Marine ports are critical elements of the global supply chain and maritime transportation sector, facilitating the transportation of goods, energy, and information across the globe. Ports as part of the critical infrastructure sector, experience rapid transformation driven by digitalization, sustainability requirements and the need for the reduction of carbon emissions and environmental impact. This has led to the intensified exposure of ports to multiple and diverse cyber threats stemming from the vulnerabilities and the wider attack surface created through the integration of operational technologies (OT) with information technologies (IT) and the development of more efficient but complex cyber- physical systems. Ports now face a growing threat landscape where cyber attacks can disrupt both digital systems and infrastructure as well as physical operations, leading to cascading effects on international trade and economic stability. This article explores the imperative of strengthening port resilience through comprehensive cyber physical security assessment. It presents a case study of a cyber attack on a cold iron plant—a facility that supplies shore-side electrical power to docked ships—highlighting how a targeted breach led to operational paralysis and safety hazards. Using bow tie analysis, the study maps the causal pathways from threat sources to consequences, identifying critical barriers and recovery measures. This method provides a structured framework for visualizing risk scenarios and enhancing decision-making in security planning. By examining the intersection of digitalization and physical infrastructure in marine ports, the article underscores the need for proactive security strategies that bridge cyber and physical domains. It advocates for the adoption of integrated assessment models that not only detect vulnerabilities but also quantify potential impacts and guide mitigation efforts. Ultimately, enhancing port resilience requires a paradigm shift—from reactive cybersecurity to holistic cyber physical security governance—ensuring that ports remain robust, adaptive, and secure in the face of increasingly sophisticated cyber threats. 

Ports; OT; IT; Resilience; Cyber physical security assessment; Cold iron plant; Bow Tie Analysis

Progoulakis, Iosif, Nikitas Nikitakos, Dimitrios Dalaklis, Andreas Christodoulou, Andreas Dalaklis, and Razali Yaacob. “Digitalization and Cyber Physical Security Aspects in Maritime Transportation and Port Infrastructure.” In Smart Ports and Robotic Systems, edited by T. M. Johansson, D. Dalaklis, J. E. Fernández, A. Pastra, and M. Lennan, 229–248. Studies in National Governance and Emerging Technologies. Cham: Palgrave Macmillan, 2023. https://doi.org/10.1007/978-3-031-25296-9_12

Tijan, Edvard, Maja Jović, Siniša Aksentijević, and Andreja Pucihar. “Digital Transformation in the Maritime Transport Sector.” Technological Forecasting and Social Change 170 (2021): 120879.

Papageorgiou, Michael. “Digital Transformation in the Shipping Industry Is Here.” NAFS: Bimonthly Review for the Shipping Industry, 2020.

France Cyber Maritime. ADMIRAL Dataset: Detailed Maritime Cybersecurity Statistics for Port, accessed November 25, 2025. https://www.m-cert.fr/admiral/Port.html

Clavijo Mesa, María V., Carlos E. Patino-Rodriguez, and Freddy J. Guevara Carazas. “Cybersecurity at Sea: A Literature Review of Cyber-Attack Impacts and Defenses in Maritime Supply Chains.” Information 15, no. 11 (2024): 710. https://doi.org/10.3390/info15110710

European Union Agency for Cybersecurity (ENISA). Port Cybersecurity – Good Practices for Cybersecurity in the Maritime Sector. Athens: ENISA, 2019. https://www.enisa.europa.eu/publications/port-cybersecurity-good-practices-for-cybersecurity-in-the-maritime-sector

European Union Agency for Cybersecurity (ENISA). Guidelines – Cyber Risk Management for Ports. Athens: ENISA, 2020. https://www.enisa.europa.eu/publications/guidelines-cyber-risk-management-for-ports

Argyriou, Ioannis, and Theocharis Tsoutsos. "Assessing Critical Entities: Risk Management for IoT Devices in Ports." Journal of Marine Science and Engineering 12, no. 9 (2024): 1593. https://doi.org/10.3390/jmse12091593

Häyhtiö, Markus, and Klaus Zaerens. "A Comprehensive Assessment Model for Critical Infrastructure Protection." Management and Production Engineering Review 8, no. 4 (2017): 42–53. https://doi.org/10.1515/mper-2017-0035

Alidoosti, Ali, Morteza Yazdani, Mohammad Majid Fouladgar, and Mohammad Hossein Basiri. "Risk Assessment of Critical Asset Using Fuzzy Inference System." Risk Management 14 (2012): 77–91. https://doi.org/10.1057/rm.2011.19

Lewis, Ted G., Thomas J. Mackin, and Rudy Darken. "Critical Infrastructure as Complex Emergent Systems." International Journal of Cyber Warfare and Terrorism 1, no. 1 (2011): 1–12. https://hdl.handle.net/10945/45469

Taquelchel, Eric F., and Ted G. Lewis. "A Right-Brained Approach to Critical Infrastructure Protection Theory in Support of Strategy and Education: Deterrence, Networks, Resilience, and 'Antifragility'." Homeland Security Affairs 13 (2017): 50–83. https://www.hsaj.org/articles/14087

Ivanc, Blaž, and Tomaž Klobučar. "Attack Modeling in the Critical Infrastructure/Modeliranje napadov v kriticni infrastrukturi." Elektrotehniški Vestnik 81, no. 5 (2014): 285–292.

