skip to main content
US FlagAn official website of the United States government
dot gov icon
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
https lock icon
Secure .gov websites use HTTPS
A lock ( lock ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Explore Research Products in the PAR
It may take a few hours for recently added research products to appear in PAR search results.


Title: Towards Assessing Cybersecurity Posture of Manufacturing Companies: Review and Recommendations
With the continued changes in the way businesses work, cyber-attack targets are in a constant state of flux between organizations, individuals, as well as various aspects of the supply chain of interconnected goods and services. As one of the 16 critical infrastructure sectors, the manufacturing sector is known for complex integrated Information Systems (ISs) that are incorporated heavily into production operations. Many of these ISs are procured and supported by third parties, also referred to as interconnected entities in the supply chain. Disruptions to manufacturing companies would not only have significant financial losses but would also have economic and safety impacts on society. The vulnerabilities of interconnected companies created inherited exploitations in other interconnected companies. Cybersecurity practices need to be further enhanced to understand supply chain cybersecurity posture and manage the risks from lower-tier interconnected entities up to the top-level dependent organization. This paper will provide an overview of the Theory of Cybersecurity Footprint to emphasize the relationship among interconnected entities and the cybersecurity effects one organization can have on another regardless of size. This paper provides a literature review on the manufacturing industry with a recommendation for future developmental research using the Delphi method with a panel of experts to develop an index to measure cybersecurity posture based on interconnected entities from lower tiers and establish index weights specifically for the manufacturing industry.  more » « less
Award ID(s):
2219435
PAR ID:
10565986
Author(s) / Creator(s):
; ; ;
Publisher / Repository:
Digital Commons at Kennesaw State University
Date Published:
Format(s):
Medium: X
Sponsoring Org:
National Science Foundation
More Like this
  1. ; ; (, IEEE Network)
    Modern 5G systems are not standalone systems that come from a single vendor or supplier. In fact, it comprises an integration of complex software, hardware, and cloud services that are developed by specialist entities. Moreover, these components have a supply chain that may have linkages and relationships between different vendors. A mobile network operator relies on the functionality and integrity of all the constituent components and their suppliers to ensure the communication network’s confidentiality, integrity, and availability. While the operator can employ cybersecurity best practices itself, it does not have control over the cybersecurity practices of its immediate vendors and the wider supply chain. Recently, attackers have exploited cyber vulnerabilities in the supplier network to launch large-scale breaches and attacks. Hence, the supply chain becomes a weak link in the overall cybersecurity of the 5G system. Hence, it is becoming crucial for operators to understand the cyber risk to their infrastructure, with a particular emphasis on the supply chain risk. In this paper, we systematically break down and analyze the 5G network architecture and its complex supply chains. We present an overview of the key challenges in the cybersecurity of 5G supply chains and propose a systemic cyber risk assessment methodology to help illuminate the risk sources and use it to manage and mitigate the risk. It will guide stakeholders in establishing a secure and resilient 5G network ecosystem, safeguarding the backbone of modern digital infrastructure against potential cybersecurity threats. 
    more » « less
  2. ; ; ; ; ; ; (, arxiv)
    Recent years have shown increased cyber attacks targeting less secure elements in the software supply chain and causing fatal damage to businesses and organizations. Past well-known examples of software supply chain attacks are the SolarWinds or log4j incidents that have affected thousands of customers and businesses. The US government and industry are equally interested in enhancing soft- ware supply chain security. On February 22, 2023, researchers from the NSF-supported Secure Software Supply Chain Center (S3C2) conducted a Secure Software Supply Chain Summit with a diverse set of 17 practitioners from 15 companies. The goal of the Summit is to enable sharing between industry practitioners having practical experiences and challenges with software supply chain security and helping to form new collaborations. We conducted six-panel discussions based upon open-ended questions regarding software bill of materials (SBOMs), malicious commits, choosing new dependencies, build and deploy, the Executive Order 14028, and vulnerable dependencies. The open discussions enabled mutual sharing and shed light on common challenges that industry practitioners with practical experience face when securing their software supply chain. In this paper, we provide a summary of the Summit. 
