Modelling Human Tasks to Enhance Threat Identification in Critical Maritime Systems
Résumé
Maritime supply chains involve various infrastructures and human actors, belonging to different organizations with diverse business and operational goals. Existing cybersecurity risk assessment methods are mainly focused on the identification of malicious actors and the relevant cyber threats. Nevertheless, threats can also arise from operators’ tasks and errors, while interacting with information systems. In this paper, we analyze how human task modeling techniques support the identification of cyber threats on supply chain operators’ tasks. In particular, we focus on external attackers threatening supply chain operators’ tasks, on internal supply chain operators making errors during planned tasks, as well as on insiders deviating from planned tasks. We present the application of the proposed technique on the MITIGATE risk assessment methodology. In addition, we describe an illustrative example of a maritime transport supply chain service process involving four types of users deriving from three types of organizations, who implement tasks ranging from the cargo manifest declaration to the maritime requested services preparation.