research-article

Open access

Information Security Assessment and Certification within Supply Chains

Authors:

Henrique Santos,

André Oliveira,

Alexandre SantosAuthors Info & Claims

ARES '21: Proceedings of the 16th International Conference on Availability, Reliability and Security

Article No.: 135, Pages 1 - 6

https://doi.org/10.1145/3465481.3470078

Published: 17 August 2021 Publication History

All formats PDF

Abstract

Cybersecurity threats have been on the rise lately, along with the digital revolution. In the industrial area and the supply chains, the disruptions that have already occurred require the search for solutions that minimize the impact of those threats without hampering the digital transformation, equally and globally recognized as bringing enormous benefits. At the heart of the solutions is the ability to manage information security conveniently. To this end, it is essential to put a safety assessment program in place using a set of appropriate metrics. In this article and through an analysis of work already carried out in the area, we propose a metrics framework suitable for supply chains and in the industrial context. Additionally, and to promote the level of trust between the nodes of a supply chain, it is also elaborated on a model of continuous safety assessment, using the same metrics and goals related to certification (based on the IEC 62443 standard). In addition to the contribution to the trust level, the proposed framework can also facilitate the certification process from the perspective of the technological infrastructure. The work is part of a European project (FISHY) that aims to increase resilience in supply chains.

References

[1]

Uchenna P. Daniel Ani, Hongmei (Mary) He, and Ashutosh Tiwari. 2018. A framework for Operational Security Metrics Development for industrial control environment. J. Cyber Secur. Technol. 2, 3–4 (October 2018), 201–237.

[2]

Mohammad Arafah, Saad Haj Bakry, Reham Al-Dayel, and Osama Faheem. 2020. Exploring cybersecurity metrics for strategic units: a generic framework for future work. In Lecture Notes in Networks and Systems. Springer, 881–891.

[3]

Rita Azzi, Rima Kilany Chamoun, and Maria Sokhn. 2019. The power of a blockchain-based supply chain. Comput. Ind. Eng. 135, (September 2019), 582–592.

Digital Library

[4]

Rostyslav Barabanov, Stewart Kowalski, and Louise Yngström. 2011. Information Security Metrics State of the Art. Retrieved May 7, 2021 from http://urn.kb.se/resolve?urn=urn:nbn:se:su:diva-67147

[5]

Jamal El Baz and Salomée Ruel. 2021. Can supply chain risk management practices mitigate the disruption impacts on supply chains’ resilience and robustness? Evidence from an empirical survey in a COVID-19 outbreak era. Int. J. Prod. Econ. 233, (March 2021), 107972.

[6]

Valentina Casola, Alessandra De Benedictis, Massimiliano Rak, and Umberto Villano. 2017. A security metric catalogue for cloud applications. In Advances in Intelligent Systems and Computing, Springer Verlag, 854–863.

[7]

Kam Fung Cheung and Michael G.H. Bell. 2021. Attacker–defender model against quantal response adversaries for cyber security in logistics management: An introductory study. Eur. J. Oper. Res. 291, 2 (June 2021), 471–481.

[8]

E Chew, M Swanson, K M Stine, N Bartol, A Brown, and W Robinson. 2008. Performance measurement guide for information security. Gaithersburg, MD.

[9]

Sujit Rokka Chhetri, Sina Faezi, Nafiul Rashid, and Mohammad Abdullah Al Faruque. 2018. Manufacturing Supply Chain and Product Lifecycle Security in the Era of Industry 4.0. J. Hardw. Syst. Secur. 2, 1 (March 2018), 51–68.

[10]

Daniel (Schneider Electric) DesRuisseaux. 2018. Practical Overview of Implementing IEC 62443 Security Levels in Industrial Control Applications.

[11]

ISASecure. ISASecure - IEC 62443-3-3 - SSA Certification. Retrieved May 7, 2021 from https://www.isasecure.org/en-US/Certification/IEC-62443-SSA-Certification

[12]

ISASecure. 2020. WWW.ISA.ORG/ISAGCA 1 GLOBAL CYBERSECURITY ALLIANCE www.isa.org/ISAGCA Quick Start Guide: An Overview of ISA/IEC 62443 Standards Security of Industrial Automation and Control Systems. Retrieved May 7, 2021 from www.awa.csis.org/programs/technology-policy-program/significant-cyber-incidents

[13]

Wayne Jansen. 2009. Directions in Security Metrics Research. J. Inf. Syst. Secur. 7, 1 (2009).

[14]

Jappreet Kaur, Tejpal Singh Kochhar, Souvik Ganguli, and Suman Rajest S. 2021. Evolution of Management System Certification: An overview. In Innovations in Information and Communication Technology Series. 82–92.

