This SpringerBrief introduces methodologies and tools for quantitative understanding and assessment of supply chain risk to critical infrastructure systems. It unites system reliability analysis, optimization theory, detection theory and mechanism design theory to study vendor involvement in overall system security. It also provides decision support for risk mitigation. This SpringerBrief introduces I-SCRAM, a software tool to assess the risk. It enables critical infrastructure operators to make risk-informed decisions relating to the supply chain, while deploying their IT/OT and IoT systems. The authors present examples and case studies on supply chain risk assessment/mitigation of modern connected infrastructure systems such as autonomous vehicles, industrial control systems, autonomous truck platooning and more. It also discusses how vendors of different system components are involved in the overall security posture of the system and how the risk can be mitigated through vendor selection and diversification. The specific topics in this book include: Risk modeling and analysis of IoT supply chains Methodologies for risk mitigation, policy management, accountability, and cyber insurance Tutorial on a software tool for supply chain risk management of IoT These topics are supported by up-to-date summaries of the authors’ recent research findings. The authors introduce a taxonomy of supply chain security and discusses the future challenges and directions in securing the supply chains of IoT systems. It also focuses on the need for joint policy and technical solutions to counter the emerging risks, where technology should inform policy and policy should regulate technology development. This SpringerBrief has self-contained chapters, facilitating the readers to peruse individual topics of interest. It provides a broad understanding of the emerging field of cyber supply chain security in the context of IoT systems to academics, industry professionals and government officials.

In recent years, the rising complexity of Internet of Things (IoT) systems has increased their potential vulnerabilities and introduced new cybersecurity challenges. In this context, state of the art methods and technologies for security risk assessment have prominent limitations when it comes to large scale, cyber-physical and interconnected IoT systems. Risk assessments for modern IoT systems must be frequent, dynamic and driven by knowledge about both cyber and physical assets. Furthermore, they should be more proactive, more automated, and able to leverage information shared across IoT value chains. This book introduces a set of novel risk assessment techniques and their role in the IoT Security risk management process. Specifically, it presents architectures and platforms for end-to-end security, including their implementation based on the edge/fog computing paradigm. It also highlights machine learning techniques that boost the automation and proactiveness of IoT security risk assessments. Furthermore, blockchain solutions for open and transparent sharing of IoT security information across the supply chain are introduced. Frameworks for privacy awareness, along with technical measures that enable privacy risk assessment and boost GDPR compliance are also presented. Likewise, the book illustrates novel solutions for security certification of IoT systems, along with techniques for IoT security interoperability. In the coming years, IoT security will be a challenging, yet very exciting journey for IoT stakeholders, including security experts, consultants, security research organizations and IoT solution providers. The book provides knowledge and insights about where we stand on this journey. It also attempts to develop a vision for the future and to help readers start their IoT Security efforts on the right foot.

In recent years, the rising complexity of Internet of Things (IoT) systems has increased their potential vulnerabilities and introduced new cybersecurity challenges. In this context, state of the art methods and technologies for security risk assessment have prominent limitations when it comes to large scale, cyber-physical and interconnected IoT systems. Risk assessments for modern IoT systems must be frequent, dynamic and driven by knowledge about both cyber and physical assets. Furthermore, they should be more proactive, more automated, and able to leverage information shared across IoT value chains. This book introduces a set of novel risk assessment techniques and their role in the IoT Security risk management process. Specifically, it presents architectures and platforms for end-to-end security, including their implementation based on the edge/fog computing paradigm. It also highlights machine learning techniques that boost the automation and proactiveness of IoT security risk assessments. Furthermore, blockchain solutions for open and transparent sharing of IoT security information across the supply chain are introduced. Frameworks for privacy awareness, along with technical measures that enable privacy risk assessment and boost GDPR compliance are also presented. Likewise, the book illustrates novel solutions for security certification of IoT systems, along with techniques for IoT security interoperability. In the coming years, IoT security will be a challenging, yet very exciting journey for IoT stakeholders, including security experts, consultants, security research organizations and IoT solution providers. The book provides knowledge and insights about where we stand on this journey. It also attempts to develop a vision for the future and to help readers start their IoT Security efforts on the right foot.

