This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.
Discovering Attack Paths on Supply Chains Services
Maggioli Spa (MAG) in collaboration with Focal Point sprl (FP) and Hyperborea Srl (HYPER) is currently investigating, in the context of the CYRENE EU H2020 project, potential cyber attack paths on interconnected Critical Infrastructures (CIs) which operate for the provision of supply chain services. An attack path is performed when an adversary successfully exploits gradually a sequence of vulnerabilities (vulnerability chains) identified upon a number of interconnected assets of interdependent IT infrastructures aiming to infiltrate into critical systems of a supply chain service (SCS) and cause damage to them. In this manner, they may sabotage the normal operations of the services by taking advantage of them to conduct malicious actions or cause a data leak. This could considerably harm organizations involved that could even distort the entire supply chain service performance leading to serious consequences, such as financial loss or compromise of people’s privacy from data exposure.
To be able to tackle such events and improve the level of security on CIs, the technical aspects of attacks and adversaries’ behavior need to be highly analysed. In the frame of the CYRENE’s Risk and Conformity Assessment working procedures to promote a solution that evaluates the security, resilience, and reliability of SCS infrastructures, MAG along with FP and HYPER has delved into relevant and complex attack scenarios and developed an approach that measures the cascading effects on these infrastructures in view of an attack path implementation. As the next step, MAG is currently working on deploying an attack behavior simulation environment that will utilize the produced metrics to recognize attack patterns and provide forecasting capabilities related to attacks on SCS infrastructures. Through this environment, supply chain end-users will be allowed to experiment with different attack scenarios and review the results and the impact on their assets which are used for the SCS execution.
An attack graph discovery experience is loading . . . stay tuned!
So what do you think? Would your organization use the CYRENE Solution? Reach out to us and share your views either by using our contact form or by following our social media accounts on Twitter and LinkedIn.
Don’t forget to subscribe to our Newsletter for regular updates!
This blog is signed by: the MAG team
KEY FACTS
Project Coordinator: Sofoklis Efremidis
Institution: Maggioli SPA
Email: info{at}cyrene.eu
Start: 1-10-2020
Duration: 36 months
Participating organisations: 14
Number of countries: 10
TWEETS by
Join @CYRENE_H2020 at the #CyberHOT #SummerSchool 2022 on September 29-30, 2022, under the auspices of the @nmiotc, and advance your #security knowledge to practical, effective #cyber incident expertise! Registrations are open:
Read More@CYRENE_H2020 partners gathered for their 6th plenary #meeting on Thursday the 16th and Friday the 17th of June 2022, in Chania, Greece. The consortium members took the chance to meet face-to-face for the first time! The meeting was hosted by #TSI
Read More📢New Blogpost! In this article, Dr. Sofia Karagiorgou from @UBITECH_GR explains the Multiple Visual Analytics over Dark Web and how this is utilized in CYRENE. Read the article here: #Cybersecurity #supplychains #supplychainmanagement #darkweb
Read MoreThere are several attacks regarding #IoT devices: Man-in-the-Middle Attacks, Eavesdropping, Firmware hijacking, DDoS, Physical tampering...We will try to detect some of them using the @CYRENE_H2020 integrated system in the next period setting the appropriate pilot cases
Read MoreFUNDING
This project has received funding from the European Union’s Horizon 2020 Research and Innovation program under grant agreement No 952690. The website reflects only the view of the author(s) and the Commission is not responsible for any use that may be made of the information it contains.