Development of A Capability Maturity Model for Cyber Security in IIoT Enabled Supply Chains

摘要

Many companies understand how their immediate suppliers and key customers access their information systems and handle their data, however they are often blind to how these immediate suppliers and key customers procure and transfer data, services and components with other companies down or up the supply chain. This means that the provenance and control of data, information and components cannot be guaranteed, introducing risk that is not understood and therefore not managed. The integrated cyber supply chain is an enlargement of the cyber-attack surface for the organisation adding to the risk and complexity of ensuring that the organisation is suitably protected. This paper identifies a process to develop situational awareness of the organisations cyber supply chain and the identification of metrics that identify key aspects of the connections with suppliers, to assist in the development of a model for organisations to assess their level of maturity with respect to cyber security of the supply chain.