Abstract
Maritime supply chain is a dynamic system in which a set of organizations, people, activities, information and resources are involved aiming at delivering a service or a product to the final users. The paper describes the business processes of a representative example of a cross-border supply chain service, namely the “Vehicles Transport Chain”; analyses its interdependencies and threats; revealing the limitations of existing risk management methodologies in terms of addressing the cascading effects and the complexity of the maritime security ecosystem; highlights and underlines the need for a targeted risk assessment approach applicable to maritime supply chains.
You have full access to this open access chapter, Download conference paper PDF
1 Introduction
The maritime supply chains consist of interconnected business partners (port authorities, ministries, maritime companies, ship industry, customs agencies, maritime/insurance companies) other CIs (e.g. airports, energy, telecommunication), people, processes, services, products, and other elements. This complex chain has become lately highly dependent upon ICT in order to provide innovative services in the highly competitive maritime digital trade [1].
The ports play a major role in the maritime supply chain and their infrastructures have interdependencies at multiple levels (local, national, international). In this context, they interact closely with all actors in the complex maritime eco-system. As a result, port stakeholders (notably port security operators and port facilities operators) have to deal with internal, external and diffused cyber/physical threats rising from the whole maritime supply chain.
The paper aims to present a systematic analysis of an important cross-border supply chain service (SCS), namely the “Vehicles Transport Chain”. This SCS has been selected based on specific criteria: (i) European level nature: most of the biggest commercial ports in Europe (e.g. Piraeus and Valencia Port Authorities) offer or are involved in this service; (ii) Economic enablers: this operation has a high economic impact on the ports as well as the European economy as a whole, for example in the port of Piraeus, the traffic of local and transit vehicles from 2009 to 2014 ranges from 276 k to 459 k per year; and (iii) Environmental importance: the transit of vehicles through the ports can cause dangerous water or environmental pollution events.
The analysis follows specific four (4) stages: description of business goals, business partners involved in the provision of the service, types of interdependencies among business partners and threats and risks related to the processes. Finally, the paper highlights the need for a new, targeted multi-dependency approach to risk assessment to deal with the cascading effects risks, threats and vulnerabilities, associated with the maritime supply chain.
2 State of the Art
2.1 Dependencies Analysis Approaches
A dependency or interdependency is a relationship between two entities involved in the maritime supply chain. This relationship can be considered as an interaction between two maritime entities which is either unidirectional or bidirectional. This relationship depicts how one process, activity or resource relies upon another. In this case, a supply chain actor may depend on another entity in order to perform a critical business process.
A framework to study interdependencies was proposed by Rinaldi et al. [2]. In this paper the authors separate the important factors that need to be taken into account in risk assessment, into six dimensions. These dimensions are: types of interdependencies, infrastructure, environment, coupling and response behavior, infrastructure characteristics, types of failures, and state of operations. In addition, these six dimensions are further analyzed to subtypes and substates. The infrastructures that are studied in this paper have wide impact in everyone and include electric power, natural gas and petroleum production and distribution, telecommunications (information and communications), transportation, water supply, banking and finance, emergency and government services, agriculture, and other fundamental systems and services. Furthermore, they present the most vital classes of interdependencies, which are: physical, cyber, geographic, logical and social. Moreover, environmental changes have crucial implications for interdependencies and how they affect the states of infrastructures and how they operate.
According to [3] the methodologies for dependency modeling, simulation and analysis have been recently categorized in the following broad categories:
-
i.
Empirical approaches: they focus on the study of the impact (e.g. [4]) and/or the risk related with the dependencies between CIs [5, 6] and their potential cascading effects according to historical accident or disaster data and expert experience [5, 7];
-
ii.
Agent-based approaches: they treat the CIs as complex adaptive systems and adopt an agent-based model to simulate their behaviors [8–12];
-
iii.
System dynamics based approaches: they analyze the CIs and model their dependencies by capturing important causes and effects under disruptive scenarios [13–18];
-
iv.
Economic based approaches: they provide a representation and interpretation of the CIs’ interdependencies in terms of economic models [19–23];
-
v.
Network based approaches: they focus on the flow of products or services exchanged between CIs describing the topologies and flow patterns of the interdependencies[24–26]; and
-
vi.
