Cyber-attack impact estimation for a port

Abstract

Purpose: We investigate consequences of a cyber-attack on a port through a simulation model. Motivated by the impact of NotPetya on the container company A.P. Møller-Maersk and the entire supply chain we propose a method to estimate the consequences. Such estimation is a first step towards the identification of protection measures. Methodology: We represent a port as a network of interdependent cyber and physical assets. The operational state of each component is measured on a 3-tier scale and may change due to external problems. The components reaction on security incidents is modeled using Mealy automata. Findings: An implementation of the model as a network of coupled Mealy automata allows simulation of the dynamics after a security incident. This gives an overview on the expected condition of each component over time. The results can be visualized to identify parts that are particularly at danger. Originality: The approach takes into account different kind of information on the cyber and physical system but also learns from past incidents. The automata simulation model provides estimate on the future behavior. Existing data may be used for validation.