[15]

Habibullah Khan and Joel D Wisner. 2019. Supply Chain Integration, Learning, and Agility: Effects on Performance. J. Oper. Supply Chain Manag. 12, 1 (2019), 14–23.

[16]

Barbara Krumay, Edward W N Bernroider, and Roman Walser. 2018. Evaluation of Cybersecurity Management Controls and Metrics of Critical Infrastructures: A Literature Review Considering the NIST Cybersecurity Framework. In Secure IT Systems, Nils Gruschka (ed.). Springer International Publishing, Cham, 369–384.

[17]

Björn Leander, Aida Čaušević, and Hans Hansson. 2019. Applicability of the IEC 62443 standard in Industry 4.0 / IIoT. In Proceedings of the 14th International Conference on Availability, Reliability and Security, ACM, New York, NY, USA, 1–8.

Digital Library

[18]

Guanyi Lu, Xenophon Koufteros, and Lorenzo Lucianetti. 2017. Supply Chain Security: A Classification of Practices and an Empirical Study of Differential Effects and Complementarity. IEEE Trans. Eng. Manag. 64, 2 (May 2017), 234–248.

[19]

Guanyi Lu, Xenophon Koufteros, Srinivas Talluri, and G. Tomas M. Hult. 2019. Deployment of Supply Chain Security Practices: Antecedents and Consequences. Decis. Sci. 50, 3 (June 2019), 459–497.

[20]

John T. Mentzer, William DeWitt, James S. Keebler, Soonhong Min, Nancy W. Nix, Carlo D. Smith, and Zach G. Zacharia. 2001. DEFINING SUPPLY CHAIN MANAGEMENT. J. Bus. Logist. 22, 2 (September 2001), 1–25.

[21]

Seong-hyun Min and Kyung-ho Son. 2020. Comparative Analysis on ICT Supply Chain Security Standards and Framework. J. Korea Inst. Inf. Secur. Cryptol. 30, 6 (2020).

[22]

Patrick Morrison, David Moye, Rahul Pandita, and Laurie Williams. 2018. Mapping the field of software life cycle security metrics. Information and Software Technology 102, 146–159.

[23]

John Z Ni, Steve A Melnyk, William J Ritchie, and Barbara F Flynn. 2016. Why be first if it doesn't pay? The case of early adopters of C-TPAT supply chain security certification. Int. J. Oper. Prod. Manag. 36, 10 (October 2016), 1161–1181.

[24]

Shirley Payne. 2006. SANS Institute Information Security Reading Room A Guide to Security Metrics.

[25]

Marcus Pendleton, Richard Garcia-Lebron, Jin Hee Cho, and Shouhuai Xu. 2016. A survey on systems security metrics. ACM Comput. Surv. 49, 4 (December 2016).

Digital Library

[26]

Ron Ross, Victoria Pillitteri, Richard Graubart, Deborah Bodeau, and Rosalie McQuaid. 2019. Developing cyber resilient systems: A Systems Security Engineering Approach. Gaithersburg, MD.

[27]

Reijo M. Savola. 2013. Quality of security metrics and measurements. Comput. Secur. 37, (September 2013), 78–90.

Digital Library

[28]

Christopher Schmitz, Michael Schmid, David Harborth, and Sebastian Pape. 2021. Maturity Level Assessments of Information Security Controls: An Empirical Analysis of Practitioners Assessment Capabilities. Comput. Secur. (April 2021), 102306.

Digital Library

[29]

Paul Stockton. 2018. SECURING CRITICAL SUPPLY CHAINS STRATEGIC OPPORTUNITIES FOR THE CYBER PRODUCT INTERNATIONAL CERTIFICATION (CPIC TM ) COMMISSION INITIATIVE.

[30]

Kennedy A. Torkura, Feng Cheng, and Christoph Meinel. 2016. Application of quantitative security metrics in cloud computing. In 2015 10th International Conference for Internet Technology and Secured Transactions, ICITST 2015, Institute of Electrical and Electronics Engineers Inc., 256–262.

[31]

Nilufer Tuptuk and Stephen Hailes. 2018. Security of smart manufacturing systems. J. Manuf. Syst. 47, (April 2018), 93–106.

[32]

Lingyu Wang, Sushil Jajodia, and Anoop Singhal. 2017. Network security metrics. Springer International Publishing.

[33]

Jack Wiles. 2008. SCADA Security Assessment Methodology. In Techno Security's Guide to Securing SCADA. Elsevier, 95–135.

[34]

Zachary Williams, Jason E Lueg, Sean P Goffnett, Stephen A LeMay, and Robert L Cook. 2012. Understanding supply chain security strategy. J. Transp. Manag. 23, 1 (April 2012), 7–25.

[35]

Simon Enoch Yusuf, Jin B Hong, and Dong Seong Kim. 2017. Composite Metrics for Network Security Analysis. J. Softw. Netw. (2017), 137–160.