Other: they aim at capturing and analyzing the characteristics of the CIs using different models such as the hierarchical holographic modeling (HHM) method [27–33]
All the above-mentioned methodologies follow diverse approaches to capture CIs’ behavior and analyze their interdependencies.
The paper follows a network based approach in order to analyze and depict the dependencies among the entities involved the Vehicles Transport Chain scenario described in the following Section. In particular, each entity is represented as a node and their physical and cyber connections are represented as links.
3 Supply Chain Service: Vehicles Transport Chain
This Section describes a representative example of a maritime supply chain that involves the shipment and receipt of various types of vehicles and equipment such as trucks, vans, truck trailers, threshing machines etc. The Vehicles Transport Chain is a relatively long and complicated process that involves domestic and international transportation, warehouse management, order and inventory control, materials handling, import/export facilitation, and information technology.
3.1 Vehicles Transport Chain Entities
The Vehicles Transport Chain is a massively complex system with numerous players, including shippers, transport operators. The key business partners (port related entities) involved in the chain are the following:
-
Importer: entities that initiate the vehicles transport supply chain, who owns the vehicles to be transported, both to be exported or imported.
-
Industry: The automobile industry that produces the vehicles and equipment such as automobiles, trucks, semi-trailer trucks, trailers, and railroad cars etc.
-
Ship Agents: a business partner that is responsible for the transports of the vehicles by the sea (via ships). Usually, the Agent does not own ships and acts as charterers; the chartering contracts are for long periods or even without a time prescription.
-
Ship-owners: the owner of a merchant vessel (commercial ship). The ship-owner is someone who equips and exploits a ship, for delivering cargo at a certain freight rate, either as a per freight rate (given price for the transport of a certain cargo between two given ports) or based on hire (a rate per day).
-
Public Administrations: Local Authorities represent a number of local public stakeholders that are involved and play a crucial role in the Vehicles Transport Chain process including:
-
Port Authorities: manages the areas where port operations take place. These port operations usually involve physical operations (stevedoring, loading, unloading, storage, transportation, inspection, etc.) as well as information and data flow operations through networks, document management systems, databases, portals, etc. (forwarding, invoicing, pre-arrival notifications, customs clearance documentation management, ISPS declaration, etc.) between the port operators and the other entities involved in these operations in any way.
-
Customs Authorities: responsible to overview the implementation of the customs clearance procedures for the clearance of the vehicles from customs control of an importer’s consignment.
-
-
Local Agent: has primary responsibility to complete shipping and customs documentation, and arrange for vehicles transportation. Agents assist businesses and individuals (Importers) who need to ship the vehicles from one country to another.
-
Insurance Company: provides coverage to the Importer for damages to the vehicles resulting from incident during their transportation, loading, unloading, or storage.
3.2 Vehicles Transport Chain Processes
This Section describes the main interactions among the entities engaged in the vehicles transport chain. This process can be divided into the following four (4) sub-processes:
A. Purchase and Shipment Phase (Fig. 1). The Importer sends a purchase order to the Industry that contains its orders for a number of vehicles. When both Importer and Industry have agreed upon the terms and conditions of the contract like pricing, documentation, freight charges, currency etc., the latest proceeds to complete the order. The Industry is seeking to contract a Ship Agent or a Ship Owner to deliver the vehicles to the destination port defined by the Importer. Also, the Industry makes the arrangements with the Public Administrations (port and customs authorities etc.) and transfers the vehicles to the Port for loading. The Ship Agent or the Ship Owner makes the arrangements with the Public Administration (management of the ship formalities including the Manifest) related to the authorization processes which take place from the entry of the ship into the port until its exit and then proceed to load the vehicles into the vessel for shipment to the destination Port. Finally, they undertake the responsibility to send the relevant documentation to the Importer’s Local Agent which has the responsible for the ship arrival and the regional procedure of receiving and delivering the vessel to the importer.
Purchase and shipment phase
B. Pre-arrival Phase (Fig. 2). In this phase, the Local Agent of the Importer has to arrange various details about the vessel docking and unloading of the vehicles at the Port terminals. In this context, it has to interact with the following entities:
Pre-arrival phase
-
Customs Authority: the Local Agent submits the manifest of the vessel and receives the Manifest Registration Number (MRN).
