk computation procedure and bow-tie diagram as a method for maritime security assessment. Transportation Research Record: Journal of the Transportation Research Board, 2678(2), 318-339. https://doi.org/10.1177/03611981231173641
• Pecina, K., Estremera, R., Bilbao, A., & Bilbao, E. (2011). Physical and logical security management organization model based on ISO 31000 and ISO 27001. 2011 Carnahan Conference on Security Technology. https://doi.org/10.1109/ccst.2011.6095894
• Port Technology International. (2022). Dated security patches potential cause behind European port cyber attacks. Erişim adresi: https://www.porttechnology.org/news/dated-security-patches-potential-cause-behind-european-port-cyber-attacks/
• Progoulakis, I., Rohmeyer, P., & Nikitakos, N. (2021). Cyber physical systems security for maritime assets. Journal of Marine Science and Engineering, 9(12), 1384. https://doi.org/10.3390/jmse9121384
• Radonja, R., & Glujić, D. (2020). Safety aspects of ISPS code onboard practice. Naše More, 67(2), 178-180. https://doi.org/10.17818/nm/2020/2.11
• Safety4Sea. (2019). Cyber Security challenges for the maritime industry. Erişim adresi: https://safety4sea.com/cm-cyber-security-challenges-for-the-maritime-industry/
• Seatrade Maritime. (2013). Antwerp incident highlights maritime IT security risk. Erişim adresi: https://www.seatrade-maritime.com/europe/antwerp-incident-highlights-maritime-it-security-risk
• Seatrade Maritime. (2020). MSC confirms malware attack caused website outage. Erişim adresi: https://www.seatrade-maritime.com/containers/msc-confirms-malware-attack-caused-website-outage
• Security Week. (2023). Japan’s Nagoya Port Suspends Cargo Operations Following Ransomware Attack. Erişim adresi: https://www.securityweek.com/japans-nagoya-port-suspends-cargo-operations-following-ransomware-attack/
• Seid, E., Popov, O., & Blix, F. (2024). Security attack behavioural pattern analysis for critical service providers. Journal of Cybersecurity and Privacy, 4(1), 55-75. https://doi.org/10.3390/jcp4010004
• Soner, O., Kayisioglu, G., Bolat, P., & Tam, K. (2024). An investigation of ransomware incidents in the maritime industry: Exploring the key risk factors. University of Plymouth. https://doi.org/10.1177/1748006X241283093
• Tam, K., & Jones, K. (2019). Macra: a model-based framework for maritime cyber-risk assessment. WMU Journal of Maritime Affairs, 18(1), 129-163. https://doi.org/10.1007/s13437-019-00162-2
• The Jerusalem Post. (2012). Iran official: Cyber attackers target oil platforms. Erişim adresi: https://www.jpost.com/Iranian-Threat/News/Iran-official-Cyber-attackers-target-oil-platforms
• Wu, M., & Pan, J. (2018). Research on Monte Carlo application based on Hadoop. ITM Web of Conferences, 17, 03021. https://doi.org/10.1051/itmconf/20181703021
• Xiong, W., Legrand, E., Åberg, O., & Lagerström, R. (2021). Cyber security threat modeling based on the mitre enterprise attack matrix. Software and Systems Modeling, 21(1), 157-177. https://doi.org/10.1007/s10270-021-00898-7