IDEAS home Printed from https://ideas.repec.org/a/gam/jftint/v11y2019i3p63-d211175.html
   My bibliography  Save this article

Cyber Security Threat Modeling for Supply Chain Organizational Environments

Author

Listed:
  • Abel Yeboah-Ofori

    (School of Architecture Computing & Engineering, University of East London, London E16 2RD, UK)

  • Shareeful Islam

    (School of Architecture Computing & Engineering, University of East London, London E16 2RD, UK)

Abstract

Cyber security in a supply chain (SC) provides an organization the secure network facilities to meet its overall business objectives. The integration of technologies has improved business processes, increased production speed, and reduced distribution costs. However, the increased interdependencies among various supply chain stakeholders have brought many challenges including lack of third party audit mechanisms and cascading cyber threats. This has led to attacks such as the manipulation of the design specifications, alterations, and manipulation during distribution. The aim of this paper is to investigate and understand supply chain threats. In particular, the paper contributes towards modeling and analyzing CSC attacks and cyber threat reporting among supply chain stakeholders. We consider concepts such as goal, actor, attack, TTP, and threat actor relevant to the supply chain, threat model, and requirements domain, and modeled the attack using the widely known STIX threat model. The proposed model was analyzed using a running example of a smart grid case study and an algorithm to model the attack. A discrete probability method for calculating the conditional probabilities was used to determine the attack propagation and cascading effects, and the results showed that our approach effectively analyzed the threats. We have recommended a list of CSC controls to improve the overall security of the studied organization.

Suggested Citation

  • Abel Yeboah-Ofori & Shareeful Islam, 2019. "Cyber Security Threat Modeling for Supply Chain Organizational Environments," Future Internet, MDPI, vol. 11(3), pages 1-25, March.
  • Handle: RePEc:gam:jftint:v:11:y:2019:i:3:p:63-:d:211175
    as

    Download full text from publisher

    File URL: https://www.mdpi.com/1999-5903/11/3/63/pdf
    Download Restriction: no

    File URL: https://www.mdpi.com/1999-5903/11/3/63/
    Download Restriction: no
    ---><---

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Kaur, Harpreet & Gupta, Mahima & Singh, Surya Prakash, 2024. "Integrated model to optimize supplier selection and investments for cyber resilience in digital supply chains," International Journal of Production Economics, Elsevier, vol. 275(C).
    2. Seppo Borenius & Pavithra Gopalakrishnan & Lina Bertling Tjernberg & Raimo Kantola, 2022. "Expert-Guided Security Risk Assessment of Evolving Power Grids," Energies, MDPI, vol. 15(9), pages 1-25, April.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:gam:jftint:v:11:y:2019:i:3:p:63-:d:211175. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    We have no bibliographic references for this item. You can help adding them by using this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: MDPI Indexing Manager (email available below). General contact details of provider: https://www.mdpi.com .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.