    more » « less
  3. ; ; ; (, arXiv)
    There are two strategic and longstanding questions about cyber risk that organizations largely have been unable to answer: What is an organization's estimated risk exposure and how does its security compare with peers? Answering both requires industry-wide data on security posture, incidents, and losses that, until recently, have been too sensitive for organizations to share. Now, privacy enhancing technologies (PETs) such as cryptographic computing can enable the secure computation of aggregate cyber risk metrics from a peer group of organizations while leaving sensitive input data undisclosed. As these new aggregate data become available, analysts need ways to integrate them into cyber risk models that can produce more reliable risk assessments and allow comparison to a peer group. This paper proposes a new framework for benchmarking cyber posture against peers and estimating cyber risk within specific economic sectors using the new variables emerging from secure computations. We introduce a new top-line variable called the Defense Gap Index representing the weighted security gap between an organization and its peers that can be used to forecast an organization's own security risk based on historical industry data. We apply this approach in a specific sector using data collected from 25 large firms, in partnership with an industry ISAO, to build an industry risk model and provide tools back to participants to estimate their own risk exposure and privately compare their security posture with their peers. 
    more » « less
  4. ; ; ; ; ; ; ; ; (, Integrating Materials and Manufacturing Innovation)
    Abstract Over the last few decades, globalization has weakened the US manufacturing sector. The COVID-19 pandemic revealed import dependencies and supply chain shocks that have raised public and private awareness of the need to rebuild domestic production. A range of new technologies, collectively called Industry 4.0, create opportunities to revolutionize domestic and local manufacturing. Success depends on further refinement of those technologies, broad implementation throughout private companies, and concerted efforts to rebuild the industrial commons, the national ecosystem of producers, suppliers, service providers, educators, and workforce necessary to regain a competitive, innovative manufacturing sector. A recent workshop sponsored by the Engineering Research Visioning Alliance (ERVA) identified a range of challenges and opportunities to build a resilient, flexible, scalable, and high-quality manufacturing sector. This paper provides a strategic roadmap for regaining US manufacturing leadership by briefly summarizing discussions at the ERVA-sponsored workshop held in 2023 and providing additional analysis of key technical and economic issues that must be addressed to achieve dynamic, high-value manufacturing in the USA. The focus of this presentation is on discrete manufacturing of production of structural components, a large subset of total manufacturing that produces high-value inputs and finished products for domestic consumption and export. 
    more » « less
  5. ; ; ; ; ; (, arxiv)
    Recent years have shown increased cyber attacks targeting less secure elements in the software supply chain and causing fatal damage to businesses and organizations. Past well-known examples of software supply chain attacks are the SolarWinds or log4j incidents that have affected thousands of customers and businesses. The US government and industry are equally interested in enhancing software supply chain security. On June 7, 2023, researchers from the NSF-supported Secure Software Supply Chain Center (S3C2) conducted a Secure Software Supply Chain Summit with the diverse set of 17 practitioners from 13 government agencies. The goal of the Summit was two-fold: (1) to share our observations from our previous two summits with industry, and (2) to enable sharing between individuals at the government agencies regarding practical experiences and challenges with software supply chain security. For each discussion topic, we presented our observations and take-aways from the industry summits to spur conversation. We specifically focused on the Executive Order 14028, software bill of materials (SBOMs), choosing new dependencies, provenance and self-attestation, and large language models. The open discussions enabled mutual sharing and shed light on common challenges that government agencies see as impacting government and industry practitioners when securing their software supply chain. In this paper, we provide a summary of the Summit. 
    more » « less
  • Citation Formats
  • MLA
  • APA
  • Chicago
  • BibTeX
  • Save / Share this Record
  • Send to Email