Modeling and Analyzing Cybersecurity Risk Propagation in Ports Using Fuzzy Cognitive Maps: System Sensitivity to Key Threat Factors

Abstract

The growing digital complexity of modern port ecosystems has introduced a multidimensional cybersecurity challenge-one that transcends isolated technical vulnerabilities and emerges from the interplay between infrastructure, human behavior, and institutional governance. This study addressed the urgent need for a systems-level approach to port cybersecurity risk analysis by leveraging Fuzzy Cognitive Mapping (FCM) as a structured and transparent modeling technique. Through expert-driven concept modeling and a quantitative analysis of influence dynamics, the FCM framework enabled the identification of high-impact components and the visualization of systemic interdependencies across 19 critical factors grouped into four risk domains. The separate application of scenario configurations and simulation procedures allowed for an in-depth exploration of how specific threats-such as insider activity or legacy system removal-affect the cybersecurity landscape. These analyses revealed that while modernization reduces technical vulnerabilities, it can unintentionally amplify risks rooted in policy gaps, organizational fragmentation, and user behavior. The core contribution of this study lies in its methodological integration of FCM and simulations to produce a scalable, decision-oriented tool for cybersecurity risk governance in ports. Overall, this research advances a practical, systems-oriented framework for identifying, understanding, and mitigating cyber risk in maritime infrastructure, enabling more strategic and resilient cybersecurity planning.