What are the cyber vulnerabilities in supply chain management? How can firms manage cyber risk and cyber security challenges in procurement, manufacturing, and logistics?Today it is clear that supply chain is often the core area of a firm's cyber security vulnerability, and its first line of defense. This book brings together several experts from both industry and academia to shine light on this problem, and advocate solutions for firms operating in this new technological landscape.Specific topics addressed in this book include: defining the world of cyber space, understanding the connection between supply chain management and cyber security, the implications of cyber security and supply chain risk management, the 'human factor' in supply chain cyber security, the executive view of cyber security, cyber security considerations in procurement, logistics, and manufacturing among other areas.

“Supply Chain Risk Management is an issue that many companies face and yet few companies know how to deal with it in a systematic and pragmatic manner. While avoiding and reducing supply chain risks are certainly preferable, developing ways to restore and stabilize supply chain operations rapidly after a major disruption is critical for managing global supply chains. Sodhi and Tang present important concepts, frameworks, strategies, and analyses that are essential for managing supply chain risks. Not only does this book suggest some practical ways to work with different partners to manage the risks that are present in a global supply chain, it creates a framework that would enable practitioners to engage researchers to work on this important area.” —Thomas A. Debrowski, Executive Vice President, Worldwide Operations, Mattel, Inc. “When a firm outsources its operations to external suppliers, the firm is vulnerable to major and rare disruptions that can occur at any link in the global supply chain. Because these disruptions rarely occur, few firms take commensurable actions to identify, assess, mitigate and respond to various types of supply chain risks. By introducing frameworks and concepts along with several case studies and a review of academic literature, Sodhi and Tang treat this important subject with practical relevance and academic rigor. This book will bring practitioners and researchers to develop effective and efficient ways to manage supply chain risks.” —Marshall L. Fisher, UPS Professor, Professor of Operations and Information Management and Co-Director of Fishman-Davidson Center for Service and Operations Management, The Wharton School, University of Pennsylvania “This book ties observations in practice to methodologies and research. The rich case examples motivated the approaches and methodologies used to mitigate risks, and in the course of doing so, Sodhi and Tang provided insights on existing and new research opportunities. As a result, this book is highly relevant to both practitioners and academics. Also, the book is also written with management lessons on how risks can be mitigated, and how risks can be contained once disruptions have occurred. As such, it is also a book for management to gain insights and to develop management skills.” —Hau L. Lee, Thoma Professor of Operations, Information and Technology and Director of the Stanford Global Supply Chain Management Forum, Graduate School of Business, Stanford University “As companies have extended their supply chains globally and as the face increasing resource issues, they face a number of new risk challenges. While there are various case studies written about supply chain risks, this book gives a comprehensive treatment of the subject with clarity. The concepts and frameworks developed by Sodhi and Tang in this book would create awareness of this important and yet not well understood subject, and strategies described in this book would stimulate practitioners to develop a holistic approach for identifying, assessing, mitigating, and responding to different types of supply chain risks.” —Nick Wildgoose, Global Supply Chain Proposition Manager, Zurich Insurance​

The book presents the concepts of ICT supply chain risk management from the perspective of NIST IR 800-161. It covers how to create a verifiable audit-based control structure to ensure comprehensive security for acquired products. It explains how to establish systematic control over the supply chain and how to build auditable trust into the products and services acquired by the organization. It details a capability maturity development process that will install an increasingly competent process and an attendant set of activities and tasks within the technology acquisition process. It defines a complete and correct set of processes, activities, tasks and monitoring and reporting systems.

Vulnerability to sudden supply chain disruption is one of the major threats facing companies today. The challenge for businesses today is to mitigate this risk through creating resilient supply chains. Addressing this need, Supply Chain Risk Management guides you through the whole risk management process from start to finish. Using jargon-free language, this accessible book covers the fundamentals of managing risk in supply chains. From identifying the risks to developing and implementing a risk management strategy, this essential text covers everything you need to know about this critical topic. It assesses the growing impact of risk on supply chains, how to plan for and manage disruptions and disasters, and how to mitigate their effects. It examines a whole range of risks to supply chains, from traffic congestion to major environmental disasters. Highly practical, Supply Chain Risk Management provides a range of useful tables, diagrams and tools and is interspersed with real life case study examples from leading companies, including Nokia, IBM, and BP. The 2nd edition has been completely revised with brand new case studies on the Chilean Mining Disaster and BP oil spill.