This Springer Brief introduces methodologies and tools for quantitative understanding and assessment of supply chain risk to critical infrastructure systems. It unites system reliability analysis, optimization theory, detection theory and mechanism design theory to study vendor involvement in overall system security. It also provides decision support for risk mitigation.
This Springer Brief introduces I-SCRAM, a software tool to assess the risk. It enables critical infrastructure operators to make risk-informed decisions relating to the supply chain, while deploying their IT/OT and Io T systems.
The authors present examples and case studies on supply chain risk assessment/mitigation of modern connected infrastructure systems such as autonomous vehicles, industrial control systems, autonomous truck platooning and more. It also discusses how vendors of different system components are involved in the overall security posture of the system and how the risk can be mitigatedthrough vendor selection and diversification. The specific topics in this book include:
- Risk modeling and analysis of Io T supply chains
- Methodologies for risk mitigation, policy management, accountability, and cyber insurance Tutorial on a software tool for supply chain risk management of Io T
These topics are supported by up-to-date summaries of the authors’ recent research findings. The authors introduce a taxonomy of supply chain security and discusses the future challenges and directions in securing the supply chains of Io T systems. It also focuses on the need for joint policy and technical solutions to counter the emerging risks, where technology should inform policy and policy should regulate technology development.
This Springer Brief has self-contained chapters, facilitating the readers to peruse individual topics of interest. It provides a broad understanding of the emerging field of cyber supply chain security in the context of Io T systems to academics, industry professionals and government officials.
Cuprins
Chapter. 1. Io T and Supply Chain Security.- Chapter. 2. Risk Modeling and Analysis.- Chapter. 3. Risk Mitigation Decisions.- Chapter. 4. Policy Management.- Chapter. 5. Computational Tools.
Despre autor
Timothy Kieras is currently a Software Engineer at MORSE Corp. He received the Bachelor of Arts and Master of Arts degrees in philosophy from Fordham University, New York, NY, USA, in 2011 and 2012, respectively and the M.S. in Computer Science from New York University, Brooklyn, NY, in 2020. He has been an Instructor at St. Louis University High School, St. Louis, MO, and Regis High School, New York, NY, USA.
Junaid Farooq is an Assistant Professor with the Department of Electrical and Computer Engineering at the University of Michigan-Dearborn. He received the B.S. degree in electrical engineering from the National University of Sciences and Technology (NUST), Islamabad, Pakistan, in 2013, the M.S. degree in electrical engineering from the King Abdullah University of Science and Technology (KAUST), Thuwal, Saudi Arabia, in 2015, and the Ph.D. degree in electrical engineering from New York University, Brooklyn, NY, USA, in 2020. From 2015 to 2016, he was a Research Assistant with the Qatar Mobility Innovations Center (QMIC), Qatar Science and Technology Park (QSTP), Doha, Qatar. His current research interests include cybersecurity, modeling and optimization of next generation wireless communication systems, the Internet of Things, and cyber-physical systems.
Quanyan Zhu is an Associate Professor with the Department of Electrical and Computer Engineering at New York University (NYU). He is also an affiliated Faculty Member of the Center for Cyber Security (CCS) and the Center for Urban Science and Progress (CUSP), NYU. He received the B.Eng. degree (Hons.) in electrical engineering from Mc Gill University, in 2006, the M.A.Sc. degree from the University of Toronto, in 2008, and the Ph.D. degree from the University of Illinois at Urbana-Champaign (UIUC), in 2013. His current research interests include game theory, machine learning, cybersecurity and deception, network optimization and control, the Internet of Things, and cyber-physical systems.