Presentation CISCO

Managing cyber-risk and security in the
global supply chain:
A systems analysis approach to risk, structure and behavior
Daniel A. Sepúlveda Estay

PhD Thesis
Main Supervisor: Prof. Jesper Larsen, PhD

Co-Supervisor: Prof. Omera Khan, PhD
2018
Kongens Lyngby, Denmark
Daniel Sepulveda, PhD.
• Researcher in Management Engineering Department at DTU.
• Mechanical enginering undergraduate
• MSc., in Industrial Engineering from Universidad Catolica de Chile
• MSc., in Management Science esp. System Dynamics, Quantitative
Analysis and Real options, from MIT, USA.
• PhD in Management Science, DTU
• Experience in Supply Chain Management for over 12 years

• Industrial supply chain positions (both operational and strategic)
• Experience in multinational companies in 5 continents (e.g.,
BHPBilliton, The Coca-Cola Company)
• Managment of budgets of up to US$900 million
• Negotiation of contracts of up to US$190 million
• Lean Manufacturing Implementations, DWT,ISO, OHSAS, SCOR
PhD Thesis: Managing cyber-risk and security in the global supply chain: Jan 8th, 2019
A systems approach to risk, structure and behavior.
Slide 3 PhD Thesis: Managing cyber-risk and security in the global supply chain: Jan 8th, 2019
Outline
 Introduction
 Thesis description
 Methodology
 Results
 Implications to theory, academia and industry
 Conclusions and future work
Cyber-attack
•“…offensive maneuver that targets computer

information systems to either steal, alter, or
destroy…”
Crawford, G.A., 1991. Information warefare: new roles for information systems in military operations
= IT
The dawn of the Stuxnet (2010)
Symptoms:
•Higher than usual equipment

damage due to high rotation
speeds
•Control systems showed

nothing was wrong
•Damages result in equipment

replacement
What Went wrong
Control
System
(SCADA)
Velocity Sensor
Control
Cyber
attacker
Centrifuge
Rotation
Speed
Cyber-Physical Interaction
Accident
Hacker
Increasing problem
Data Types in a supply chain Variety versus Velocity/Volume

Cybersecurity Breaches (2004-2013)
Average Cybersecurity Insurance Gross Premium
Rozados, I.V. and Tjahjono, B., 2014. Big data analytics in supply chain management: Trends and
related research. In 6th International Conference on Operations and Supply Chain Management.
Rozados, I.V. and Tjahjono, B., 2014. Big data analytics in supply chain management: Trends and
related research. In 6th International Conference on Operations and Supply Chain Management.
Research question
Before Cyber-event
RQ: How can cybersecurity and cyber-

resilience be managed in the global
After Cyber-event
supply chain?
Research Questions
Research Questions
Literature Review
Proposed Methodology:
Supply Chain 1. Use a Structured
(SCM) Literature Review
2. Combined search of
Risk & three domains
Supply chain Resilience
cyber Risk & 3. Framework of
Resilience (R&RM) Systems thinking
4. Identification of
Gaps
Information
Technology (ITM)
Literature Review
Descriptive Analysis
Answer to RSQ 1
RSQ1: What are the supply
chain cyber resilience
 Resilient architecture
frameworks published in
 Robust and resilient control
literature?
 Four domains of cyber resilience
 Focal Concentric  Plan absorb recover adapt cycle
 Macroeconomic Evaluation  Autonomous reconstitution
 Systems Description  Attack graphs

 Multi-network
Descriptive
 Information-centric approach
16%
 5-layer networked architecture
Events  WAMPAC
Structure Normative
Quantitative 72%
12% Patterns
 Time to compromise
 Resource exhaustion
Papers in Sample:
 Epidemiological System Dynamics  SCM – Descriptive: 50%
 IT – Quantitative: 60%
Gaps
from SLR
Concept Gaps from SLR

