Contrasting global approaches for identifying and managing cybersecurity   risks in supply chains

Colin Topping; Ola Michalec; Awais Rashid

arXiv:2208.02244·cs.CR·August 4, 2022

Contrasting global approaches for identifying and managing cybersecurity risks in supply chains

Colin Topping, Ola Michalec, Awais Rashid

PDF

Open Access

TL;DR

This paper compares international approaches to identifying and managing cybersecurity risks in supply chains, highlighting the need for standardized guidance and discussing NIST SP 800-161 as a potential framework.

Contribution

It provides a comparative analysis of global cybersecurity risk management strategies in supply chains and discusses the alignment of NIST standards with these approaches.

Findings

01

Diverse levels of detail in national guidance

02

Guidance is often disjointed across countries

03

NIST SP 800-161 aligns with the taxonomy and offers a pathway to standardization

Abstract

Supply chains are increasingly targeted by threat actors. Using a recent taxonomy, we contrast the diverse levels of detail given by national authorities. The threat is commonly acknowledged, but guidance is disjointed. NIST SP 800-161 aligns closely with the taxonomy and offers a potential pathway towards a common set of principles.

Peer Reviews

No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.

Videos

No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.

Taxonomy

TopicsSupply Chain Resilience and Risk Management