This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.
Enhancing the resilience of supply chains
Supply Chain disruptions
Disruptions to supply chains may have profound socio-economic impact, and be of varying frequency. There are a number of reasons for such disruptions, like natural disasters (Thailand tsunami 2004), accidents (Suez canal, 2021), pandemic (Covid-19, 2019), and cybersecurity attacks. A projection of the magnitude of impact versus the ability to anticipate such disruptions, as well as the exposure of certain sectors to supply chain disruptions is shown in McKinsey’s report of 2020: Risk, resilience, and rebalancing in global value chains. Evidently, the impact of cyber attacks to IT infrastructures that support supply chains is huge, while the lead time remains low.
The ability of a supply chain to recover from a disruption and get back to normal, in other words its resilience, is one of its most important qualities. It can certainly be enhanced by a careful analysis of risks and the design of appropriate mitigation strategies, as well as by the continuous monitoring of the target supply chain and developing appropriate alert and response security controls.
Supply Chain security
Under this prism, security of supply chains is of paramount importance and should be treated as a high priority task. When it comes to protecting supply chain assets, infrastructures and processes, one realizes that it is a constant battle between new types of attack, continuously improving attackers’ skills, and the development of sophisticated attack tools on one hand, and enhanced protocols, standards, and best practices on the other. Gary Williams puts this battle in the right perspective in his illuminating article (Cyber)securing Manufacturing’s Future.
Securing modern supply chains, that are powered by sophisticated ICT infrastructures and Internet-enabled assets, against the hostile environment in which they have to operate is a daunting task. And it becomes overwhelmingly complex as the attack surface of a supply chain is not confined to a single stakeholder but is extended to its partners and collaborators, their partners and collaborators and so on, under the presence of complex interactions at the business and technical levels.
Bi-directional communication
CYRENE focuses on disruptions of supply chains that are effected through cyber attacks to their supporting IT infrastructures, and envisages the enhancement of the security, privacy, resilience, accountability and trustworthiness of supply chains through a Conformity Assessment Process (CAP). The envisaged CAP will employ a methodology and a tool-set for certifying the security and resilience of supply chain services, while certification requirements will be expressed through certification profiles.
CYRENE is currently in the process of specifying a methodology and a certification scheme targeting the security of supply chains. The certification scheme is based on the EUCC, the European Cybersecurity Scheme that has been defined by ENISA, for the certification of ICT products’ cybersecurity. When complete, the CYRENE scheme and the methodology will undergo scrutiny and will be tested in large scale pilot scenarios.
KEY FACTS
Project Coordinator: Sofoklis Efremidis
Institution: Maggioli SPA
Email: info{at}cyrene.eu
Start: 1-10-2020
Duration: 36 months
Participating organisations: 14
Number of countries: 10
FUNDING
This project has received funding from the European Union’s Horizon 2020 Research and Innovation program under grant agreement No 952690. The website reflects only the view of the author(s) and the Commission is not responsible for any use that may be made of the information it contains.