-
Public Administrations: the Local Agent submits the ship formalities requesting docking clearance. Once the agent grants permission for the vessel to dock at the port, informs the ship (captain) about the docking arrangements.
-
Insurance Company: the Local Agent negotiates and signs a contract with the Insurance Company for the provision of insurance cover for damages to the vehicles.
-
Vehicle Transport Company: the Local Agent employs a Transport Company to transfer the vehicles from the docks to the Importer’s yard.
C. Port’s Services Requested Phase (Fig. 3). The Local Agent submits the Manifest Registration Number (MRN) received from the Custom to the Port Authority requesting services for the vessel such as, mooring, lacing, personnel (drivers for transferring the cars from the ship to storage area, etc.). This process is performed via the Port Community System (PCS) that is an electronic platform which connects the multiple systems operated by a variety of organizations involved in the port’s supply chain. Actually, this system facilitates the secure and efficient electronic exchange of information between the public and private stakeholders and allows the automatisation and the smooth operation of the port and logistics processes through a single request submission. In this context, the following steps should be followed:
Port’s services requested phase
-
i.
The Local Agent shall prepare and submit an application form to the Port Community System (PCS).
-
ii.
The Local Agent follows the prepayment procedures using e-Banking through the PCS.
-
iii.
An Email or SMS is sent by the Destination port to the Local Agent, referencing the newly received request.
-
iv.
The submitted request is processed by the representatives of the Port Authority.
-
v.
The necessary resources and services are allocated by the Port Authority.
-
vi.
Finally, a notification (via Email or SMS) is dispatched to the Local Agent containing the status of the whole process.
The PCS acts as a centralized system for the collection, dissemination and management of the information related to the request and provision of ports’ services.
D. Port’s Requesting Services and Delivery Phase (Fig. 4). In this phase the vessel approaches the port and receives all services requested by the Local Agent. In this context, the port’s equipment (ship-to-shore cranes, yard tractors, forklifts, etc.) and port personnel should be available to unload the vehicles and store them to the port’s facilities. Then, the Transport Company has the responsible to transfer the vehicles from the port to the Importer. The Insurance Company oversees the whole process in order to identify possible damages to the vehicles occurred during transportation process and report them to the Local Agent. The Latest informs the Importer about the status of the process.
Port’s requesting services and delivery phase
3.3 Entities Dependencies
According to the Vehicles supply chain scenario described in the previous section, the interaction of the involved entities could be through physical or non-physical flows. Theses interactions can be classified into four (4) main types of interdependencies as follows:
-
1.
Access to cyber-systems: The access could be to a database, to operational systems, networks, etc.
-
2.
Interaction with cyber-systems: The interaction could be by sharing information, the offer of common services, etc.
-
3.
Access to physical facilities: These facilities are buildings, terminals, etc.
-
4.
Usage of physical facilities: The use could be for warehousing, offering a service, for hosting an installation, etc.
In general, the interdependencies among the key entities can be summarized in Table 1.
4 Threats and Consequences to Vehicles Transport Chain Service
The rise of crime, cybercrime and terrorism poses significant threats to supply chain continuity. Therefore, if a security incident or a failure occurs in a supply chain actor (supply chain link), this will affect the normal operation of the whole Vehicles supply chain, partially or completely leading to disruptions or outages it its operation. In the literature, three types of failures [2] have been identified:
-
Cascading failure: a disruption in the operation of a supply chain actor may cause the failure of a component/element in an interconnected entity.
-
Common-Cause failure: an incident may cause the disruption of the operation of two or more supply chain actors simultaneously.
-
Escalating failure: a disruption in the operation of a supply chain actor may trigger an independent disruption of an interconnected entity.
The identification of the threats and risks in the Vehicles Transport Chain is a difficult process. The difficulties are partly due to the complexity induced by the large number of related and interdependent activities (data flows and physical operations) in the supply chain. Thus, understanding the interdependencies and the complex causal relationships in the supply chain is therefore crucial to the successful management of these activities as well as to the assessment of the corresponding threats.
Based on the analysis of the Vehicles Transport Chain flows and relationships the threats can be classified in the following categories based on the target of an examined threat:
-
TC-1: Infrastructural Threats. This category includes threats targeted to the infrastructure elements of a business partner (buildings, gates, warehouses, tracks, CCTV systems etc.). Notable examples of threats are the destruction of the warehouse of the stored vehicles due to a deliberate action (e.g. bombing attack) or a physical threat or a physical disaster (e.g. earthquake).
-
TC-2: Information & ICT Threats. This category includes threats targeted to the information and ICT elements of a business partner (data, systems, software, hardware etc.). Representative example is the unauthorized access to the supply chain’s information/documentation systems for the purpose of disrupting operations or facilitating illegal activities.
-
TC-3: Threats related with Personnel Security & Safety. This category includes human centric threat scenarios. This category includes threat against the life of people involved in the Vehicles Transport Chain.
-
TC-4: Threats related with Goods and Conveyance Security. By good we consider any item, exchanged or delivered via the Vehicles Transport Chain, e.g. various types of vehicles and equipment such as trucks, vans, truck trailers, threshing machines etc. Including threats related to operations aiming to facilitate a terrorist incident including using the mode of transportation as a weapon.
-
TC-5: Other. Under this category fall all other threats targeting the broader Vehicles Transport Chain environment e.g. economical, security, commercial, and political instability.
Note that this categorization is not distinctive and several threat scenarios may partially belong to more than one category.
5 Conclusions
The Vehicles Transport Chain can be considered as a dynamic system in which a set of organizations, people, activities, information and resources are involved aiming at producing and delivering various types of vehicles and equipment such as trucks, vans, truck trailers, threshing machines etc. to the last link of the supply chain (Importer). In this context, this system includes business processes, which begin with the submission of the purchase order to the Industry and extends through the delivery of the vehicles to the Importer through different transport means.
Thus, the analysis of the interdependencies among the entities involved in the Vehicles Transport Chain as presented in Sect. 3 reveals that the processes are classified in two categories. The first one includes the physical operations which involve stevedoring, loading, unloading, storage, transportation and inspection procedures and the information and data flow operations performed through networks, document management systems, databases, portals, etc. (purchase order submission, pre-arrival notifications, customs and docking clearance documentation management, etc.).
Nevertheless, despite the digital and physical interactions among the entities involved in the abovementioned operations in any way, these entities currently handle their security and safety issues and threats independently. In particular, they adopt and follow risk assessment methodologies, methods and techniques that fail to capture and evaluate the whole picture of the maritime supply chain. Actually, they do not support effective and efficient processes that enable, facilitate and promote the identification, assessment and treatment of the spectrum of threats and their various cascading effects that are associated with security incidents occurring from interacting entities, cross-sectoral, cross border interdependencies and massive interconnectivity.
In this context, the paper acknowledges the limitations of existing risk management methodologies in terms of addressing the cascading effects and the complexity of the maritime security ecosystem. Also, it highlights and underlines the need for a targeted risk assessment approach that incorporate well-defined, precise and clear procedures that are able: (a) to identify, document and model the key dependencies of all entities involved in the maritime supply chain. (b) to support an effective algorithm for capturing multi-order dependencies among the supply chain actors (e.g. comprising the supply chain operation). (c) to adopt predictive mechanisms that assess the potential impact of security incidents on the supply chain process, given their various mutual dependencies.
