29 November 16

The MITIGATE methodology for risk assessment


The IT infrastructure of the maritime supply chain, and especially ports, is particularly vulnerable, because it is located at the intersection of information flows from many different users and countries, which on account of the continuously increasing digitization of business processes have to offer access and exchange capabilities for digital information. In order to ensure that these processes do not allow malware to shut down operations or allow manipulation of data for illegal purposes, a solution for identifying threats along the maritime supply chain is urgently needed.

The main goal of MITIGATE is the development of a cloudbased platform for the discovery of security gaps in the employed hardware and software. This software is based on a thorough analysis of user requirements, actual real-time threats and potential countermeasures. The open simulation environment enables the participating companies to collaborate on spotting and analyzing risk scenarios. This enables the parties to predict and avoid security risks in the most cost-effective manner.


MITIGATE will comprise simulation models, which will enable the production of timely, accurate, objective, reliable, relevant and high quality evidence, information, indicators and factors. The latter will empower a first-of-a-kind analy- sis and assessment of multi-dimensional risks, which is not possible nowadays.

The risk assessment itself follows a methodology that consists of six components:

In the Boundary Setting, scope and objectives of the supply chain risk assessment are defined. Therefore, single supply chain services with the adjoining processes and business partners have to be described. The Threat Analysis illustrates the overall threat scenario and conducts a first threat assessment by identifying individual cyber threats.

The Vulnerability Analysis describes all relevant kinds of vulnerabilities of the chosen supply chain service and assesses individual as well as cumulative vulnerabilities. Individual and cumulative impact on the defined assets are estimated in the Impact Analysis. A possible diffusion of the impact along the supply chain and through the partnering networks is considered.

The Risk Estimation does the same with a view to the specific assets and shows how possible attacks may influence and cause malfunction of single assets and their possible infection amongst each other.

The Mitigation Strategy ends the analysis of the risk assessment with providing a risk mitigation strategy. This result shall ensure that of all relevant risks in a specific supply chain service is taken appropriate care of to avoid damage to own and partner’s assets and the undisturbed function of the maritime supply chain.

For more info, please visit the web site of MITIGATE

Please download here the MITIGATE project newsletter Protecting Maritime Supply Chain IT Infrastructure

You might be interested in: