文章基本信息

标题：Cyber Security Threat Modeling for Supply Chain Organizational Environments
本地全文：下载
作者：Abel Yeboah-Ofori ; Abel Yeboah-Ofori ; Shareeful Islam 等
期刊名称：Future Internet
电子版ISSN：1999-5903
出版年度：2019
卷号：11
期号：3
页码：63
DOI：10.3390/fi11030063
出版社：MDPI Publishing
摘要：Cyber security in a supply chain (SC) provides an organization the secure network facilities to meet its overall business objectives. The integration of technologies has improved business processes, increased production speed, and reduced distribution costs. However, the increased interdependencies among various supply chain stakeholders have brought many challenges including lack of third party audit mechanisms and cascading cyber threats. This has led to attacks such as the manipulation of the design specifications, alterations, and manipulation during distribution. The aim of this paper is to investigate and understand supply chain threats. In particular, the paper contributes towards modeling and analyzing CSC attacks and cyber threat reporting among supply chain stakeholders. We consider concepts such as goal, actor, attack, TTP, and threat actor relevant to the supply chain, threat model, and requirements domain, and modeled the attack using the widely known STIX threat model. The proposed model was analyzed using a running example of a smart grid case study and an algorithm to model the attack. A discrete probability method for calculating the conditional probabilities was used to determine the attack propagation and cascading effects, and the results showed that our approach effectively analyzed the threats. We have recommended a list of CSC controls to improve the overall security of the studied organization.
关键词：cyber supply chain; cyber security; attack modeling; smart grid; threat intelligence; threat actor cyber supply chain ; cyber security ; attack modeling ; smart grid ; threat intelligence ; threat actor