Cyber risk communication during vessel incident management: A case study

IF 5.4 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security Pub Date : 2025-07-18 DOI:10.1016/j.cose.2025.104607

Allan Nganga , Joel Scanlan , Margareta Lützhöft , Steven Mallam

{"title":"Cyber risk communication during vessel incident management: A case study","authors":"Allan Nganga , Joel Scanlan , Margareta Lützhöft , Steven Mallam","doi":"10.1016/j.cose.2025.104607","DOIUrl":null,"url":null,"abstract":"<div><div>The maritime cyber risk management guidelines developed by the International Maritime Organisation (IMO) highlight communication as a key aspect of the risk management process. This research sought to build upon previous studies highlighting incident communication as a critical part of the ship-to-SOC cyber incident management process. This research adopted a single case study-mixed methods design (CS-MM) featuring a primary case study that includes a nested mixed methods approach. The site for the case study was an M-SOC. The first phase of the case study involved interviews with 5 M-SOC personnel. For the second phase, an exploratory sequential design was applied. The quantitative data collection involved a survey with 10 vessel Information Technology (IT) and Operational Technology (OT) professionals, with 3 follow-up interviews conducted for the qualitative data collection stage. Our findings highlighted how a cyber incident dashboard and alert report complement each other in creating a shared recognised cyber picture (sRCP) between all the vessel incident management stakeholders. The sRCP, therefore, becomes the actionable element of the communication. The case study also sheds light on practical design considerations for enhancing the cyber situation awareness (CSA) of vessel cyber incident dashboards. Specifically, survey results revealed that highlighting the cyber risk of non-response to a security warning was the highest-ranked contextual information. Additionally, detection of potentially suspicious activity emerged as the risk finding that vessel IT teams highlighted as having the highest notification priority. Finally, the top alert grouping approaches were by warning type and by priority.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"157 ","pages":"Article 104607"},"PeriodicalIF":5.4000,"publicationDate":"2025-07-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computers & Security","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0167404825002962","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

The maritime cyber risk management guidelines developed by the International Maritime Organisation (IMO) highlight communication as a key aspect of the risk management process. This research sought to build upon previous studies highlighting incident communication as a critical part of the ship-to-SOC cyber incident management process. This research adopted a single case study-mixed methods design (CS-MM) featuring a primary case study that includes a nested mixed methods approach. The site for the case study was an M-SOC. The first phase of the case study involved interviews with 5 M-SOC personnel. For the second phase, an exploratory sequential design was applied. The quantitative data collection involved a survey with 10 vessel Information Technology (IT) and Operational Technology (OT) professionals, with 3 follow-up interviews conducted for the qualitative data collection stage. Our findings highlighted how a cyber incident dashboard and alert report complement each other in creating a shared recognised cyber picture (sRCP) between all the vessel incident management stakeholders. The sRCP, therefore, becomes the actionable element of the communication. The case study also sheds light on practical design considerations for enhancing the cyber situation awareness (CSA) of vessel cyber incident dashboards. Specifically, survey results revealed that highlighting the cyber risk of non-response to a security warning was the highest-ranked contextual information. Additionally, detection of potentially suspicious activity emerged as the risk finding that vessel IT teams highlighted as having the highest notification priority. Finally, the top alert grouping approaches were by warning type and by priority.

查看原文本刊更多论文

船舶事故管理中的网络风险沟通：案例研究

国际海事组织（IMO）制定的海上网络风险管理指南强调，沟通是风险管理过程的一个关键方面。本研究试图建立在先前研究的基础上，强调事件通信是船舶到soc网络事件管理过程的关键部分。本研究采用单一案例研究-混合方法设计（CS-MM），主要案例研究包括嵌套混合方法方法。案例研究的地点是M-SOC。案例研究的第一阶段包括对5名M-SOC人员的采访。第二阶段，采用探索性顺序设计。定量数据收集包括对10名船舶信息技术（IT）和操作技术（OT）专业人员的调查，并在定性数据收集阶段进行了3次后续访谈。我们的研究结果强调了网络事件仪表板和警报报告如何在所有船舶事件管理利益相关者之间创建共享的可识别网络图片（sRCP）方面相互补充。因此，sRCP成为通信的可操作元素。该案例研究还揭示了增强船舶网络事件仪表板的网络态势感知（CSA）的实际设计考虑因素。具体而言，调查结果显示，强调不响应安全警告的网络风险是排名最高的上下文信息。此外，检测潜在的可疑活动成为风险发现，船舶IT团队强调具有最高的通知优先级。最后，根据预警类型和优先级进行预警分组。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Computers & Security 工程技术-计算机：信息系统

CiteScore

12.40

自引率

7.10%

发文量

365

审稿时长

10.7 months

期刊介绍： Computers & Security is the most respected technical journal in the IT security field. With its high-profile editorial board and informative regular features and columns, the journal is essential reading for IT security professionals around the world. Computers & Security provides you with a unique blend of leading edge research and sound practical management advice. It is aimed at the professional involved with computer security, audit, control and data integrity in all sectors - industry, commerce and academia. Recognized worldwide as THE primary source of reference for applied research and technical expertise it is your first step to fully secure systems.