Discovering Attack Paths on Supply Chains Services

Maggioli Spa (MAG) in collaboration with Focal Point sprl (FP) and Hyperborea Srl (HYPER) is currently investigating, in the context of the CYRENE EU H2020 project, potential cyber attack paths on interconnected Critical Infrastructures (CIs) which operate for the provision of supply chain services. An attack path is performed when an adversary successfully exploits gradually a sequence of vulnerabilities (vulnerability chains) identified upon a number of interconnected assets of interdependent IT infrastructures aiming to infiltrate into critical systems of a supply chain service (SCS) and cause damage to them. In this manner, they may sabotage the normal operations of the services by taking advantage of them to conduct malicious actions or cause a data leak. This could considerably harm organizations involved that could even distort the entire supply chain service performance leading to serious consequences, such as financial loss or compromise of people’s privacy from data exposure.

Malevolent actors threaten to compromise interconnected Critical Infrastructures of supply chains by executing a series of attack paths.

To be able to tackle such events and improve the level of security on CIs, the technical aspects of attacks and adversaries’ behavior need to be highly analysed. In the frame of the CYRENE’s Risk and Conformity Assessment working procedures to promote a solution that evaluates the security, resilience, and reliability of SCS infrastructures, MAG along with FP and HYPER has delved into relevant and complex attack scenarios and developed an approach that measures the cascading effects on these infrastructures in view of an attack path implementation. As the next step, MAG is currently working on deploying an attack behavior simulation environment that will utilize the produced metrics to recognize attack patterns and provide forecasting capabilities related to attacks on SCS infrastructures. Through this environment, supply chain end-users will be allowed to experiment with different attack scenarios and review the results and the impact on their assets which are used for the SCS execution.

An attack graph discovery experience is loading . . . stay tuned!

So what do you think? Would your organization use the CYRENE Solution? Reach out to us and share your views either by using our contact form or by following our social media accounts on Twitter and LinkedIn.

Don’t forget to subscribe to our Newsletter for regular updates!

This blog is signed by: the MAG team

KEY FACTS

Project Coordinator: Sofoklis Efremidis
Institution: Maggioli SPA
Email: info{at}cyrene.eu
Start: 1-10-2020
Duration: 36 months
Participating organisations: 14
Number of countries: 10

TWEETS by

FUNDING

EU flagThis project has received funding from the European Union’s Horizon 2020 Research and Innovation program under grant agreement No 952690. The website reflects only the view of the author(s) and the Commission is not responsible for any use that may be made of the information it contains.