Citation: Grigoriadis, C.; Laborde, R.;
Verdier, A; Kotzanikolaou, P.
An Adaptive, Situation-Based Risk
Assessment and Security
Enforcement Framework for the
Maritime Sector. Sensors 2022, 22, 238.
https://doi.org/10.3390/s22010238
Academic Editors: Alexios Mylonas
and Nikolaos Pitropakis
Received: 15 November 2021
Accepted: 22 December 2021
Published: 29 December 2021
Publisher’s Note: MDPI stays neutral
with regard to jurisdictional claims in
published maps and institutional affil-
iations.
Copyright: © 2021 by the authors.
Licensee MDPI, Basel, Switzerland.
This article is an open access article
distributed under the terms and
conditions of the Creative Commons
Attribution (CC BY) license (https://
creativecommons.org/licenses/by/
4.0/).
Article
An Adaptive, Situation-Based Risk Assessment and Security
Enforcement Framework for the Maritime Sector
Christos Grigoriadis
1,
*
,†
, Romain Laborde
2,†
, Antonin Verdier
2
and Panayiotis Kotzanikolaou
1,
*
,†
1
SecLab, Department of Informatics, University of Piraeus, Karaoli & Dimitriou 80, 18534 Piraeus, Greece;
2
Institut de Recherche en Informatique de Toulouse (IRIT), Université Paul Sabatier, 31062 Toulouse, France;
Romain.Laborde@irit.fr (R.L.); antonin.verdier1@univ-tlse3.fr (A.V.)
* Correspondence: cgrigoriadis@unipi.gr (C.G.); pkotzani@unipi.gr (P.K.); Tel.: +30-2104142123 (C.G.)
† These authors contributed equally to this work.
Abstract:
Maritime processes involve actors and systems that continuously change their underlying
environment, location and threat exposure. Thus, risk mitigation requires a dynamic risk assessment
process, coupled with an adaptive, event driven security enforcement mechanism, to efficiently deal
with dynamically evolving risks in a cost efficient manner. In this paper, we propose an adaptive
security framework that covers both situational risk assessment and situational driven security
policy deployment. We extend MITIGATE, a maritime-specific risk assessment methodology, to
capture situations in the risk assessment process and thus produce fine-grained and situation-specific,
dynamic risk estimations. Then, we integrate DynSMAUG, a situation-driven security management
system, to enforce adaptive security policies that dynamically implement security controls specific
to each situation. To validate the proposed framework, we test it based on maritime cargo transfer
service. We utilize various maritime specific and generic systems employed during cargo transfer, to
produce dynamic risks for various situations. Our results show that the proposed framework can
effectively assess dynamic risks per situation and automate the enforcement of adaptive security
controls per situation. This is an important improvement in contrast to static and situation-agnostic
risk assessment frameworks, where security controls always default to worst-case risks, with a
consequent impact on the cost and the applicability of proper security controls.
Keywords:
adaptive security; event management and analytics; situation-based risk assessment;
situational policy elicitation and enforcement
1. Introduction
Maritime transport is a complex environment involving various actors with differ-
ent objectives, cyber and physical components and interconnected systems. It utilizes
critical infrastructures and systems for service provisioning, such as port facilities and
specialized systems. In modern maritime systems, most processes are (semi)automated
and controlled by maritime SCADA, which control the underlying systems. At the port
side, the Port Management System (PMS) orchestrates all the supply chain processes, by
receiving information from the Terminal Operating System (TOS), which monitors the loca-
tion of containers and handling of other equipment (e.g., cranes) through Optical Character
Recognition (OCR), Radio Frequency Identification Devices (RFIDs) and GPS systems (see
Figure 1
). Typical ship side systems include: the Automatic Identification System (AIS), a
tracking system transmitting information related with the course, speed or type of cargo,
which is mainly used for collision avoidance; the Vessel Traffic Service (VTS), which is
mainly for marine traffic monitoring; and the Electronic Chart Display Information System
(ECDIS), a navigational chart display that receives data by other control systems, to assist
ship crew in ship navigation.
Sensors 2022, 22, 238. https://doi.org/10.3390/s22010238 https://www.mdpi.com/journal/sensors
