Redirigiendo al acceso original de articulo en 16 segundos...
Inicio  /  Future Internet  /  Vol: 11 Par: 3 (2019)  /  Artículo
ARTÍCULO
TITULO

Cyber Security Threat Modeling for Supply Chain Organizational Environments

Abel Yeboah-Ofori and Shareeful Islam    

Resumen

Cyber security in a supply chain (SC) provides an organization the secure network facilities to meet its overall business objectives. The integration of technologies has improved business processes, increased production speed, and reduced distribution costs. However, the increased interdependencies among various supply chain stakeholders have brought many challenges including lack of third party audit mechanisms and cascading cyber threats. This has led to attacks such as the manipulation of the design specifications, alterations, and manipulation during distribution. The aim of this paper is to investigate and understand supply chain threats. In particular, the paper contributes towards modeling and analyzing CSC attacks and cyber threat reporting among supply chain stakeholders. We consider concepts such as goal, actor, attack, TTP, and threat actor relevant to the supply chain, threat model, and requirements domain, and modeled the attack using the widely known STIX threat model. The proposed model was analyzed using a running example of a smart grid case study and an algorithm to model the attack. A discrete probability method for calculating the conditional probabilities was used to determine the attack propagation and cascading effects, and the results showed that our approach effectively analyzed the threats. We have recommended a list of CSC controls to improve the overall security of the studied organization.

 Artículos similares

       
 
Tehseen Mazhar, Hafiz Muhammad Irfan, Sunawar Khan, Inayatul Haq, Inam Ullah, Muhammad Iqbal and Habib Hamam    
Smart grids are rapidly replacing conventional networks on a worldwide scale. A smart grid has drawbacks, just like any other novel technology. A smart grid cyberattack is one of the most challenging things to stop. The biggest problem is caused by milli... ver más
Revista: Future Internet

 
Karthikeyan Saminathan, Sai Tharun Reddy Mulka, Sangeetha Damodharan, Rajagopal Maheswar and Josip Lorincz    
The COVID-19 pandemic made all organizations and enterprises work on cloud platforms from home, which greatly facilitates cyberattacks. Employees who work remotely and use cloud-based platforms are chosen as targets for cyberattacks. For that reason, cyb... ver más
Revista: Future Internet

 
Mario Aragonés Lozano, Israel Pérez Llopis and Manuel Esteve Domingo    
The number and the diversity in nature of daily cyber-attacks have increased in the last few years, and trends show that both will grow exponentially in the near future. Critical Infrastructures (CI) operators are not excluded from these issues; therefor... ver más

 
Abdul Majeed, Abdullah M. Alnajim, Athar Waseem, Aleem Khaliq, Aqdas Naveed, Shabana Habib, Muhammad Islam and Sheroz Khan    
In fifth Generation (5G) networks, protection from internal attacks, external breaches, violation of confidentiality, and misuse of network vulnerabilities is a challenging task. Various approaches, especially deep-learning (DL) prototypes, have been ado... ver más
Revista: Future Internet

 
Dominic Lightbody, Duc-Minh Ngo, Andriy Temko, Colin C. Murphy and Emanuel Popovici    
This study proposes the wider use of non-intrusive side-channel power data in cybersecurity for intrusion detection. An in-depth analysis of side-channel IoT power behaviour is performed on two well-known IoT devices?a Raspberry Pi 3 model B and a Dragon... ver más
Revista: Future Internet