...
Vulnerability | Threat-source | Threat Action | Category of Harm | Likelihood of Harm | Impact of Harm |
|---|---|---|---|---|---|
Impersonation in e-logbook transactions | Disgruntled industry employee | Impersonation using stolen identity credentials | Inconvenience, distress or damage to standing or reputation | Moderate: an employee might have the means, motive, and opportunity, but risk exposure is not significantly different in electronic transactions than it is in paper transactions | Low: impersonated parties would be likely to notice and when detected, the impact could be effectively mitigated |
" | " | " | Unauthorized release of sensitive information | Low: the employee with the means and opportunity already has access to sensitive information and is unlikely to find anything more interesting in e-logbook data | Low: the impact would be limited to the party whose identity has been stolen |
Impersonation in e-logbook transactions | Competitor | Impersonation using stolen identity credentials | Inconvenience, distress or damage to standing or reputation | Low: a competitor might have a motive, but an electronic system makes them less likely to have means or opportunity. Risk exposure is reduced significantly in electronic transactions versus paper transactions. | Low: impersonated parties would be likely to notice during dockside interview process and subsequent data review, and when detected, the impact could be effectively mitigated |
" | " | " | Unauthorized release of sensitive information | Low: risk of release of sensitive information is not significantly different than with a paper logbook | Low: the impact would be limited to the party whose physical media has been stolen |
Repudiation to escape accountability | Customer (fisher) | Signer claims "I didn't sign that" | Inconvenience, distress or damage to standing or reputation | Low: in most cases a customer who repudiated an e-logbook submission could then be prosecuted for fishing without reporting. There will generally be independent evidence of the fishing or processing activity (follow the fish, also follow the VMS track.) | Low: agency might expend effort to resolve, but the distress would be limited and short-term |
lines below are placeholders for possible further work |
|
|
|
|
|
|
|
| Inconvenience, distress or damage to standing or reputation |
|
|
|
|
| Financial loss or agency liability |
|
|
|
|
| Harm to agency programs or public interest |
|
|
|
|
| Unauthorized release of sensitive information |
|
|
|
|
| Civil or criminal violations |
|
|