Long reporting cycle of incidents
Unreliable reporting of incidents
The cyber-risks being managed
Underreporting of incidents
Mechanisms of action from cyber attack to operational disruption
Compartmentalization
Static frameworks
The methods being used
Historical frameworks
Suitability of methods
The people using the methods Knowledge Gap
Research Questions
RSQ3: Sequence of Enquiry
RSQ3: How do cyber risks cause operational disruption

in supply chains, and how does this differ from other
supply chain risks?
1. Exploratory: What cyber-events with
operational disruption have been 1. Literature Review
recorded 2. Search beyond
Scientific Literature
2. Descriptive: How have these cyber- 3. Identify structures
events resulted in Operational that lead to behavior
Disruption
4. Compare to other
SC risks
3. Evaluative: How do these cyber-events
differ from other SC risks?
RSQ3: Results
RSQ3.2: Analysis
Operational disruption Hacker
group Disruption type protagonism Approach SC influence
Group 1 Theft of assets/resources Active Targeted Downstream
Group 2 Theft of assets/resources Passive Non-targeted Upstream
Group 3 Theft of Product Active Targeted Downstream
Group 4 Interruption of operations Active Targeted Downstream
Group 5 Interruption of operations Passive Non-targeted Upstream
Disruption from:
• Group 1: Active theft of assets

Resources/Assets
• Group 2: Passive theft of assets
• Group 3: Active product theft Product
• Group 4: Active interruption of operations

Operations
• Group 5: Passive interruption of operations
Example 1:
Active Theft of Resources
Hacker Customer
Payment Balance
Instruction Information
Payment
Instruction
Tesco
Bank
Product or
service
delivery
Product or Payment
service
delivery
Supplier
Example 2:
Passive Theft of Resources
Leoni AG
Hacker CEO
Payment
Payment Instruction
Instruction
CFO Warehouse
Payment Payment
Order Confirmation
Payment
Bank Product
Delivery
Payment
Supplier
Cyber vs. Non cyber risks
Latency
Non-cyber-related
Dimensions
Cyber-risks to operations operational risks
Low (Industrial Fire) to

High latency, sometimes
Physical Latency medium (Supplier financial
Anonymity years (e.g., Stuxnet)
Location stress)
Physical Can affect multiple

Localized
Location locations (e.g., Wannacry)
Operational Can affect many systems

uniqueness Complexity Limited complexity
simultaneously
of Cyber
risks to SC
Component vs Replication Perfect replication No replication
Complexity
Interaction
Perpetual until counter- No replication. can be

Perpetuity action; unless programmed perpetual (e.g., supplier
to end financial stress)
Component
versus Component risk (e.g., supplier,
Interaction risks
Interaction infrastructure, cargo)
Perpetuity Replication
risks
Anonymous unless explicit Known perpetrator, traceable

Anonymity
hacker declaration if not originally known
Research Questions
RSQ4: Systemic dynamics analysis
of cyber risk
RSQ4: How can a systems approach be used to
mitigate compartmentalization, static frameworks
SLR Gaps and historical dependence for managing cyber risks
and resilience in the supply chain?
Risks Resilience
RSQ4.1a RSQ4.2
Systemic risk System Dynamics

analysis simulation
RSQ4.1b
Comparison to an
established risk
analysis method
RSQ4.1a.- How can a systemic risk analysis
RSQ4.1: Methodology
approach mitigate compartmentalization,
static frameworks and historical dependence
for managing cyber risks in the supply chain?
1. Case 1 Study
2. Based on STPA Systemic
Risk Analysis Method
3. Identify Unsafe Control
Actions
4. Identify Requirements
5. Compare to traditional
Risk Analysis Method
RSQ4.1: Methodology
Define the
System
Identify
Accidents
Identify
Hazards Identify
Requirements
Identify
Control
Actions
Identify
Unsafe
Control
Actions
Cyber-Risks
RQ4.1: Methodology
Hierarchical Control Diagram
Accidents
A1 Erroneous arrival of product
A2 Erroneous payment to supplier
A3 Product loss
A4 Product integrity compromised
A5 Payment Loss
A6 Reputational Loss
RQ4.1: Results
Symbol Name Number

ACC Accidents 6
HAZ Hazards 6 Definition: “Endogenous
CA Control Actions 27 exposure is the property of a
UCA Unsafe Control Actions 119 system of not fulfilling its
objective because of the
triggering, external or
internal, of an internal design
flaw”
CASE 2
STUDY DESCRIPTION
Scenario description
•Silicon Valley Company

–60000 employees
–12,2% operating margin
•Manufactures IoT devices
6 months before launch:
•Federal Agency informs breach to IP
•Theft of data to 15 of 30 product lines
–Projected Sales: 25% of total revenues for next 5
years
•Theft motives unclear
Scenario description
•Potential Implications
–Discovery and exploitation of Design flaws
–Implant of malicious code into new products
30 days after breach
•IT Blogger indicates the reverse-engineering of the
products.
•Alternatives could reach the market before the
intended product launch
RQ4.2: Results
1 3
1. Incident triage Phase

