Mitigating cyber supply chain risks in cyber physical systems organizational landscape

Abstract

Cyber supply chain (CSC) provide an organization with the ability to align its business processes, information flows, and data structures with other organization. However, the increase interdependencies have brought about inherent, threats, risks, attacks and vulnerabilities that adversaries maybe able to exploit when not properly mitigated. Additionally, every cyberattack on each organization increases the probability of the risk cascading to others. The CSC risk has increased exponentially due to uncertainties surrounding cyberattacks and the cyber threat landscape. Recent CSC threats have been disruptive and impacting on the smooth flow of delivery of products and services. CSC risk has been observed as one of the areas that impact greatly and causes budget overruns. The aim of this paper is to mitigate CSCrisks in an organizational landscape. In particular, the paper identifies supply inbound and outbound chain threat landscapes using a risk breakdown structure. Further, we assess the risk to gather cyber threat intelligence. Furthermore, we use the probability distribution method todetermine the CSC risks and analyze the risk probabilities andlikelihood of risk cascading impact. Our results show thatCSC risk can be neutralized using probability distributionmethods to detect and mitigate the risks and their impactlevels.