Alderson, David L., Gerald G. Brown, W. Matthew Carlyle, and R. Kevin Wood. Solving Defender-Attacker-Defender Models for Infrastructure Defense. Monterey, CA: Naval Postgraduate School, Department of Operations Research, 2011.

Ouyang, Min. "Critical Location Identification and Vulnerability Analysis of Interdependent Infrastructure Systems under Spatially Localized Attacks." Reliability Engineering & System Safety 154 (2016): 106–116. https://doi.org/10.1016/j.ress.2016.05.007

Augutis, Juozas, Benas Jokšas, Riĉardas Krikštolaitis, and Rolandas Urbonas. "The Assessment Technology of Energy Critical Infrastructure." Applied Energy 162 (2016): 1494–1504. https://doi.org/10.1016/j.apenergy.2015.02.065

Taquelchel, Eric F., and Ted G. Lewis. "How to Quantify Deterrence and Reduce Critical Infrastructure Risk." Homeland Security Affairs 8 (2012): 1–28. https://www.hsaj.org/articles/226

Karantjias, Athanasios, Nineta Polemi, and Spyridon Papastergiou. "Advanced Security Management System for Critical Infrastructures." In Proceedings of the IISA 2014, 291–297. Chania, Greece, July 7–9, 2014.

Valencia, Vhance V., and Alfred E. Thal Jr. "Applying the Model-Based Vulnerability Assessment Technique to Interdependent Infrastructures." In Proceedings of the IIE Annual Conference, Orlando, Florida, USA, May 19–23, 2012.

Wu, Baichao, Aiping Tang, and Jie Wu. "Modeling Cascading Failures in Interdependent Infrastructures under Terrorist Attacks." Reliability Engineering & System Safety 147 (2016): 1–8. https://doi.org/10.1016/j.ress.2015.10.017

Oruc, A., G. Kavallieratos, V. Gkioulos, and S. Katsikas. "Cyber Risk Assessment for SHips (CRASH)." International Journal on Marine Navigation and Safety of Sea Transportation 18, no. 1 (2023): 115–124. https://doi.org/10.12716/1001.18.01.10

Bolbot, Victor, Gerasimos Theotokatos, Evangelos Boulougouris, and Dracos Vassalos. "A Novel Cyber-Risk Assessment Method for Ship Systems." Safety Science 131 (2020): 104908. https://doi.org/10.1016/j.ssci.2020.104908

Tatar, Unal, Bilge Karabacak, Omer F. Keskin, and Dominick P. Foti. "Charting New Waters with CRAMMTS: A Survey-Driven Cybersecurity Risk Analysis Method for Maritime Stakeholders." Computers & Security 145 (2024): 104015. https://doi.org/10.1016/j.cose.2024.104015

Kapalidis, Chronis, Stavros Karamperidis, Tim Watson, and Georgios Koligiannis. "A Vulnerability Centric System of Systems Analysis on the Maritime Transportation Sector Most Valuable Assets: Recommendations for Port Facilities and Ships." Journal of Marine Science and Engineering 10, no. 10 (2022): 1486. https://doi.org/10.3390/jmse10101486

van Staalduinen, Mark Adrian, Faisal Khan, and Veeresh Gadag. "SVAPP Methodology: A Predictive Security Vulnerability Assessment Modeling Method." Journal of Loss Prevention in the Process Industries 43 (2016): 397–413. https://doi.org/10.1016/j.jlp.2016.06.017

Marszal, Edward M., and James McGlone. Security PHA Review for Consequence-Based Cybersecurity. Research Triangle Park, NC: International Society of Automation (ISA), 2019.

Ginter, Andrew. Engineering-Grade OT Security: A Manager’s Guide. Calgary, AB: Abterra Technologies Inc., 2023.

Baybutt, Paul. "Cyber Security Risk Analysis for Process Control Systems Using Rings of Protection Analysis (ROPA)." Process Safety Progress 23, no. 4 (2004): 284–291.

American Institute of Chemical Engineers. Center for Chemical Process Safety. Bow Ties in Risk Management: A Concept Book for Process Safety. Hoboken, NJ: John Wiley & Sons, Inc., 2018.

Progoulakis, Iosif, Nikitas Nikitakos, Dimitrios Dalaklis, and Razali Yaacob. "Cyber-Physical Security for Ports Infrastructure." Paper presented at the International Maritime and Logistics Conference “Marlog 11,” Alexandria, Egypt, March 20–22, 2022. Malmö: World Maritime University, 2022. https://commons.wmu.se/lib_papers/10/

Nganga, Allan, Joel Scanlan, Margareta Lützhöft, and Steven Mallam. "Enabling Cyber Resilient Shipping through Maritime Security Operation Center Adoption: A Human Factors Perspective." Applied Ergonomics 119 (2024): 104312. https://doi.org/10.1016/j.apergo.2024.104312