This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.
Discovering Attack Paths on Supply Chains Services
Maggioli Spa (MAG) in collaboration with Focal Point sprl (FP) and Hyperborea Srl (HYPER) is currently investigating, in the context of the CYRENE EU H2020 project, potential cyber attack paths on interconnected Critical Infrastructures (CIs) which operate for the provision of supply chain services. An attack path is performed when an adversary successfully exploits gradually a sequence of vulnerabilities (vulnerability chains) identified upon a number of interconnected assets of interdependent IT infrastructures aiming to infiltrate into critical systems of a supply chain service (SCS) and cause damage to them. In this manner, they may sabotage the normal operations of the services by taking advantage of them to conduct malicious actions or cause a data leak. This could considerably harm organizations involved that could even distort the entire supply chain service performance leading to serious consequences, such as financial loss or compromise of people’s privacy from data exposure.
To be able to tackle such events and improve the level of security on CIs, the technical aspects of attacks and adversaries’ behavior need to be highly analysed. In the frame of the CYRENE’s Risk and Conformity Assessment working procedures to promote a solution that evaluates the security, resilience, and reliability of SCS infrastructures, MAG along with FP and HYPER has delved into relevant and complex attack scenarios and developed an approach that measures the cascading effects on these infrastructures in view of an attack path implementation. As the next step, MAG is currently working on deploying an attack behavior simulation environment that will utilize the produced metrics to recognize attack patterns and provide forecasting capabilities related to attacks on SCS infrastructures. Through this environment, supply chain end-users will be allowed to experiment with different attack scenarios and review the results and the impact on their assets which are used for the SCS execution.
An attack graph discovery experience is loading . . . stay tuned!
So what do you think? Would your organization use the CYRENE Solution? Reach out to us and share your views either by using our contact form or by following our social media accounts on Twitter and LinkedIn.
Don’t forget to subscribe to our Newsletter for regular updates!
This blog is signed by: the MAG team
KEY FACTS
Project Coordinator: Sofoklis Efremidis
Institution: Maggioli SPA
Email: info{at}cyrene.eu
Start: 1-10-2020
Duration: 36 months
Participating organisations: 14
Number of countries: 10
TWEETS by
An incident response plan (IRP) is a set of procedures and protocols that a company or organization follows when responding to a security incident, such as a #databreach, #cyberattack, or other security-related events. Does your organisation have such a plan?
Read MoreCalling all tech enthusiasts! Help solve real-world problems in #supplychaincybersecurity at the #CYRENE Hackathon 2023. Virtual event on Feb 16-17. Register now! #hackathon #innovation #problem-solving: 👉 https://t.co/SRZGJoRLFH
Read More
Don't miss out on the latest developments in #IoTSecurity from @CYRENE_H2020 at the @BcnCyberCon! Join us at stand C350 from Jan 31-Feb 2 to learn about state-of-the-art research results and meet the researchers #ERICyB #Cybersecurity #Congress #SupplyChain https://t.co/1Z9mptU7Wy
Read More
Don't miss out! We'll be joining the @CYRENE_H2020 Valencia Pilot Event organized by @FValenciaport on 10/02/23 at 10:00 CET. A live #demo of #CYRENE. The event will be held remotely. Visit for more details and to register. #CYRENEValenciaPilotEvent https://t.co/wdjNX6RDFa
Read More
FUNDING
This project has received funding from the European Union’s Horizon 2020 Research and Innovation program under grant agreement No 952690. The website reflects only the view of the author(s) and the Commission is not responsible for any use that may be made of the information it contains.