Traceability in supply chains: A Cyber security analysis

Autor: Robin Doss, Syed W. Shah, Rolando Trujillo-Rasua, Naeem Firdous Syed
Rok vydání: 2022
Předmět:
Zdroj: Computers & Security. 112:102536
ISSN: 0167-4048
DOI: 10.1016/j.cose.2021.102536
Popis: Digital technologies are increasingly being adopted in modern supply chains for product traceability, enabling data sharing amongst trading partners, quick availability of product data, and end-to-end visibility of products. This adoption increases the system attack-surface and the number of cyber threats capable of harmful business impact, such as leak of business data, disruption of business operations, and loss of reputation, intellectual property and financial assets. A supply chain network thus needs an effective cyber security and threat management strategy, which requires reaching a thorough understanding of the most important assets and resources in a supply chain traceability system, the cyber threats that may impact them, and potential countermeasures. This article contributes a comprehensive threat modeling report on supply chain traceability systems, where we make explicit more than a hundred relations between assets, threats and countermeasures of relevance to supply chain traceability. Our analysis is reproducible, extensible and falsifiable. Reproducibility is achieved by following a systematic asset-centric threat modeling approach and adopting the STRIDE threat model to present a description of common threats; extensibility by using a layered-architecture for supply chains which the analyst can accommodate to a concrete implementation; and falsifiability by providing the sources used to establish the relation (asset, threat, countermeasure). Albeit the focus of the analysis is on technology, for the sake of completeness, the article briefly analyses secure traceability in supply chains when people and processes are made part of the system.
Databáze: OpenAIRE