J. Farooq and Q. Zhu
University of Michigan-Dearborn, Michigan, United States
Poster stand number: W115
Keywords: supply chain risk, internet of things, cybersecurity, vendor riskThe cybersecurity of IoT-enabled infrastructure systems overarchingly depends on the confidentiality, integrity, and availability of the software and hardware components including their supply chain. The complex network of components involves various actors and organizations that design and integrate different subcomponents of the larger system. The insecurity of one sub-component in the supply chain can have downstream effects on the security and resiliency of IoT-enabled infrastructure systems. The supply chain front adds another dimension to the system reliability on top of component reliabilities. Furthermore, a particular component in the system may itself be very reliable but may have been procured from a less trustworthy vendor. Similarly, a component may not be very reliable but may have a highly trustworthy supplier. Therefore, it is critically important to understand the delicate interplay between component reliabilities and the trustworthiness of their suppliers. This tutorial is aimed at unfolding the emerging supply chain risk analysis ecosystem and providing a peak into a practical software tool to help analyze the risk. The described software tool, referred to as I-SCRAM will enable critical infrastructure owners to make risk informed decisions relating to the supply chain while deploying their IT and OT systems.