Cyber Security Threat Modeling for Supply Chain Organizational Environments
Article
Yeboah-Ofori, A. and Islam, S. 2019. Cyber Security Threat Modeling for Supply Chain Organizational Environments. Future Internet. 11 (3), p. Art. 63. https://doi.org/10.3390/fi11030063
Authors | Yeboah-Ofori, A. and Islam, S. |
---|---|
Abstract | Cyber security in a supply chain (SC) provides an organization the secure network facilities to meet its overall business objectives. The integration of technologies has improved business processes, increased production speed, and reduced distribution costs. However, the increased interdependencies among various supply chain stakeholders have brought many challenges including lack of third party audit mechanisms and cascading cyber threats. This has led to attacks such as the manipulation of the design specifications, alterations, and manipulation during distribution. The aim of this paper is to investigate and understand supply chain threats. In particular, the paper contributes towards modeling and analyzing CSC attacks and cyber threat reporting among supply chain stakeholders. We consider concepts such as goal, actor, attack, TTP, and threat actor relevant to the supply chain, threat model, and requirements domain, and modeled the attack using the widely known STIX threat model. The proposed model was analyzed using a running example of a smart grid case study and an algorithm to model the attack. A discrete probability method for calculating the conditional probabilities was used to determine the attack propagation and cascading effects, and the results showed that our approach effectively analyzed the threats. We have recommended a list of CSC controls to improve the overall security of the studied organization. |
Journal | Future Internet |
Journal citation | 11 (3), p. Art. 63 |
ISSN | 1999-5903 |
Year | 2019 |
Publisher | MDPI |
Publisher's version | License |
Digital Object Identifier (DOI) | https://doi.org/10.3390/fi11030063 |
Web address (URL) | https://doi.org/10.3390/fi11030063 |
Publication dates | |
Online | 05 Mar 2019 |
Publication process dates | |
Deposited | 11 Mar 2019 |
Accepted | 21 Feb 2019 |
Accepted | 21 Feb 2019 |
Copyright information | © 2019 The authors |
License | CC BY 4.0 |
https://repository.uel.ac.uk/item/8446v
Download files
547
total views366
total downloads12
views this month6
downloads this month