Cyber Supply Chain Risks in Cloud Computing - Bridging the Risk Assessment Gap

Cloud computing represents a significant paradigm shift in the delivery of information technology (IT) services. The rapid growth of the cloud and the increasing security concerns associated with the delivery of cloud services has led many researchers to study cloud risks and risk assessments. Some of these studies highlight the inability of current risk assessments to cope with the dynamic nature of the cloud, a gap we believe is as a result of the lack of consideration for the inherent risk of the supply chain. This paper, therefore, describes the cloud supply chain and investigates the effect of supply chain transparency in conducting a comprehensive risk assessment. We conducted an industry survey to gauge stakeholder awareness of supply chain risks, seeking to find out the risk assessment methods commonly used, factors that hindered a comprehensive evaluation and how the current state-of-the-art can be improved. The analysis of the survey dataset showed the lack of flexibility of the popular qualitative assessment methods in coping with the risks associated with the dynamic supply chain of cloud services, typically made up of an average of eight suppliers. To address these gaps, we propose a Cloud Supply Chain Cyber Risk Assessment (CSCCRA) model, a quantitative risk assessment model which is supported by decision support analysis and supply chain mapping in the identification, analysis and evaluation of cloud risks

Navigating Secure Banking IT Landscapes: Insights for Solution Architects and Technical Leaders

In "Navigating Secure Banking IT Landscapes: Insights for Solution Architects and Technical Leaders," the authors examine the evolving strategies and intricate problems associated with banking IT infrastructure security. The purpose of this research is to offer technical professionals and solution architects useful information about the critical need for better cybersecurity measures. Examining new technology, industry standards, and innovative approaches tailored to the banking IT landscape, the study integrates theoretical frameworks with practical implications. Abstract: The study aims to empower banking sector leaders to make informed decisions, enhance technological foundations, and proactively navigate the ever-changing terrain of safe banking IT and persistent cyber threats. Research concludes that proactive incident response planning, frequent audits and continual monitoring are steps that IT executives may do to guarantee the long-term financial viability of the banking business. The auditor performed a thorough job of detecting cybersecurity occurrences, differentiating between genuine and fraudulent payment gateways, and determining the false positive rate ratio by applying networking theory

Cloud adoption and cyber security in public organizations: an empirical investigation on Norwegian municipalities

The public sector in Norway, particularly municipalities, is currently transforming through the adoption of cloud solutions. This multiple case study investigates cloud adoption and is security challenges that come along with it. The objective is to identify the security challenges that cloud solutions present and techniques or strategies that can be used to mitigate these security challenges. The Systematic Literature Review (SLR) provided valuable insights into the prevalent challenges and associated mitigation techniques in cloud adoption. The thesis also uses a qualitative approach using Semi-Structured Interviews (SSI) to gather insight into informants’ experiences regarding cloud adoption and its security challenges. The study’s empirical data is based on interviews with six different Norwegian municipalities, providing a unique and broad perspective. The analysis of the empirical findings, combined with the literature, reveals several security challenges and mitigation techniques in adopting cloud solutions. The security challenges encompass organizational, environmental, legal, and technical aspects of cloud adoption in the municipality. Based on the findings, it is recommended that Norwegian municipalities act on these issues to ensure a more secure transition to cloud solutions

Applications of Cyber Threat Intelligence (CTI) in Financial Institutions and Challenges in Its Adoption

The critical nature of financial infrastructures makes them prime targets for cybercriminal activities, underscoring the need for robust security measures. This research delves into the role of Cyber Threat Intelligence (CTI) in bolstering the security framework of financial entities and identifies key challenges that could hinder its effective implementation. CTI brings a host of advantages to the financial sector, including real-time threat awareness, which enables institutions to proactively counteract cyber-attacks. It significantly aids in the efficiency of incident response teams by providing contextual data about attacks. Moreover, CTI is instrumental in strategic planning by providing insights into emerging threats and can assist institutions in maintaining compliance with regulatory frameworks such as GDPR and CCPA. Additional applications include enhancing fraud detection capabilities through data correlation, assessing and managing vendor risks, and allocating resources to confront the most pressing cyber threats. The adoption of CTI technologies is fraught with challenges. One major issue is data overload, as the vast quantity of information generated can overwhelm institutions and lead to alert fatigue. The issue of interoperability presents another significant challenge; disparate systems within the financial sector often use different data formats, complicating seamless CTI integration. Cost constraints may also inhibit the adoption of advanced CTI tools, particularly for smaller institutions. A lack of specialized skills necessary to interpret CTI data exacerbates the problem. The effectiveness of CTI is contingent on its accuracy, and false positives and negatives can have detrimental impacts. The rapidly evolving nature of cyber threats necessitates real-time updates, another hurdle for effective CTI implementation. Furthermore, the sharing of threat intelligence among entities, often competitors, is hampered by mistrust and regulatory complications. This research aims to provide a nuanced understanding of the applicability and limitations of CTI within the financial sector, urging institutions to approach its adoption with a thorough understanding of the associated challenges

Reinforcing Digital Trust for Cloud Manufacturing Through Data Provenance Using Ethereum Smart Contracts

