Enhancing the resilience of supply chains
Supply Chain disruptions
Disruptions to supply chains may have profound socio-economic impact, and be of varying frequency. There are a number of reasons for such disruptions, like natural disasters (Thailand tsunami 2004), accidents (Suez canal, 2021), pandemic (Covid-19, 2019), and cybersecurity attacks. A projection of the magnitude of impact versus the ability to anticipate such disruptions, as well as the exposure of certain sectors to supply chain disruptions is shown in McKinsey’s report of 2020: Risk, resilience, and rebalancing in global value chains. Evidently, the impact of cyber attacks to IT infrastructures that support supply chains is huge, while the lead time remains low.
The ability of a supply chain to recover from a disruption and get back to normal, in other words its resilience, is one of its most important qualities. It can certainly be enhanced by a careful analysis of risks and the design of appropriate mitigation strategies, as well as by the continuous monitoring of the target supply chain and developing appropriate alert and response security controls.
Supply Chain security
Under this prism, security of supply chains is of paramount importance and should be treated as a high priority task. When it comes to protecting supply chain assets, infrastructures and processes, one realizes that it is a constant battle between new types of attack, continuously improving attackers’ skills, and the development of sophisticated attack tools on one hand, and enhanced protocols, standards, and best practices on the other. Gary Williams puts this battle in the right perspective in his illuminating article (Cyber)securing Manufacturing’s Future.
Securing modern supply chains, that are powered by sophisticated ICT infrastructures and Internet-enabled assets, against the hostile environment in which they have to operate is a daunting task. And it becomes overwhelmingly complex as the attack surface of a supply chain is not confined to a single stakeholder but is extended to its partners and collaborators, their partners and collaborators and so on, under the presence of complex interactions at the business and technical levels.
CYRENE focuses on disruptions of supply chains that are effected through cyber attacks to their supporting IT infrastructures, and envisages the enhancement of the security, privacy, resilience, accountability and trustworthiness of supply chains through a Conformity Assessment Process (CAP). The envisaged CAP will employ a methodology and a tool-set for certifying the security and resilience of supply chain services, while certification requirements will be expressed through certification profiles.
CYRENE is currently in the process of specifying a methodology and a certification scheme targeting the security of supply chains. The certification scheme is based on the EUCC, the European Cybersecurity Scheme that has been defined by ENISA, for the certification of ICT products’ cybersecurity. When complete, the CYRENE scheme and the methodology will undergo scrutiny and will be tested in large scale pilot scenarios.
Project Coordinator: Sofoklis Efremidis
Institution: Maggioli SPA
Duration: 36 months
Participating organisations: 14
Number of countries: 10
Join @CYRENE_H2020 at the #CyberHOT #SummerSchool 2022 on September 29-30, 2022, under the auspices of the @nmiotc, and advance your #security knowledge to practical, effective #cyber incident expertise! Registrations are open:Read More
@CYRENE_H2020 partners gathered for their 6th plenary #meeting on Thursday the 16th and Friday the 17th of June 2022, in Chania, Greece. The consortium members took the chance to meet face-to-face for the first time! The meeting was hosted by #TSIRead More
📢New Blogpost! In this article, Dr. Sofia Karagiorgou from @UBITECH_GR explains the Multiple Visual Analytics over Dark Web and how this is utilized in CYRENE. Read the article here: #Cybersecurity #supplychains #supplychainmanagement #darkwebRead More
There are several attacks regarding #IoT devices: Man-in-the-Middle Attacks, Eavesdropping, Firmware hijacking, DDoS, Physical tampering...We will try to detect some of them using the @CYRENE_H2020 integrated system in the next period setting the appropriate pilot casesRead More
This project has received funding from the European Union’s Horizon 2020 Research and Innovation program under grant agreement No 952690. The website reflects only the view of the author(s) and the Commission is not responsible for any use that may be made of the information it contains.