CYRENE aims to enhance the security, privacy, resilience, accountability and trustworthiness of SCs through the provision of a novel and dynamic CAP that evaluates the security and resilience of supply chain services, the interconnected IT infrastructures composing these services and the individual devices that support the operations of the SCs. In particular, the proposed Conformity Assessment Process will support, at different levels, SCs security officers and operators to recognize, identify, model, and dynamically analyse cyber risks. Moreover, it will support forecasting, treatment and response to advanced persistent threats and handle daily cyber-security and privacy risks, incidents and data breaches.
In doing so, CYRENE’s conformity assessment process will support different types of assessment including: (i) Self-assessment, where organisations self-assess the security, resiliency and privacy of their supply chain; (ii) Third-party assessment, where an independent party performs the assessment, and self-attestation where the manufacturer or service provider makes a public statement.
Moreover, CYRENE aims to create certification schemes to support security and resilience of SCsthrough the following schemes:
- Security Certification Scheme for Supply Chain (e.g. risk assessment tool and process);
- ICT Security Certification Scheme for ICT-based or ICT-interconnected Supply Chain;
- ICT Security Certification Scheme for SCs’ (e.g. Maritime, Transport or Manufacturing) IoT devices and ICT systems that should differ from traditional IoT and systems as more stress should be put on data protection and privacy issues.
As such, CYRENE establishes new scientific foundation and radical shift in assessing and reducing security risks and incidents, cascading effects of threats, and propagated vulnerabilities, addressing the complexity of underlying interconnected CIIs, supply chain services, applications and cyber assets. In doing so, the project will bring together and advance the state of the art in various research fields including security engineering (e.g. forecasting, detection and prevention of supply chain propagated vulnerabilities), supply chain certification and audit (e.g. conformity assessment and certification schemas) and privacy engineering (e.g. privacy assessment of SCs).