{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,7]],"date-time":"2026-04-07T19:19:30Z","timestamp":1775589570029,"version":"3.50.1"},"reference-count":29,"publisher":"Frontiers Media SA","license":[{"start":{"date-parts":[[2023,6,27]],"date-time":"2023-06-27T00:00:00Z","timestamp":1687824000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":["frontiersin.org"],"crossmark-restriction":true},"short-container-title":["Front. Comput. Sci."],"abstract":"<jats:p>This paper argues that small and medium sized ports (SMPs) are as important as larger ones in terms of supply chain service (SCS) management and security, as they can become the weakest links for national and European Union (EU) resilience and security. It focuses on explaining key concepts about SMPs, their characteristics (e.g., size, operational field, infrastructure), potential threats (e.g., interception of sensitive information, illegal access, terrorism) and attacks (cyber, cyber-physical), as well as basic security concepts (e.g., attack path, attack vector, risk). Three SCS attack scenarios for SMPs are described based on different types of threats, which could cause catastrophic impacts, even paralyzing an SMP propagated in its SCS. Finally, a risk management methodology for SCSs that can be used by SMPs, named CYSMET, is presented considering their capabilities, needs and constraints.<\/jats:p>","DOI":"10.3389\/fcomp.2023.1156726","type":"journal-article","created":{"date-parts":[[2023,6,27]],"date-time":"2023-06-27T07:04:45Z","timestamp":1687849485000},"update-policy":"https:\/\/doi.org\/10.3389\/crossmark-policy","source":"Crossref","is-referenced-by-count":2,"title":["Securing small and medium ports and their supply chain services"],"prefix":"10.3389","volume":"5","author":[{"given":"Pinelopi","family":"Kyranoudi","sequence":"first","affiliation":[]},{"given":"Nineta","family":"Polemi","sequence":"additional","affiliation":[]}],"member":"1965","published-online":{"date-parts":[[2023,6,27]]},"reference":[{"key":"B1","unstructured":"EBIOS Risk Manager \u2013 The Method2019"},{"key":"B2","doi-asserted-by":"publisher","first-page":"764","DOI":"10.3390\/jcp2040039","article-title":"Detection of SQL injection attack using machine learning techniques: a systematic literature review","volume":"2","author":"Alghawazi","year":"2022","journal-title":"J. Cybersecur. Privacy"},{"key":"B3","unstructured":"Glossary"},{"key":"B4","unstructured":"European Port Governance Report of an Enquiry into the Current Governance of European Seaports. The ESPO Fact-Finding Report2010"},{"key":"B5","unstructured":"Cyber Security Aspects in the Maritime Sector2011"},{"key":"B6","unstructured":"Port Cybersecurity \u2013 Good Practices for Cybersecurity in the Maritime Sector2019"},{"key":"B7","unstructured":"Guidelines \u2013 Cyber Risk Management for Ports2020"},{"key":"B8","unstructured":"ENISA Threat Landscape 20222022"},{"key":"B9","doi-asserted-by":"crossref","unstructured":"Common Vulnerability Scoring System v3.1: User Guide2019","DOI":"10.1109\/CANDAR.2018.00009"},{"key":"B10","volume-title":"Research for REGI Committee \u2013 Islands of the European Union: State of Play and Future Challenges","author":"Haase","year":"2021"},{"key":"B11","unstructured":"International Ship and Port Facility Security Code (ISPS Code)2004"},{"key":"B12","unstructured":"International Maritime Dangerous Goods (IMDG) Code \u2013 Corrigenda2022"},{"key":"B13","unstructured":"ISO 28001:2007 Security Management Systems for the Supply Chain \u2013 Best Practices for Implementing Supply Chain Security, Assessments and Plans Requirements and Guidance2007"},{"key":"B14","unstructured":"ISO\/IEC 27032:2012 Information Technology \u2013 Security Techniques Guidelines for Cybersecurity2012"},{"key":"B15","unstructured":"ISO\/IEC 27005:2018 Information Technology \u2013 Security Techniques \u2013 Information Security Risk Management2018"},{"key":"B16","unstructured":"ISO\/IEC 27001 and Related Standards - Information Security Management"},{"key":"B17","unstructured":"ISO\/IEC 27001:2022 Information Security, Cybersecurity and Privacy Protection \u2013 Information Security Management Systems \u2013 Requirements2022"},{"key":"B18","unstructured":"ISO\/IEC 27002:2022 Information Security, Cybersecurity and Privacy Protection \u2014 Information Security Controls2022"},{"key":"B19","unstructured":"ISO\/IEC 27000:2018 Information Technology \u2013 Security Techniques \u2013 Information Security Management Systems \u2013 Overview and Vocabulary2018"},{"key":"B20","unstructured":"A cluster initiative: Small and Medium Sized Ports as Hubs for Smart Growth and Sustainable Connectivity. 2 Seas Magazine2014"},{"key":"B21","doi-asserted-by":"crossref","first-page":"905","DOI":"10.1016\/B978-0-12-394397-2.00053-2","article-title":"\u201cRisk management,\u201d","volume-title":"Computer and Information Security Handbook","author":"Katsikas","year":"2013"},{"key":"B22","first-page":"1","article-title":"\u201cCybersecurity certification requirements for supply chain services,\u201d","volume-title":"IEEE Symposium on Computers and Communications (ISCC)","author":"Kyranoudi","year":"2021"},{"key":"B23","unstructured":"2022"},{"key":"B24","first-page":"219","article-title":"\u201cCYSM: an innovative physical\/cyber security management system for ports,\u201d","volume-title":"Human Aspects of Information Security, Privacy, and Trust. HAS 2015. Lecture Notes in Computer Science","author":"Papastergiou","year":"2015"},{"key":"B25","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1504\/ijcis.2018.090647","article-title":"Design and validation of the Medusa supply chain risk assessment methodology and system","volume":"14","author":"Papastergiou","year":"2018","journal-title":"Int. J. Crit. Infrastruct."},{"key":"B26","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/s12198-018-0195-z","article-title":"MITIGATE: a dynamic supply chain cyber risk assessment methodology","volume":"12","author":"Schauer","year":"2019","journal-title":"J. Transp. Secur"},{"key":"B27","unstructured":"Good Practice Guide \u2013 Cyber Security for Ports and Port Systems2020"},{"key":"B28","unstructured":"Threat Modeling2023"},{"key":"B29","unstructured":"Port Security: A National Planning Guide1997"}],"container-title":["Frontiers in Computer Science"],"original-title":[],"link":[{"URL":"https:\/\/www.frontiersin.org\/articles\/10.3389\/fcomp.2023.1156726\/full","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,10,23]],"date-time":"2024-10-23T03:49:08Z","timestamp":1729655348000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.frontiersin.org\/articles\/10.3389\/fcomp.2023.1156726\/full"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,6,27]]},"references-count":29,"alternative-id":["10.3389\/fcomp.2023.1156726"],"URL":"https:\/\/doi.org\/10.3389\/fcomp.2023.1156726","relation":{},"ISSN":["2624-9898"],"issn-type":[{"value":"2624-9898","type":"electronic"}],"subject":[],"published":{"date-parts":[[2023,6,27]]},"article-number":"1156726"}}