Using a Proposed Risk Computation Procedure and Bow-Tie Diagram as a Method for Maritime Security Assessment

Abstract

Terrorism, piracy, robbery, and cyber-threats on ships and at port facilities, as well as smuggling and drug trafficking through cargo and containers, are some of the international security problems for which national maritime security services must provide solutions. Cyber-attack is considered particularly important as it can be combined with all the other security vulnerabilities in the shipping industry. There is no extensive and in-depth literature for the risk acceptance criteria concerning maritime security. Basic information is drawn from other areas, such as civil aviation. It is necessary to standardize these criteria, as is the case with formal safety assessment, where practitioners know how to gather information, to make comparisons with previous experience, and to make decisions that are often based on experience from the past. The aim of the present study is to address the issue of maritime security through the development of a method applicable to the maritime industry that evaluates and manages maritime security-related risks. Security cost-benefit analysis and decision-making procedures will be required in the future. The proposed method uses the bow-tie diagram tool for the estimation of risk. A risk computation procedure is described after the application of a set of prevention barriers, which is based mainly on the accuracy of the definition of the probability and the contribution of each threat, as well as the accuracy of estimation of the effectiveness value of each prevention barrier for the same threat as defined by the user. Similarly, the risk computation for each consequence, after the application of a set of mitigation barriers, is based mainly on the accuracy of the definition of the risk value of each consequence as well as on the accuracy of the estimation of the effectiveness value of each mitigation barrier for the same consequence as defined by the user. The results of the risk computation appear in the bow-tie diagram providing a colored scheme of the risk values obtained for the top event and consequences after the introduction of the necessary prevention and mitigation barriers.Terrorism, piracy, robbery, cyber-threats, smuggling and drug trafficking etc., are some of the international security problems due to which the national maritime security services must provide solutions. There is no extensive literature for the risk acceptance criteria concerning maritime security and basic information is drawn from other areas. The aim of the proposed study is to develop a method applicable to the maritime industry that evaluates and manages maritime security related risks in a case of cyber-security. Security Cost-Benefit Analysis and Decision Making procedure will be required in the future. The proposed method uses the Bow-Tie diagram tool for the estimation of the risk. A risk computation procedure is described after the application of prevention barriers, which is based mainly on the accuracy of the definition of the Probability Pi and the Contribution Ci of each Threat ( i) as well as on the accuracy of the estimation of the Effectiveness value Eij, of each Prevention Barrier ( j) for the same defined Threat ( i), by the user. Similarly, the risk computation for each consequence, after the application of mitigation barriers, is based mainly on the accuracy of the definition of the Risk Value RVi of each Consequence ( i) as well as on the accuracy of the estimation of the Effectiveness value Eij, of each Mitigation Barrier ( j) for the same defined Consequence ( i), by the user. The results of the risk computation appear in the Bow-Tie diagram providing a coloured scheme of the obtained risk values for top event and consequences.