Documente Academic
Documente Profesional
Documente Cultură
• Logistics data has been increasingly digitized over the past few
years. As more data moves into more online systems, often shared
and integrated across entities, transportation becomes a bigger
target
• Poor information security practices by lower-tier suppliers.
• Compromised software or hardware purchased from
suppliers.
• software security vulnerabilities in supply chain management
or supplier systems.
• Counterfeit hardware or hardware with embedded malware.
Sources:
• https://www.supplychaindive.com/news/supply-chains-tech-savvy-cybersecurity/552769/
• https://www.supplychainbrain.com/blogs/1-think-tank/post/30282-cybersecurity-risks-in-supply-chain-management
• https://csrc.nist.gov/CSRC/media/Projects/Supply-Chain-Risk-Management/documents/briefings/Workshop-Brief-on-Cyber-Supply-Chain-Best-Practices.pdf
• https://www.researchgate.net/publication/327142143_Towards_a_Reliable_and_Accountable_Cyber_Supply_Chain_in_Energy_Delivery_System_Using_Blockchain
USE CASE : e-procurement site security
Introduction :Internet enabled procurement means transaction on public domain, e-Procurement process is about data
sharing, communication & is competitive .security of such a system is of paramount importance
e-
procurement
site
E-procurement : authentication
Various security tools for authentication
e-procurement : application security
Authentication Requirement
•Any purchasing system must support
authentication of users so that individual
transaction can be traced back to the relevant
person.
Solution
Guidance and recommended practices
• User name and password is not enough
• Digital Signature (issued by a licensed CA)
• Digital Signature Certificate
• Personal Identification Number (PIN) or
biometric
• Control of technical vulnerabilities
(Firewalls)
• Network authentication
e-procurement : data security
Authentication Requirement
•Any purchasing system must support
authentication of users so that individual
transaction can be traced back to the relevant
person.
Solution
Guidance and recommended practices
• User name and password is not enough
• Digital Signature (issued by a licensed CA)
• Digital Signature Certificate
• Personal Identification Number (PIN) or
biometric
• Control of technical vulnerabilities
(Firewalls)
• Network authentication
end
Problem There are many ways a supply chain
breach could occur. For example,
• a software manufacturer could be
breached via malware that modifies
source code that is then distributed
to enterprises that use the software.
• Another common compromise
vector might be the theft of a
vendor’s credentials that grant
remote access to an enterprise the
vendor works with, leading to
infiltration of the enterprise network
from an already trusted source (the
vendor network)