Enhancing the resilience of supply chains

Cyber security image by Pete Linforth from Pixabay

Supply Chain disruptions

Disruptions to supply chains may have profound socio-economic impact, and be of varying frequency. There are a number of reasons for such disruptions, like natural disasters (Thailand tsunami 2004), accidents (Suez canal, 2021), pandemic (Covid-19, 2019), and cybersecurity attacks. A projection of the magnitude of impact versus the ability to anticipate such disruptions, as well as the exposure of certain sectors to supply chain disruptions is shown in McKinsey’s report of 2020: Risk, resilience, and rebalancing in global value chains. Evidently, the impact of cyber attacks to IT infrastructures that support supply chains is huge, while the lead time remains low.

The ability of a supply chain to recover from a disruption and get back to normal, in other words its resilience, is one of its most important qualities. It can certainly be enhanced by a careful analysis of risks and the design of appropriate mitigation strategies, as well as by the continuous monitoring of the target supply chain and developing appropriate alert and response security controls.

Supply Chain security

Under this prism, security of supply chains is of paramount importance and should be treated as a high priority task. When it comes to protecting supply chain assets, infrastructures and processes, one realizes that it is a constant battle between new types of attack, continuously improving attackers’ skills, and the development of sophisticated attack tools on one hand, and enhanced protocols, standards, and best practices on the other. Gary Williams puts this battle in the right perspective in his illuminating article (Cyber)securing Manufacturing’s Future.

Securing modern supply chains, that are powered by sophisticated ICT infrastructures and Internet-enabled assets, against the hostile environment in which they have to operate is a daunting task. And it becomes overwhelmingly complex as the attack surface of a supply chain is not confined to a single stakeholder but is extended to its partners and collaborators, their partners and collaborators and so on, under the presence of complex interactions at the business and technical levels.

Bi-directional communication

CYRENE focuses on disruptions of supply chains that are effected through cyber attacks to their supporting IT infrastructures, and envisages the enhancement of the security, privacy, resilience, accountability and trustworthiness of supply chains through a Conformity Assessment Process (CAP). The envisaged CAP will employ a methodology and a tool-set for certifying the security and resilience of supply chain services, while certification requirements will be expressed through certification profiles.

CYRENE is currently in the process of specifying a methodology and a certification scheme targeting the security of supply chains. The certification scheme is based on the EUCC, the European Cybersecurity Scheme that has been defined by ENISA, for the certification of ICT products’ cybersecurity. When complete, the CYRENE scheme and the methodology will undergo scrutiny and will be tested in large scale pilot scenarios.

Bear with us for updates on this exciting journey and stay tuned by following our social media accounts in Twitter and LinkedIn or by subscribing to our Newsletter for regular updates!

Signed by: Sofoklis Efremidis, Project Coordinator of CYRENE project

Loading

KEY FACTS

Project Coordinator: Sofoklis Efremidis
Institution: Maggioli SPA
Email: info{at}cyrene.eu
Start: 1-10-2020
Duration: 36 months
Participating organisations: 14
Number of countries: 10

TWEETS by

FUNDING

EU flagThis project has received funding from the European Union’s Horizon 2020 Research and Innovation program under grant agreement No 952690. The website reflects only the view of the author(s) and the Commission is not responsible for any use that may be made of the information it contains.