Towards a Secure and Reliable IT-Ecosystem in Seaports

TL;DR

This paper analyzes security requirements in digitalized seaport workflows, decomposes them for individual actors, and proposes mechanisms to ensure overall system security and reliability.

Contribution

It introduces a systematic approach to decompose global security requirements into actor-specific obligations and presents mechanisms to secure complex port workflows.

Findings

Decomposition of security requirements enhances workflow security.

Proposed mechanisms improve trust and integrity in port operations.

Framework supports reliable and secure digital port ecosystems.

Abstract

Digitalization in seaports dovetails the IT infrastructure of various actors (e.g., shipping companies, terminals, customs, port authorities) to process complex workflows for shipping containers. The security of these workflows relies not only on the security of each individual actor but actors must also provide additional guarantees to other actors like, for instance, respecting obligations related to received data or checking the integrity of workflows observed so far. This paper analyses global security requirements (e.g., accountability, confidentiality) of the workflows and decomposes them - according to the way workflow data is stored and distributed - into requirements and obligations for the individual actors. Security mechanisms are presented to satisfy the resulting requirements, which together with the guarantees of all individual actors will guarantee the security of the overall workflow.