References
ENISA report: Cyber security aspects in the maritime sector. ENISA (2011). http://www.enisa.europa.eu/activities/Resilience-and-CIIP/critical-infrastructure-and-services/dependencies-of-maritime-transport-to-icts
Rinaldi, S.M., Peerenboom, J.P., Kelly, T.K.: Identifying, understanding, and analyzing critical infrastructure interdependencies. Control Syst. IEEE 21(6), 11–25 (2001)
Ouyang, M.: Review on modeling and simulation of interdependent critical Infrastructure systems. Reliab. Eng. Syst. Saf. 121, 43–60 (2014)
Franchina, L., Carbonelli, M., Gratta, L., Crisci, M.: An impact-based approach for the analysis of cascading effects in critical infrastructures. Int. J. Crit. Infrastruct. 7(1), 73–90 (2011)
Utne, I.B., Hokstad, P., Vatn, J.: A method for risk modeling of interdependencies in critical infrastructures. Reliab. Eng. Syst. Safety 96(6), 671–678 (2011)
Kjølle, G.H., Utne, I.B., Gjerde, O.: Risk analysis of critical infrastructures emphasizing electricity supply and interdependencies. Reliab. Eng. Syst. Safety 105, 80–89 (2012)
Franchina, L., Carbonelli, M., Gratta, L., Crisci, M.: An impact-based approach for the analysis of cascading effects in critical infrastructures. Int. J. Crit. Infrastruct. 7(1), 73–90 (2011)
Bernhardt, K.L.S., McNeil, S.: Agent-based modeling: approach for improving infrastructure management. J. Infrastruct. Syst. 14(3), 253–261 (2008)
Rinaldi, S.M.: Modeling and simulating critical infrastructures and their interdependencies. In: Proceedings of the Hawaii international conference on system sciences (HICSS-37), Big Island, Hawaii, pp. 54–61 (2004)
Haimes, Y.Y.: Models for risk management of systems of systems. Int. J. Syst. Syst. Eng. 1(1–2), 222–236 (2008)
Kaegi, M., Mock, R., Krӧger, W.: Analyzing maintenance strategies by agent- based simulations: a feasibility study. Reliab. Eng. Syst. Safety 94, 1416–1421 (2009)
Ehlen, M.A., Scholand, A.J.: Modeling interdependencies between power and economic sectors using the N-ABLE agent based model. In: Proceedings of the IEEE conference on power systems. San Francisco (2005)
Kollikkathara, N., Feng, H., Yu, D.: A system dynamic modelling approach for evaluating municipal solid waste generation, land fill capacity and related cost management issues. Waste Manag. 30, 2194–2203 (2010)
O′Reilly, G.P., Jrad, A., Kelic, A., LeClaire, R.: Telecom critical infrastructure simulations: discrete event simulation vs. dynamic simulate on how do they compare? In: Proceedings of the IEEE global telecommunications conference, Washington, DC, pp. 2597–2601 (2007) http://dx.doi.org/10.1109/GLOCOM.2007.493
Stapelberg, R.F.: Infrastructure systems interdependencies and risk informed decision making (RIDM): impact scenario an alysis of infrastructure risks induced by natural, technological and intentional hazards. J. Syst. Cybern. Inf. 6(5), 21–27 (2008)
Santella, N., Steinberg, L.J., Parks, K.: Decision making for extreme events: modeling critical infrastructure interdependencies to aid mitigation and response planning. Rev. Policy Res. 26(4), 409–422 (2009)
Min, H.J., Beyeler, W., Brown, T., Son, Y.J., Jones, A.T.: Toward modelling and simulation of critical national infrastructure interdependencies. IEEE Trans. 39, 57–71 (2007)
Brown, T.: Multiple modeling approaches and insights for critical infrastructure protection. In: Skanata, D., Byrd, D.M. (eds.) Computational Models of Risks to Infrastructure, NATO Science for Peace and Security Series D: Information and Communication Security, vol. 13, p. 329. IOS Press, Amsterdam
Santos, J.R., Haimes, Y.Y.: Modeling the demand reduction input–output (I–O) inoperability due to terrorism of interconnected infrastructures. Risk Anal. 24(6), 1437–1451 (2004)
Haimes, Y.Y., Horowitz, B.M., Lambert, J.H., Santos, J.R., Lian, C., Crowther, K.G.: Inoperability input–output model for interdependent infrastructure sectors. I: theory and methodology. J. Infrastruct. Syst. 11(2), 67–79 (2005)
