Colin Topping
Beware Suppliers Bearing Gifts!: Analysing coverage of supply chain cyber security in critical national infrastructure sectorial and cross-sectorial frameworks
Topping, Colin; Dwyer, Andrew; Michalec, Ola; Craggs, Barney; Rashid, Awais
Authors
Andrew Dwyer
Ola Michalec
Barney Craggs
Awais Rashid
Abstract
Threat actors are increasingly targeting extended supply chains and abusing client-supplier trust to conduct third-party compromise. Governments are concerned about targeted attacks against critical national infrastructures, where compromise can have significant adverse national consequences. In this paper we identify and review advice and guidance offered by authorities in the UK, US, and the EU regarding Cyber Supply Chain Risk Management (C-SCRM). We then conduct a review of sector specific guidance in the three regions for the chemical, energy, and water sectors. We assessed frameworks that each region’s sector offered organisations for C-SCRM suitability. Our results found a range of interpretations for “Supply Chain” that resulted in a diversity in the quantity and quality of advice offered by regional authorities, sectors, and their frameworks. This is exacerbated by the lack of a common taxonomy to support supply chain procurement and risk management that has led to limited coverage in most C-SCRM programs. Our results highlight the need for a taxonomy regarding C-SCRM and systematic guidance (both general and sector specific) to enable controls to be deployed to mitigate against supply chain risk. We provide an outline taxonomy based on our data analysis to promote further discussion and research.
Citation
Topping, C., Dwyer, A., Michalec, O., Craggs, B., & Rashid, A. (2021). Beware Suppliers Bearing Gifts!: Analysing coverage of supply chain cyber security in critical national infrastructure sectorial and cross-sectorial frameworks. Computers and Security, 108, Article 102324. https://doi.org/10.1016/j.cose.2021.102324
Journal Article Type | Article |
---|---|
Acceptance Date | May 12, 2021 |
Online Publication Date | May 23, 2021 |
Publication Date | 2021-09 |
Deposit Date | May 19, 2021 |
Publicly Available Date | May 23, 2022 |
Journal | Computers and Security |
Print ISSN | 0167-4048 |
Publisher | Elsevier |
Peer Reviewed | Peer Reviewed |
Volume | 108 |
Article Number | 102324 |
DOI | https://doi.org/10.1016/j.cose.2021.102324 |
Files
Accepted Journal Article
(2.6 Mb)
PDF
Publisher Licence URL
http://creativecommons.org/licenses/by-nc-nd/4.0/
Copyright Statement
© 2021 This manuscript version is made available under the CC-BY-NC-ND 4.0 license http://creativecommons.org/licenses/by-nc-nd/4.0/
You might also like
Digital geographies
(2023)
Book Chapter
What Can a Critical Cybersecurity Do?
(2022)
Journal Article
Zoom Obscura: Counterfunctional Design for Video-Conferencing
(2022)
Conference Proceeding
Cloud Ethics: Algorithms and the Attributes of Ourselves and Others
(2021)
Journal Article
Cybersecurity’s Grammars: A More‐than‐Human Geopolitics of Computation
(2021)
Journal Article
Downloadable Citations
About Durham Research Online (DRO)
Administrator e-mail: dro.admin@durham.ac.uk
This application uses the following open-source libraries:
SheetJS Community Edition
Apache License Version 2.0 (http://www.apache.org/licenses/)
PDF.js
Apache License Version 2.0 (http://www.apache.org/licenses/)
Font Awesome
SIL OFL 1.1 (http://scripts.sil.org/OFL)
MIT License (http://opensource.org/licenses/mit-license.html)
CC BY 3.0 ( http://creativecommons.org/licenses/by/3.0/)
Powered by Worktribe © 2024
Advanced Search