Cloud Manufacturing(CMfg) is an advanced manufacturing model that caters to fast-paced agile requirements (Putnik, 2012). For manufacturing complex products that require extensive resources, manufacturers explore advanced manufacturing techniques like CMfg as it becomes infeasible to achieve high standards through complete ownership of manufacturing artifacts (Kuan et al., 2011). CMfg, with other names such as Manufacturing as a Service (MaaS) and Cyber Manufacturing (NSF, 2020), addresses the shortcoming of traditional manufacturing by building a virtual cyber enterprise of geographically distributed entities that manufacture custom products through collaboration. With manufacturing venturing into cyberspace, Digital Trust issues concerning product quality, data, and intellectual property security, become significant concerns (R. Li et al., 2019). This study establishes a trust mechanism through data provenance for ensuring digital trust between various stakeholders involved in CMfg. A trust model with smart contracts built on the Ethereum blockchain implements data provenance in CMfg. The study covers three data provenance models using Ethereum smart contracts for establishing digital trust in CMfg. These are Product Provenance, Order Provenance, and Operational Provenance. The models of provenance together address the most important questions regarding CMfg: What goes into the product, who manufactures the product, who transports the products, under what conditions the products are manufactured, and whether regulatory constraints/requisites are met

The impact of Industry 4.0 implementation on supply chains

Purpose The study aims to analyse the impact of Industry 4.0 implementation on supply chains and develop an implementation framework by considering potential drivers and barriers for the Industry 4.0 paradigm. Design/methodology/approach A critical literature review is performed to explore the key drivers and barriers for Industry 4.0 implementation under four business dimensions: strategic, organisational, technological and legal and ethical. A system dynamics model is later developed to understand the impact of Industry 4.0 implementation on supply chain parameters, by including both the identified driving forces and barriers for this technological transformation. The results of the simulation model are utilised to develop a conceptual model for a successful implementation and acceleration of Industry 4.0 in supply chains. Findings Industry 4.0 is predicted to bring new challenges and opportunities for future supply chains. The study discussed several implementation challenges and proposed a framework for an effective adaption and transition of the Industry 4.0 concept into supply chains. Research limitations/implications The results of the simulation model are utilised to develop a conceptual model for a successful implementation and acceleration of Industry 4.0 in supply chains. Practical implications The study is expected to benefit supply chain managers in understanding the challenges for implementing Industry 4.0 in their network. Originality/value Simulation analysis provides examination of Industry 4.0 adoption in terms of its impact on supply chain performance and allows incorporation of both the drivers and barriers of this technological transformation into the analysis. Besides providing an empirical basis for this relationship, a new conceptual framework is proposed for Industry 4.0 implementation in supply chains

Cyber risk assessment in cloud provider environments: Current models and future needs

Traditional frameworks for risk assessment do not work well for cloud computing. While recent work has often focussed on the risks faced by firms adopting or selecting cloud services, there has been little research on how cloud providers might assess their own services. In this paper, we use an in-depth review of the extant literature to highlight the weaknesses of traditional risk assessment frameworks for this task. Using examples, we then describe a new risk assessment model (CSCCRA) and compare this against three established approaches. For each approach, we consider its goals, the risk assessment process, decisions, the scope of the assessment and the way in which risk is conceptualised. This evaluation points to the need for dynamic models specifically designed to evaluate cloud risk. Our suggestions for future research are aimed at improving the identification, assessment, and mitigation of inter-dependent cloud risks inherent in a defined supply chain

Developing and Assessing a Workshop That Utilizes a Serious Game to Introduce Joint All-domain Operations

The DoD has begun developing Joint All-Domain Operations (JADO) to prepare for the future of warfare. As complexity and technological capability increases, the U.S. military needs to adapt to provide a more lethal and capable force, able to compete and win against near-peer adversaries. This research describes the development of an Introduction to JADO Workshop designed to provide a structured primer into JADO concepts. The research also presents an extension of BSN in the form of BSN scenarios. These scenarios alter the rules to lessen the learning curve for the game and to engage with JADO concepts. This research proposed a format for future JADO education course, refined the BSN tool to improve effectiveness, measurement of the response to JADO education, and an assessment of the workshop from JADO leaders across the Air Force

Protecting critical infrastructure in the EU: CEPS task force report

2sìCritical infrastructures such as energy, communications, banking, transportation, public government services, information technology etc., are more vital to industrialized economies and now than ever before. At the same time, these infrastructures are becoming increasingly dependent on each other, such that failure of one of them can often propagate and result in domino effects. The emerging challenge of Critical (information) Infrastructure Protection (C(I)IP) has been recognized by nearly all member states of the European Union: politicians are increasingly aware of the threats posed by radical political movements and terrorist attacks, as well as the need to develop better response capacity in case of natural disasters. Responses to these facts have been in line with the available resources and possibilities of each country, so that certain countries are already quite advanced in translating the C(I)IP challenge into measures, whereas others are lagging behind. In the international arena of this policy domain, Europe is still in search of a role to play. Recently, CIIP policy has been integrated in the EU Digital Agenda, which testifies to the growing importance of securing resilient infrastructures for the future. This important and most topical Task Force Report is the result of in-depth discussions between experts from different backgrounds and offers a number of observations and recommendations for a more effective and joined-up European policy response to the protection of critical infrastructure.openopenAndrea Renda; Bernhard HaemmerliRenda, Andrea; Bernhard, Haemmerl