Enhancing the resilience of supply chains
Supply Chain disruptions
Disruptions to supply chains may have profound socio-economic impact, and be of varying frequency. There are a number of reasons for such disruptions, like natural disasters (Thailand tsunami 2004), accidents (Suez canal, 2021), pandemic (Covid-19, 2019), and cybersecurity attacks. A projection of the magnitude of impact versus the ability to anticipate such disruptions, as well as the exposure of certain sectors to supply chain disruptions is shown in McKinsey’s report of 2020: Risk, resilience, and rebalancing in global value chains. Evidently, the impact of cyber attacks to IT infrastructures that support supply chains is huge, while the lead time remains low.
The ability of a supply chain to recover from a disruption and get back to normal, in other words its resilience, is one of its most important qualities. It can certainly be enhanced by a careful analysis of risks and the design of appropriate mitigation strategies, as well as by the continuous monitoring of the target supply chain and developing appropriate alert and response security controls.
Supply Chain security
Under this prism, security of supply chains is of paramount importance and should be treated as a high priority task. When it comes to protecting supply chain assets, infrastructures and processes, one realizes that it is a constant battle between new types of attack, continuously improving attackers’ skills, and the development of sophisticated attack tools on one hand, and enhanced protocols, standards, and best practices on the other. Gary Williams puts this battle in the right perspective in his illuminating article (Cyber)securing Manufacturing’s Future.
Securing modern supply chains, that are powered by sophisticated ICT infrastructures and Internet-enabled assets, against the hostile environment in which they have to operate is a daunting task. And it becomes overwhelmingly complex as the attack surface of a supply chain is not confined to a single stakeholder but is extended to its partners and collaborators, their partners and collaborators and so on, under the presence of complex interactions at the business and technical levels.
CYRENE focuses on disruptions of supply chains that are effected through cyber attacks to their supporting IT infrastructures, and envisages the enhancement of the security, privacy, resilience, accountability and trustworthiness of supply chains through a Conformity Assessment Process (CAP). The envisaged CAP will employ a methodology and a tool-set for certifying the security and resilience of supply chain services, while certification requirements will be expressed through certification profiles.
CYRENE is currently in the process of specifying a methodology and a certification scheme targeting the security of supply chains. The certification scheme is based on the EUCC, the European Cybersecurity Scheme that has been defined by ENISA, for the certification of ICT products’ cybersecurity. When complete, the CYRENE scheme and the methodology will undergo scrutiny and will be tested in large scale pilot scenarios.
Project Coordinator: Sofoklis Efremidis
Institution: Maggioli SPA
Duration: 36 months
Participating organisations: 14
Number of countries: 10
Organizations involved in supply chains should be aware of various attacks and threats they can face. Here you can find some examples of supply chain attacks: https://t.co/IfIYNCnGdYRead More
Data from various Japanese government entities has reportedly been stolen by hackers. Among the impacted are the Ministry of Land, Infrastructure, Transport, and Tourism; the Cabinet Secretariat; and Narita Airport. #focalpointsprl #cyrene_h2020 #governmentattackRead More
Our third plenary meeting was completed today. #Alignment is always key to project success and despite the difficulties the current limited traveling has brought, we are doing our best to keep the drum beat steady! Many thanks to everyone for their contributions!🙌 https://t.co/pJmV4ry0GNRead More
The third plenary session of CYRENE was just completed for the day! Many fruitful discussions that help progress the the project and more to come tomorrow. Stay tuned for an overview of the event coming soon! 🙂Read More
This project has received funding from the European Union’s Horizon 2020 Research and Innovation program under grant agreement No 952690. The website reflects only the view of the author(s) and the Commission is not responsible for any use that may be made of the information it contains.