Modeling and analyzing cybersecurity risk propagation in ports using fuzzy cognitive maps: System sensitivity to key threat factors

IF 5.4 2区环境科学与生态学 Q1 OCEANOGRAPHY

Ocean & Coastal Management Pub Date : 2025-07-25 DOI:10.1016/j.ocecoaman.2025.107857

Omer Soner

{"title":"Modeling and analyzing cybersecurity risk propagation in ports using fuzzy cognitive maps: System sensitivity to key threat factors","authors":"Omer Soner","doi":"10.1016/j.ocecoaman.2025.107857","DOIUrl":null,"url":null,"abstract":"<div><div>The growing digital complexity of modern port ecosystems has introduced a multidimensional cybersecurity challenge—one that transcends isolated technical vulnerabilities and emerges from the interplay between infrastructure, human behavior, and institutional governance. This study addressed the urgent need for a systems-level approach to port cybersecurity risk analysis by leveraging Fuzzy Cognitive Mapping (FCM) as a structured and transparent modeling technique. Through expert-driven concept modeling and a quantitative analysis of influence dynamics, the FCM framework enabled the identification of high-impact components and the visualization of systemic interdependencies across 19 critical factors grouped into four risk domains. The separate application of scenario configurations and simulation procedures allowed for an in-depth exploration of how specific threats—such as insider activity or legacy system removal—affect the cybersecurity landscape. These analyses revealed that while modernization reduces technical vulnerabilities, it can unintentionally amplify risks rooted in policy gaps, organizational fragmentation, and user behavior. The core contribution of this study lies in its methodological integration of FCM and simulations to produce a scalable, decision-oriented tool for cybersecurity risk governance in ports. Overall, this research advances a practical, systems-oriented framework for identifying, understanding, and mitigating cyber risk in maritime infrastructure, enabling more strategic and resilient cybersecurity planning.</div></div>","PeriodicalId":54698,"journal":{"name":"Ocean & Coastal Management","volume":"270 ","pages":"Article 107857"},"PeriodicalIF":5.4000,"publicationDate":"2025-07-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Ocean & Coastal Management","FirstCategoryId":"93","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0964569125003199","RegionNum":2,"RegionCategory":"环境科学与生态学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"OCEANOGRAPHY","Score":null,"Total":0}

引用次数: 0

Abstract

The growing digital complexity of modern port ecosystems has introduced a multidimensional cybersecurity challenge—one that transcends isolated technical vulnerabilities and emerges from the interplay between infrastructure, human behavior, and institutional governance. This study addressed the urgent need for a systems-level approach to port cybersecurity risk analysis by leveraging Fuzzy Cognitive Mapping (FCM) as a structured and transparent modeling technique. Through expert-driven concept modeling and a quantitative analysis of influence dynamics, the FCM framework enabled the identification of high-impact components and the visualization of systemic interdependencies across 19 critical factors grouped into four risk domains. The separate application of scenario configurations and simulation procedures allowed for an in-depth exploration of how specific threats—such as insider activity or legacy system removal—affect the cybersecurity landscape. These analyses revealed that while modernization reduces technical vulnerabilities, it can unintentionally amplify risks rooted in policy gaps, organizational fragmentation, and user behavior. The core contribution of this study lies in its methodological integration of FCM and simulations to produce a scalable, decision-oriented tool for cybersecurity risk governance in ports. Overall, this research advances a practical, systems-oriented framework for identifying, understanding, and mitigating cyber risk in maritime infrastructure, enabling more strategic and resilient cybersecurity planning.

查看原文本刊更多论文

使用模糊认知图建模和分析港口网络安全风险传播：系统对关键威胁因素的敏感性

现代港口生态系统日益增长的数字复杂性带来了多维度的网络安全挑战，这一挑战超越了孤立的技术漏洞，并从基础设施、人类行为和机构治理之间的相互作用中浮现出来。本研究通过利用模糊认知映射（FCM）作为一种结构化和透明的建模技术，解决了港口网络安全风险分析的系统级方法的迫切需求。通过专家驱动的概念建模和影响动态的定量分析，FCM框架能够识别高影响成分，并可视化分为四个风险域的19个关键因素之间的系统相互依赖性。场景配置和模拟过程的单独应用允许深入探索特定威胁（如内部活动或遗留系统移除）如何影响网络安全环境。这些分析表明，虽然现代化减少了技术漏洞，但它可能无意中放大了植根于政策差距、组织分裂和用户行为的风险。本研究的核心贡献在于其将FCM和模拟的方法集成，为港口网络安全风险治理提供了可扩展的、面向决策的工具。总体而言，本研究提出了一个实用的、面向系统的框架，用于识别、理解和减轻海上基础设施中的网络风险，从而实现更具战略性和弹性的网络安全规划。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Ocean & Coastal Management 环境科学-海洋学

CiteScore

8.50

自引率

15.20%

发文量

321

审稿时长

60 days

期刊介绍： Ocean & Coastal Management is the leading international journal dedicated to the study of all aspects of ocean and coastal management from the global to local levels. We publish rigorously peer-reviewed manuscripts from all disciplines, and inter-/trans-disciplinary and co-designed research, but all submissions must make clear the relevance to management and/or governance issues relevant to the sustainable development and conservation of oceans and coasts. Comparative studies (from sub-national to trans-national cases, and other management / policy arenas) are encouraged, as are studies that critically assess current management practices and governance approaches. Submissions involving robust analysis, development of theory, and improvement of management practice are especially welcome.