Forum for Science, Industry and Business

Sponsored by:     3M 
Search our Site:

 

UMD researchers formulate cyber protection for supply chains

22.10.2014

The supply chain is ground zero for several recent cyber breaches. Hackers, for example, prey on vendors that have remote access to a larger company's global IT systems, software and networks.

In the 2013 Target breach, the attacker infiltrated a vulnerable link: a refrigeration system supplier connected to the retailer's IT system.

A counter-measure, via a user-ready online portal, has been developed by researchers in the Supply Chain Management Center at the University of Maryland's Robert H. Smith School of Business.

The portal is based on a new management science called "cyber supply chain risk management." It combines conventionally-separate disciplines cybersecurity, enterprise risk management and supply chain management.

Funded by the National Institute of Standards and Technology, the UMD researchers developed the formula, in part, after surveying 200 different-sized companies in various industries.

"We found that, collectively, the cyber supply chain is fragmented and stovepiped, and companies are ill-prepared to sense and respond to risks in real time," said research professor and center co-director Sandor Boyson, who collaborated on the study and portal design with faculty-colleague/center co-director Thomas Corsi, research fellow Hart Rossman and UMD-Smith CIO Holly Mann. "Just half of our subjects used an executive advisory committee such as a risk board to govern their IT-system risks."

The findings are published as "Cyber supply chain risk management: Revolutionizing the strategic control of critical IT systems" in the peer-reviewed industrial engineering journal Technovation. http://ter.ps/73f

The researchers leveraged the study into the portal. Companies can log on, cost-free, at http://cyberchain.rhsmith.umd.edu and track developing threats, plus map their IT supply chains and anonymously measure themselves against industry peers and NIST standards.

The benchmarking covers operations and allocating for cyber insurance via separate functions:

  • A self-evaluation exercise shows a company's structure for cyber protecting the supply chain. For example, users reply to: "To what degree is your CIO and-or IT shop isolated from, or collaborative with, your supply chain specialists who actually procure the hardware and software for your IT system?"

     

  • A special formula measures the risk levels of each company asset. The Common Vulnerability Scoring System – standard for analyzing software systems – is adapted to analyze the entire range of assets connected to the cyber supply chain.

     

  • Firms can compare corporate disclosures, exposures and vulnerabilities to those of peer companies via an insurance-risk analysis framework provided by The Willis Group. The global insurance broker's database of aggregated SEC-reported cyber attacks -- mandated for public companies – supports this tool.

     

The portal is scalable. About 150 various-sized companies have completed at least one or more of the aforementioned functions. Fifteen of those firms completed all three assessments and represent industries including high-tech aerospace manufacturing, telecommunication, real estate, and medical and professional services.

"The portal not only helps individual organizations understand their risk and how they can better manage it. By doing so, this bolsters the resilience and security posture of the entire ecosystem of the U.S. economy," said Jon Boyens, senior advisor for information security in NIST's computer security division. "While this ecosystem has evolved to provide a set of highly refined, cost-effective, reusable products and services that support the U.S. economy, it has also increased opportunities for adversaries and made it increasingly difficult for organizations to understand their risks."

The study is entering a fifth phase focused on federal agency-private contractor supply chains. The UMD-Smith researchers subsequently will update the portal and train managers of participating agencies and contractors to efficiently and effectively use the separate functions.

Greg Muraski | Eurek Alert!
Further information:
http://umdrightnow.umd.edu/

More articles from Information Technology:

nachricht Ultra-precise chip-scale sensor detects unprecedentedly small changes at the nanoscale
18.01.2017 | The Hebrew University of Jerusalem

nachricht Data analysis optimizes cyber-physical systems in telecommunications and building automation
18.01.2017 | Fraunhofer-Institut für Algorithmen und Wissenschaftliches Rechnen SCAI

All articles from Information Technology >>>

The most recent press releases about innovation >>>

Die letzten 5 Focus-News des innovations-reports im Überblick:

Im Focus: Traffic jam in empty space

New success for Konstanz physicists in studying the quantum vacuum

An important step towards a completely new experimental access to quantum physics has been made at University of Konstanz. The team of scientists headed by...

Im Focus: How gut bacteria can make us ill

HZI researchers decipher infection mechanisms of Yersinia and immune responses of the host

Yersiniae cause severe intestinal infections. Studies using Yersinia pseudotuberculosis as a model organism aim to elucidate the infection mechanisms of these...

Im Focus: Interfacial Superconductivity: Magnetic and superconducting order revealed simultaneously

Researchers from the University of Hamburg in Germany, in collaboration with colleagues from the University of Aarhus in Denmark, have synthesized a new superconducting material by growing a few layers of an antiferromagnetic transition-metal chalcogenide on a bismuth-based topological insulator, both being non-superconducting materials.

While superconductivity and magnetism are generally believed to be mutually exclusive, surprisingly, in this new material, superconducting correlations...

Im Focus: Studying fundamental particles in materials

Laser-driving of semimetals allows creating novel quasiparticle states within condensed matter systems and switching between different states on ultrafast time scales

Studying properties of fundamental particles in condensed matter systems is a promising approach to quantum field theory. Quasiparticles offer the opportunity...

Im Focus: Designing Architecture with Solar Building Envelopes

Among the general public, solar thermal energy is currently associated with dark blue, rectangular collectors on building roofs. Technologies are needed for aesthetically high quality architecture which offer the architect more room for manoeuvre when it comes to low- and plus-energy buildings. With the “ArKol” project, researchers at Fraunhofer ISE together with partners are currently developing two façade collectors for solar thermal energy generation, which permit a high degree of design flexibility: a strip collector for opaque façade sections and a solar thermal blind for transparent sections. The current state of the two developments will be presented at the BAU 2017 trade fair.

As part of the “ArKol – development of architecturally highly integrated façade collectors with heat pipes” project, Fraunhofer ISE together with its partners...

All Focus news of the innovation-report >>>

Anzeige

Anzeige

Event News

Sustainable Water use in Agriculture in Eastern Europe and Central Asia

19.01.2017 | Event News

12V, 48V, high-voltage – trends in E/E automotive architecture

10.01.2017 | Event News

2nd Conference on Non-Textual Information on 10 and 11 May 2017 in Hannover

09.01.2017 | Event News

 
Latest News

New Study Will Help Find the Best Locations for Thermal Power Stations in Iceland

19.01.2017 | Earth Sciences

Not of Divided Mind

19.01.2017 | Life Sciences

Molecule flash mob

19.01.2017 | Physics and Astronomy

VideoLinks
B2B-VideoLinks
More VideoLinks >>>