Rose, A.: Economic principles, issues, and research priorities in hazard loss estimation. In: Okuyama, Y., Chang, S. (eds.) Modeling Spatial and Economic Impacts of Disasters, pp. 13–36. Springer, New York (2004)
Zhang, P., Peeta, S.: A generalized modelling framework to analyze interdependencies among infrastructure systems. Transp. Res. Part B: Methodol. 45(3), 553–579 (2011)
Zhang, P., Peeta, S.: Dynamic analysis of interdependent infrastructure systems. In: Proceedings of the 90th Annual Meeting of the Transportation Research Board, Washington, DC (CD-ROM) (2011)
Lee, E.E., Mitchell, J.E., Wallace, W.A.: Restoration of services in interdependent infrastructure systems: a network flows approach. IEEE Trans. Syst. Man Cybern. Part C Appl. Rev. 37(6), 1303–1317 (2007)
Svendsen, N.K., Wolthusen, S.D.: Connectivity models of interdependency in mixed-type critical infrastructure networks. Inf. Secur. Tech. Rep. 12(1), 44–55 (2007)
Ouyang, M., Duenas-Osorio, L.: An approach to design interface topologies across interdependent urban infrastructure systems. Reliab. Eng. Syst. Saf. 96(11), 1462–1473 (2011)
Becker, T., Nagel, C., Kolbe, T.H.: Integrated 3D modelling of multi-utility networks and their interdependencies for critical infrastructure analysis. In: Kolbe, T.H., König, G., Nagel, C. (eds.) Advancesin 3D Geo-Information Sciences. Lecture Notes in Geoinformation and Cartography. Springer, Heidelberg (2011). http://dx.doi.org/10.1007/978-3-642-12670-3_1
Bernhardt, K.L.S., McNeil, S.: Agent-based modeling: approach for improving infrastructure management. J. Infrastruct. Syst. 14(3), 253–261 (2008)
Brummitt, C.D., D’Souza, R.M., Leicht, E.A.: Suppressing cascades of load in interdependent networks. In: Proceedings of the National Academy of Sciences, vol. 109, no. 12 (2011)
Eusgeld, I., Nan, C.: Creating a simulation environment for critical infrastructure interdependencies study. In: Proceedings of the IEEE International Conference on Industrial Engineering and Engineering Management (IEEM), pp. 2104–2108 (2009)
Eusgeld, I., Nan, C., Dietz, S.: System-of systems approach for interdependent critical infrastructures. Reliab. Eng. Syst. Saf. 96, 679–686 (2011)
Polemi, D., Ntouskas, T., Georgakakis, E., Douligeris, C., Theoharidou, M., Gritzalis, D.: S-Port: collaborative security management of Port Information systems. In: 2013 Fourth International Conference on Information, Intelligence, Systems and Applications (IISA), vol. 1, no. 6, pp. 10–12 (2013)
Kotzanikolaou, P., Theoharidou, M., Gritzalis, D.: Interdependencies between critical infrastructures: analyzing the risk of cascading effects. In: Bologna, S., Hämmerli, B., Gritzalis, D., Wolthusen, S. (eds.) CRITIS 2011. LNCS, vol. 6983, pp. 104–115. Springer, Heidelberg (2013)
Acknowledgments
The authors are grateful to the E.C. Programme “Prevention, Preparedness and Consequence Management of Terrorism and other Security related Risks for the Period 2007–2013”. for their support in funding the CYSM and MEDUSA projects. The authors also thank all partners of CYSM (Port Institute for Studies and Co-Operation in the Valencian Region – FEPORTS, Singular Logic, Electrical, Electronics and Telecommunication Engineering and Naval Architecture Department (DITEN) - University of Genoa (UNIGE), University of Piraeus Research Centre, Piraeus Port Authority (PPA), Fundacion Valencia Port (VPF)) and Medusa (University of Piraeus Research Centre, Singular Logic, University of Cyprus (UCY), EUROPHAR EEIG, Austrian Institute of Technology) projects for their contributions.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Papastergiou, S., Polemi, N., Papagiannopoulos, I. (2015). Business and Threat Analysis of Ports’ Supply Chain Services. In: Tryfonas, T., Askoxylakis, I. (eds) Human Aspects of Information Security, Privacy, and Trust. HAS 2015. Lecture Notes in Computer Science(), vol 9190. Springer, Cham. https://doi.org/10.1007/978-3-319-20376-8_57
Download citation
DOI: https://doi.org/10.1007/978-3-319-20376-8_57
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-20375-1
Online ISBN: 978-3-319-20376-8
eBook Packages: Computer ScienceComputer Science (R0)