[36]

Cyber risk trends 2020 | AGCS. Retrieved May 7, 2021 from https://www.agcs.allianz.com/news-and-insights/reports/cyber-risk-trends-2020.html

[37]

2013. Security and Privacy Controls for Federal Information Systems and Organizations. Gaithersburg, MD.

Cited By

Al-Tamimi SAbu Al-Haija Q(2024)Supply Chain Security, Technological Advancements, and Future TrendsSmart and Agile Cybersecurity for IoT and IIoT Environments10.4018/979-8-3693-3451-5.ch010(211-234)Online publication date: 30-Jun-2024
https://doi.org/10.4018/979-8-3693-3451-5.ch010
Leligou HLakka AKarkazis PCosta JTordera ESantos HRomero A(2024)Cybersecurity in Supply Chain Systems: The Farm-to-Fork Use CaseElectronics10.3390/electronics1301021513:1(215)Online publication date: 3-Jan-2024
https://doi.org/10.3390/electronics13010215
Santos HPereira TOliveira A(2024)Information Security Metrics: Challenges and Models in an All-Digital WorldLegal Developments on Cybersecurity and Related Fields10.1007/978-3-031-41820-4_6(93-114)Online publication date: 7-Feb-2024
https://doi.org/10.1007/978-3-031-41820-4_6
Show More Cited By

Recommendations

Information sharing model of upstream supply chain based on embedded technology

The lack of bi-level planning of supply chain leads to the problems of low customer satisfaction and low security of information sharing in the upstream supply chain of enterprises. This paper analyses the status quo of information sharing in upstream ...
Smoothing inventory decision rules in seasonal supply chains

We study the value of smoothing replenishment rules in seasonal supply chains.Simulation modeling is adopted to compare the traditional and smoothing OUT.The impact of Holt-Winters parameters are studied under both replenishment rules.Smoothing improves ...
The Application of DEA in the Risk Assessment of the Supply Chain Partner
ICCIS '10: Proceedings of the 2010 International Conference on Computational and Information Sciences

Various enterprises in the supply chain are inevitably linked on purpose of the existence of value-added. However, each company has been in the pursuit of self-interest maximization, making that there are potential conflicts of interest among the ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

ARES '21: Proceedings of the 16th International Conference on Availability, Reliability and Security

August 2021

1447 pages

ISBN:9781450390514

DOI:10.1145/3465481

Copyright © 2021 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 17 August 2021

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Funding Sources

European Union's Horizon 2020 research and innovation programme
FCT - Fundação para a Ciência e Tecnologia within the R&D Units

Conference

ARES 2021

ARES 2021: The 16th International Conference on Availability, Reliability and Security

August 17 - 20, 2021

Vienna, Austria

Acceptance Rates

Overall Acceptance Rate 228 of 451 submissions, 51%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

6
Total Citations
View Citations
483
Total Downloads

Downloads (Last 12 months)234
Downloads (Last 6 weeks)41

Reflects downloads up to 03 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

Al-Tamimi SAbu Al-Haija Q(2024)Supply Chain Security, Technological Advancements, and Future TrendsSmart and Agile Cybersecurity for IoT and IIoT Environments10.4018/979-8-3693-3451-5.ch010(211-234)Online publication date: 30-Jun-2024
https://doi.org/10.4018/979-8-3693-3451-5.ch010
Leligou HLakka AKarkazis PCosta JTordera ESantos HRomero A(2024)Cybersecurity in Supply Chain Systems: The Farm-to-Fork Use CaseElectronics10.3390/electronics1301021513:1(215)Online publication date: 3-Jan-2024
https://doi.org/10.3390/electronics13010215
Santos HPereira TOliveira A(2024)Information Security Metrics: Challenges and Models in an All-Digital WorldLegal Developments on Cybersecurity and Related Fields10.1007/978-3-031-41820-4_6(93-114)Online publication date: 7-Feb-2024
https://doi.org/10.1007/978-3-031-41820-4_6
Safitra MLubis MFakhrurroja H(2023)Counterattacking Cyber Threats: A Framework for the Future of CybersecuritySustainability10.3390/su15181336915:18(13369)Online publication date: 6-Sep-2023
https://doi.org/10.3390/su151813369
Brás JPereira RMoro S(2023)Intelligent Process Automation and Business Continuity: Areas for Future ResearchInformation10.3390/info1402012214:2(122)Online publication date: 14-Feb-2023
https://doi.org/10.3390/info14020122
Milánkovich ÁTuma K(2023)Delta Security Certification for Software Supply ChainsIEEE Security and Privacy10.1109/MSEC.2023.331146421:6(24-33)Online publication date: 22-Sep-2023
https://dl.acm.org/doi/10.1109/MSEC.2023.3311464

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

HTML Format

View this article in HTML Format.

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents