In recent years, the Netherlands Ministry of Defence (MoD) modelled, standardized, and digitally secured many of its organization-broad business processes. However, MoD experiences great difficulty in gaining insights in these processes and steering them productively. The novel business process analyses method Process Mining appeared to be a promising instrument. However, MoD lacks experience with process mining as a way to analyse and subsequently improve processes. In addition on how to apply process mining, MoD wants to learn the requirements for starting a process mining project. The thesis starts with a literature study on eight business process improvement methodologies (BPIs), viz. Lean, Six Sigma, Lean Six Sigma, Total Quality Management, Lean MRO, Total Productive Maintenance, Business Process Reengineering, and Business Process Improvement. These BPIs are compared with each other in an overview based on nine characteristics. Then, a ninth BPI is studied: process mining. The literature on this topic is scattered, but a study is conducted on several element. After that, pros and cons are discussed and process mining is placed in the overview of BPIs. A combination of desk and field research leads to the improvement of the best practise methodology PM2. And this improved methodology, called PM3, is further within MoD. Next to that, a process mining decision framework is developed according to the waterfall model. This framework can score business process models on several characteristics. The resulting total score determines whether process mining can successfully be applied to improve the process. For MoD, process mining can be a valuable instrument for improving processes. It can convert a gut feeling into clear numbers and models, which can form the start of an improvement project. It is thus recommended to make process mining available to the organisation. The thesis gives a good insight in the possibilities of process mining, but it also comes with several opportunities for future research. For example, PM3 has demonstrated itself in the field, but this have not yet led to measurable improvements (only important insights in the processes). Future research is required to verify its true potential. Second, the decision framework is tested by assessing fourteen of MoD’s processes and evaluated by discussion it with ten system experts. Yet again, empirical research is probably the only way to truly verify it, but this was not possible during the thesis. Third, both PM3 and the decision framework focus on MRO within MoD. It is unlikely that a change of domain or organisation makes a significant difference, but the possibility should be taken into account and further investigated. And finally, a significant limitation of the framework is that it only scores on process mining. So, if it presents a very low score, it does not suggest an alternative BPI. This fell outside the scope of the thesis, but is nevertheless an interesting research opportunity.

Container vessels arriving in a port before or after their scheduled time can cause problems in the container terminal planning and planning of hinterland transportation. This in turn leads to an increase of the costs in the supply chain. Vessels communicate their Estimated Time of Arrival via Automatic Idetification System(AIS) data to the port. This arrival time is estimated by the crew of the vessel and manually inputted into the AIS. In this research a proof of concept is shown that the Estimated Time of Arrival (ETA) prediction of container vessels can be improved. Vessels en route to the Port of Rotterdam are used as a case study. Different frameworks and algorithms are introduced to improve the data quality of AIS messages, to identify a set of possible routes and to do predictions based on the set of possible routes. It is possible to do predictions based on pre-processed AIS messages and a set of possible routes that perform at the same level as the best guess of a vessel’s crew.

Water management infrastructures such as floodgates are critical and increasingly operated by Industrial Control Systems (ICS). These systems are becoming more connected to the internet, either directly or through the corporate networks. This makes them vulnerable to cyber-attacks. Abnormal behaviour in floodgates operated by ICS could be caused by both (intentional) attacks and (accidental) technical failures. When operators notice abnormal behaviour, they should be able to distinguish between those two causes to take appropriate measures, because for example replacing a sensor in case of intentional incorrect sensor measurements would be ineffective and would not block corresponding the attack vector. In this thesis, we developed the attack-failure distinguisher framework for constructing Bayesian Network (BN) models which enable operators to distinguish between those two causes, including the knowledge elicitation method to construct the directed acyclic graph and conditional probability tables of BN models. As a full case study of the attack-failure distinguisher framework, we constructed a BN model to distinguish between attacks and technical failures for the problem of incorrect sensor measurements in floodgates, addressing the problem of floodgate operators. We utilised experts who associate themselves with the safety and/or security community to construct the BN model and validate the qualitative part of constructed BN model. The constructed BN model is usable in water management infrastructures to distinguish between attacks and technical failures in case of incorrect sensor measurements. This could help to decide on appropriate response strategies and avoid further complications in case of incorrect sensor measurements.@en

Currently, DDoS attacks have become inevitable for financial services and their threat keeps rising. Numerous researches have focused on the technical since the rise of DDoS amplification attacks. However, there is less understanding regarding their target selection on financial services. This research uses a mixed method approach to capture factors that influence cybercriminals in their selection of victims. Via data from amplification DDoS honeypots, various factors are identified and explanatory models are provided. In addition, financial cyber security experts are consulted to assess their perspective on target selection. The analysis demonstrates that certain countries have significantly higher or lower victims, which can partially be explained through country level factors such as the ICT development and Normal GDP Per capita. In addition, the ICT development influences the duration of the attack significantly. The findings also indicate that organizational size, as measured by market value, showed a limited effect on the number of attacks. Contrary, experts regarded the size as a highly influential factor. The analyses furthermore demonstrate that financial organisations incur significantly more attacks on Friday than on any other day. Moreover, the experts mention additional target selection factors such as, reputation, media attention, patching, having capable employees, and mitigation parties. Finally, this paper reflects on the implications of these findings for the financial sector and related sectors.

Nowadays, by using the new ICT technologies the functional efficiency of the Smart Grid is increased but at the same time leads to a more vulnerable system and makes the Smart Grid a potential target for cyber-attacks. In fact, cyber-attacks are becoming one of the most serious threats in critical infrastructures. More than 80% of energy companies dealt with a growth in the incidents of successful cyber-attacks in 2015 (Herring, 2016). These facts show the importance of investigating the impacts caused by cyber-attacks on the system, and the need for a systematic way to assess it. In order to gain insights into the degree of influence of cyber-attacks regarding the energy prices and the power demand, the objective of this thesis is to shed light on the impact of two types of cyber-attacks, targeting the signals along the communication link, on the normal behavior of the system and their influence on the behavior of consumers and utilities, when a price based Demand Response (DR) program is used.