Maritime decision-makers and cyber security: deck officers’ perception of cyber risks towards IT and OT systems

IF 2.4 4区计算机科学 Q3 COMPUTER SCIENCE, INFORMATION SYSTEMS

International Journal of Information Security Pub Date : 2024-02-02 DOI:10.1007/s10207-023-00810-y

{"title":"Maritime decision-makers and cyber security: deck officers’ perception of cyber risks towards IT and OT systems","authors":"","doi":"10.1007/s10207-023-00810-y","DOIUrl":null,"url":null,"abstract":"<h3>Abstract</h3> <p>Through a quantitative study of deck officers’ cyber risk perceptions towards information (IT) and operational (OT) systems, this paper contributes to substantiate the importance of considering human behaviour within maritime cyber security. Using survey data from 293 deck officers working on offshore vessels, statistical analyses were conducted to measure and predict the participants cyber risk perceptions towards IT and OT systems. Performing a Wilcoxon signed-rank test revealed a significant discrepancy in the levels of cyber risk perception between the system categories. Hierarchical regression analyses were conducted to develop statistical models, considering multiple independent variables, including perceived benefit, cyber security training, experience with cyber-attacks, and trust towards various stakeholders. Key findings revealed distinct results for IT and OT systems, and the regression models varied in both predictive power and significance of the independent variables. Perceived benefit positively predicts deck officers cyber risk perception for both IT and OT systems, while trust, which included measures of social trust and confidence, was not found to be significant. Cyber security training and experience with cyber-attacks only influence deck officers’ perception of cyber risks related to operational technology. Practical implications of this work provide actionable recommendations for the maritime industry, including tailored risk communication tools, training programs, reporting systems, and holistic policies.</p>","PeriodicalId":50316,"journal":{"name":"International Journal of Information Security","volume":"17 1","pages":""},"PeriodicalIF":2.4000,"publicationDate":"2024-02-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Journal of Information Security","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1007/s10207-023-00810-y","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

Through a quantitative study of deck officers’ cyber risk perceptions towards information (IT) and operational (OT) systems, this paper contributes to substantiate the importance of considering human behaviour within maritime cyber security. Using survey data from 293 deck officers working on offshore vessels, statistical analyses were conducted to measure and predict the participants cyber risk perceptions towards IT and OT systems. Performing a Wilcoxon signed-rank test revealed a significant discrepancy in the levels of cyber risk perception between the system categories. Hierarchical regression analyses were conducted to develop statistical models, considering multiple independent variables, including perceived benefit, cyber security training, experience with cyber-attacks, and trust towards various stakeholders. Key findings revealed distinct results for IT and OT systems, and the regression models varied in both predictive power and significance of the independent variables. Perceived benefit positively predicts deck officers cyber risk perception for both IT and OT systems, while trust, which included measures of social trust and confidence, was not found to be significant. Cyber security training and experience with cyber-attacks only influence deck officers’ perception of cyber risks related to operational technology. Practical implications of this work provide actionable recommendations for the maritime industry, including tailored risk communication tools, training programs, reporting systems, and holistic policies.

查看原文本刊更多论文

海事决策者与网络安全：甲板军官对 IT 和 OT 系统网络风险的看法

摘要本文通过对甲板人员对信息（IT）和操作（OT）系统的网络风险认知进行定量研究，证明了在海事网络安全中考虑人类行为的重要性。利用对 293 名在近海船舶上工作的甲板军官的调查数据，进行了统计分析，以衡量和预测参与者对 IT 和 OT 系统的网络风险认知。Wilcoxon 符号秩检验显示，系统类别之间的网络风险认知水平存在显著差异。考虑到多个自变量，包括感知收益、网络安全培训、网络攻击经验和对各利益相关者的信任，进行了层次回归分析，以建立统计模型。主要研究结果显示，IT 和 OT 系统的结果截然不同，回归模型对自变量的预测能力和显著性也各不相同。对 IT 和 OT 系统而言，"感知到的利益 "对甲板干事的网络风险感知有积极的预测作用，而包括社会信任和信心测量在内的 "信任 "则没有显著性。网络安全培训和网络攻击经验只影响甲板军官对操作技术相关网络风险的感知。这项工作的实际意义为海运业提供了可操作的建议，包括量身定制的风险交流工具、培训计划、报告系统和整体政策。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

International Journal of Information Security 工程技术-计算机：理论方法

CiteScore

6.30

自引率

3.10%

发文量

审稿时长

12 months

期刊介绍： The International Journal of Information Security is an English language periodical on research in information security which offers prompt publication of important technical work, whether theoretical, applicable, or related to implementation. Coverage includes system security: intrusion detection, secure end systems, secure operating systems, database security, security infrastructures, security evaluation; network security: Internet security, firewalls, mobile security, security agents, protocols, anti-virus and anti-hacker measures; content protection: watermarking, software protection, tamper resistant software; applications: electronic commerce, government, health, telecommunications, mobility.