Collaboration Practices for the Cybersecurity of Supply Chains to Critical Infrastructure-Reference-Cited by-同舟云学术

Collaboration Practices for the Cybersecurity of Supply Chains to Critical Infrastructure

Published:2024-07-03 Issue:13 Volume:14 Page:5805
ISSN:2076-3417
Container-title:Applied Sciences
language:en
Short-container-title:Applied Sciences

Author:

Wallis Tania¹^ORCID,Dorey Paul²^ORCID

Affiliation:

1. School of Computing Science, University of Glasgow, Glasgow G12 8RZ, UK

2. Information Security Group, School of Engineering, Physical & Mathematical Sciences, Royal Holloway, University of London, Egham TW20 0EX, UK

Abstract

This work describes the collaboration practices of a community of interest in the UK that brings together cybersecurity professionals with a shared interest in improving supply chain cybersecurity for Operational Technology (OT) environments. This research emphasizes the need for collective responsibility between organizations and provides a set of principles for adopting a code of practice and partnership approach to supply chain cybersecurity. This work has enabled cybersecurity experience from several critical infrastructure sectors, including energy, rail, aviation, water, health, and food, to analyze the uptake and practical use of existing supply chain guidance, identifying gaps and challenges. The community has examined touch points with the supply chain and identified improvements related to the communication of cybersecurity requirements, technical and commercial engagement between customers and suppliers, and in the tailoring of implementations towards operational technology contexts. Communicating the context of securing cyber-physical systems is an essential perspective for this community. This work exemplifies a partnership framework and is translating experiences into useful guidance, particularly for OT systems, to improve cybersecurity levels across multiple contributors to critical infrastructure systems.

Funder

EPSRC Impact Acceleration Account

Publisher

MDPI AG

Link

https://www.mdpi.com/2076-3417/14/13/5805/pdf

Reference33 articles.

1. National Cyber Security Centre (2024, April 23). NCSC Warns of Enduring and Significant Threat to UK’ s Critical Infrastructure, Available online: https://www.ncsc.gov.uk/pdfs/news/ncsc-warns-enduring-significant-threat-to-uks-critical-infrastructure.pdf.

2. ENISA (2024, April 23). Threat Landscape for Supply Chain Attacks. Available online: https://www.enisa.europa.eu/publications/threat-landscape-for-supply-chain-attacks.

3. Bıçakcı, S., and Evren, A.G. (2024). Responding Cyber-Attacks and Managing Cyber Security Crises in Critical Infrastructures: A Sociotechnical Perspective. Management and Engineering of Critical Infrastructures, Academic Press.

4. European Union (2024, April 24). EU DIRECTIVE on Measures for a High Common Level of Cybersecurity across the Union. Available online: https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32022L2555.

5. UK Department for Science Innovation & Technology (2024, April 24). Protecting and Enhancing the Security and Resilience of UK Data Infrastructure, Available online: https://assets.publishing.service.gov.uk/media/657ab6f6254aaa000d050ce2/protecting_and_enhancing_the_security_and_resilience_of_UK_data_infrastructure.pdf.