2. Incident management Phase
3. Recovery phase
RQ4.2: Results
 Reference Mode
Slide 34 PhD
PhDDefense: Managingcyber-risk
Thesis: Managing cyber-riskand
andsecurity
securityininthe
theglobal
globalsupply
supplychain:
chain: Jan 8th,2018
Feb20, 2019
RQ4.2: SD Model
Slide 35 PhD
andsecurity
securityininthe
theglobal
globalsupply
supplychain:
chain: Jan 8th,2018
Feb20, 2019
RQ4.2: Results
 Reference Mode
Slide 36 PhD
andsecurity
securityininthe
theglobal
globalsupply
supplychain:
chain: Jan 8th,2018
Feb20, 2019
Research Questions
Contributions to Theory
 Mechanisms that contribute an ”accident” (i.e. Cyber event)

 Use of ”Structural Theory of Accidents” in Supply Chains
 Based on systems approach to accident analysis (*)
 Theory of ”Endogenous exposure”
 Systemic Theory of Cyber-resilience
 Mechanisms that contribute to a resilient response

 Use of Systems Theory in SC
 Based on the System Dynamics approach to simulation
 Description of Cyber-risks wrt. other SC risks

 Evidence for the need of the use of resilience theory beyond Risk analysis
 Theory of Resilience based on endogenous nature of cyber-risks
 Shortcomings in the Case Study method

 e.g., Incomplete understanding of dynamics
(*)Leveson, N., 2004. A new accident model for engineering safer systems. Safety science, 42(4), pp.237-270.
Salmon, P.M., Cornelissen, M. and Trotter, M.J., 2012. Systems-based accident analysis methods: a comparison of Accimap, HFACS, and STAMP.
Safety science, 50(4), pp.1158-1170.
Contributions to Industry
Strategic
 Prepare your organization for response
 Cyber-risks are fundamentally different from other SC risks
 System Dynamics method for resilient design
 Systemic risk analysis method for endogenous exposure identification
and measurement
 Managers as organizational designers

 Beyond organizational executors
 Use of systems thinking tools
 Consider
 Flexibility Options
 Redundancy Options
 Response times
Current work
 Cyber-Ship project ”Cyber security in the shipping industry”

 Development of case studies with gathering of data
 Simulation of dynamic systems for policy formulation w.r.t cyber risks
 Dissemination of the Systemic risk approach

 System Dynamics in management engineering education
 Research work and publications about the endogenous exposure
approach to resilience design.
Thank you

Presentation CISCO

Caricato da

Informazioni sul documento

Titolo originale

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

Presentation CISCO

Caricato da

Copyright:

Formati disponibili

Managing cyber-risk and security in the

global supply chain:

A systems analysis approach to risk, structure and behavior

Daniel A. Sepúlveda Estay

Main Supervisor: Prof. Jesper Larsen, PhD

• Experience in Supply Chain Management for over 12 years

 Implications to theory, academia and industry

 Conclusions and future work

•“…offensive maneuver that targets computer

•Higher than usual equipment

•Control systems showed

•Damages result in equipment

Data Types in a supply chain Variety versus Velocity/Volume

RQ: How can cybersecurity and cyber-

 Focal Concentric  Plan absorb recover adapt cycle

 Macroeconomic Evaluation  Autonomous reconstitution

 Systems Description  Attack graphs

Concept Gaps from SLR

RSQ3: How do cyber risks cause operational disruption

• Group 1: Active theft of assets

• Group 3: Active product theft Product

• Group 4: Active interruption of operations

Low (Industrial Fire) to

Physical Can affect multiple

Operational Can affect many systems

Perpetual until counter- No replication. can be

Anonymous unless explicit Known perpetrator, traceable

Systemic risk System Dynamics

Hierarchical Control Diagram

Symbol Name Number

•Silicon Valley Company

1. Incident triage Phase

 Mechanisms that contribute an ”accident” (i.e. Cyber event)

 Mechanisms that contribute to a resilient response

 Description of Cyber-risks wrt. other SC risks

 Shortcomings in the Case Study method

 Managers as organizational designers

 Cyber-Ship project ”Cyber security in the shipping industry”

 Dissemination of the Systemic risk approach

Potrebbero piacerti anche