Cyber risk assessment in the maritime transport sector: ships, ports and port systems

<p dir="ltr">Over the past few years, the Maritime Transport Sector (MTS) has undergone rapid digital transformation, reshaping its operational landscape. While this transition offers efficiency and performance benefits, it also introduces unprecedented cyber risks that challenge traditional maritime risk management frameworks. As ships and ports become more interconnected and reliant on information systems, safeguarding these digital environments becomes critical.<br>This thesis argues that effective and coherent cyber risk assessment in the MTS is best achieved through a vulnerability-centric, System-of-Systems Analysis (SoSA) of critical maritime assets. This central hypothesis is grounded in principles from risk governance (Renn, 2008) and socio-technical systems theory (Trist & Emery, 1973), which highlight the importance of integrating technological, organisational, and human factors in risk evaluation. The research further builds on the notion of “cyber-physical convergence” (Shah, 2019) to emphasise the need for sector-specific risk frameworks. The proposed cyber risk assessment approach should be informed by best practices and structured frameworks from both the maritime sector and analogous critical infrastructure domains (e.g. aviation and energy sectors; see ENISA, 2019; IMO, 2021).<br>A mixed-method approach underpins this thesis, combining qualitative case studies, policy review, and expert survey data. The epistemological stance taken is primarily pragmatist, seeking actionable insights that bridge academic analysis with practitioner needs. This allows the research to remain grounded in real-world challenges while contributing to academic theory on maritime cybersecurity.<br>Through its findings, the thesis introduces a holistic cyber risk assessment framework, providing dynamic insights into the vulnerability and resilience of the MTS’s most valuable assets—ships and ports. It aims to inform risk prioritisation, investment planning, and policy development within the sector.</p>