Global Cybersecurity Supply Chains Risks
In the modern era, Global Supply Chains are a way of life for modern business. In a sense, they are the veins of global trade and economy. Individual operators and cross border Critical Infrastructures such as airports, telecom providers, railways, energy suppliers, banks and logistic companies collaborate in exploring new labour markets and offering complex supply chain services.
At the same time, the integrated nature of the supply chains introduces new information security risks and attack vectors for cybercriminals. These risks are usually related to the obsolete security infrastructure, outdated hardware and software, infected devices on a corporate network and lack of appropriate security protocols. They can be exploited by sophisticated attackers using means such as advanced persistent threats to gain access to sensitive data or to interfere with the information flows.
While understanding the drivers of cybercriminality, and new methods to prevent, investigate and mitigate cybercriminal behaviour is relevant in this context, it is also necessary to address the lack of a structured, standardized and trusted way to manage cybersecurity vulnerabilities and threats in a way that takes into account the heterogeneity and complexity of today’s supply chains.
The official start of the CYRENE Project
Besides its focus on cybersecurity and the resilience of supply chains, the CYRENE project lays the foundation for the implementation of the EU cybersecurity Certification Framework which, in turn, is based on the EU Cybersecurity Act. The project officially started during a virtual KickOff meeting on 14th and 15th October 2020. At this occasion, Privanova published the CYRENE project factsheet.
Submitted as part of the EU Call SU-ICT-02-2020 – Building blocks for resilience in evolving ICT systems, CYRENE is implemented by an international consortium of 14 partners. It aims to support the security and resilience of supply chains through the following schemes:
- Security Certification Scheme for Supply Chain (e.g. risk assessment tool and process);
- ICT Security Certification Scheme for ICT-based or ICT-interconnected Supply Chain;
- ICT Security Certification Scheme for SCs’ (e.g. Maritime, Transport or Manufacturing) IoT devices and ICT.
Ethics, Privacy and Data Protection Compliance
CYRENE advances the state of the art in supply chains cybersecurity by enhancing control and ensuring accountability in ICT systems, components and services across the supply chain. In this context, ethics, privacy and data protection aspects of the project have particular significance.
Privanova leads the project’s ethics, privacy and data protection compliance. In particular, we will
- address the potential ethics requirements the project might receive following an ethics check
- ensure respect of relevant legal, privacy and data protection requirements by providing continuous monitoring, guidance and support to the consortium.
Standardisation and Certification for Cybersecurity of Supply Chains
CYRENE will be implemented in several scenarios comprising supply chain infrastructures and end-users working under realistic conditions. The results of the project will ensure the active involvement of a large number of external stakeholders to help develop a more secure cyber environment on a global level.
As one of the leaders of the project’s dissemination and sustainability strategy, Privanova will engage the policymakers and standardization bodies including ISO and NIST to review the current and emerging standards and to propose regulatory updates where needed.
In terms of long term impacts, we will contribute to the creation of improved market opportunities for the EU vendors of security components and the acceleration of the development and implementation of certification processes.