TY - JOUR T1 - Building Cyber-Resilience into Supply Chains JF - Technology Innovation Management Review Y1 - 2015 A1 - Adrian Davis KW - cyber-resilience KW - cybersecurity KW - direct suppliers KW - indirect suppliers KW - information-centric approach KW - procurement KW - requirements KW - resilience KW - supply chain KW - Tier 1 suppliers AB - The article discusses how an organization can adopt an information-centric approach to protect its information shared in one or more supply chains; clearly communicate the expectations it has for a direct (Tier 1) supplier to protect information; and use contracts and measurement to maintain the protection desired. Building on this foundation, the concept of resilience – and that of cyber-resilience – is discussed, and how an information-centric approach can assist in creating a more cyber-resilient supply chain. Finally, the article concludes with five steps an organization can take to improve the protection of its information: i) map the supply chain; ii) build capability; iii) share information and expertise; iv) state requirements across the supply chain using standards, common frameworks, and languages; and v) measure, assess, and audit. PB - Talent First Network CY - Ottawa VL - 5 UR - http://timreview.ca/article/887 IS - 4 U1 - (ISC)2 Adrian Davis, PhD, MBA, FBCS CITP, CISSP, heads the Europe, Middle East, and Africa (EMEA) team for (ISC)2, the global, not-for-profit leader in educating and certifying information security professionals throughout their careers. His role is to deliver the (ISC)2 vision of inspiring a safe and secure cyber-world and its mission of supporting and providing members and constituents with credentials, resources, and leadership to secure information and deliver value to society. Before working for (ISC)2, Adrian delivered practical business solutions to over 360 blue-chip multinational clients for the Information Security Forum. His expertise included: managing information security in supply chains; information security governance and effectiveness; the relationship between information security and business continuity; and possible near-term threats to organizations. Adrian regularly attends and chairs conferences and contributes articles for the press. He also contributed to the development of ISO/IEC 27014: Governance of Information Security and currently acts as a co-editor for ISO/IEC 27036 Information Security in Supplier Relationships, Part 4: Guidelines for Security of Cloud Services. ER - TY - JOUR T1 - Challenges in Maritime Cyber-Resilience JF - Technology Innovation Management Review Y1 - 2015 A1 - Lars Jensen KW - container KW - cyber-resilience KW - cyber-risk KW - CyberKeel KW - cybersecurity KW - maritime KW - terminal KW - vessel AB - The maritime industry has been shown to be under increasing levels of cyber-attack, with future attacks having the potential to severely disrupt critical infrastructure. The industry lacks a standardized approach to cybersecurity, a national approach will be counterproductive, and a global mandatory standard, while needed, will take a long time to implement. In the shorter term, this article recommends that the industry coalesce around a set of voluntary guidelines in order to reduce the risk profile and increase resilience. To provide context for these recommendations, this article examines the specific characteristics of the maritime industry in relation to cybersecurity. Examples of existing vulnerabilities and reported cyber-attacks demonstrate that the threat is current and real. PB - Talent First Network CY - Ottawa VL - 5 UR - http://timreview.ca/article/889 IS - 4 U1 - CyberKeel Lars Jensen is CEO and Co-Founder of CyberKeel, an international maritime cybersecurity company based in Copenhagen, Denmark. He is a recognized global expert in container shipping markets, having worked initially working for Maersk Line, where he was responsible for global intelligence and analysis as well as e-Commerce. In 2011, he founded SeaIntel Maritime Analysis, and he is currently the CEO of SeaIntel Consulting in addition to being CEO of CyberKeel. He holds a PhD in Theoretical Physics from the University of Copenhagen, and he has received strategy and leadership training from the London Business School and the Copenhagen Business School. ER - TY - JOUR T1 - Cyber-Resilience: A Strategic Approach for Supply Chain Management JF - Technology Innovation Management Review Y1 - 2015 A1 - Luca Urciuoli KW - cross-border trade KW - cyber-resilience KW - ICT KW - IT KW - risk management KW - supply chain management AB - Risk management and resilience strategies in supply chains have an important role in ensuring business continuity and reliability in a cost-efficient manner. Preventing or recovering from disruptions requires access and analysis of large amounts of data. Yet, given the multiple stakeholders, operations, and environmental contexts in which a global supply chain operates, managing risks and resilience becomes a challenging task. For this reason, information and communication technologies (ICT) are being developed to support managers with tailored tools and services to monitor disruptions, enhance instantaneous communication, and facilitate the quick recovery of supply chains. Hence, the objective of this article is to shed light on managerial strategies to improve the resilience of supply chains and thereby to point out how these could be automated by means of innovative ICT systems. In particular, this article concludes by warning about existing challenges to implementing such systems. If these challenges are not correctly addressed by managers, there is a major risk of further jeopardizing supply chains. PB - Talent First Network CY - Ottawa VL - 5 UR - http://timreview.ca/article/886 IS - 4 U1 - Zaragoza Logistics Center Luca Urciuoli is an Associate Research Professor in the MIT International Logistics Program within the Zaragoza Logistics Center in Spain, where he teaches and performs research in supply chain network design, supply chain risk, and security management. He holds an MSc degree in Industrial Engineering from Chalmers University of Technology in Gothenburg, Sweden, and a Doctorate in Transportation Security from the Engineering University of Lund, Sweden. He has been working at the research unit of the Volvo group as a project manager developing on-board transport and telematics services. He also led the research of the Cross-border Research Association in Switzerland and collaborated in several FP7 research and consultancy projects, with a focus on topics such as e-Customs, trade facilitation, supply chain security, waste security, and postal security. He is also an editorial board member for the Journal of Transportation Security, and he has published his research in several scientific and practitioner journals. Contact: lurciuoli@zlc.edu.es ER - TY - JOUR T1 - Cybersecurity and Cyber-Resilient Supply Chains JF - Technology Innovation Management Review Y1 - 2015 A1 - Hugh Boyes KW - cyber-resilience KW - cybersecurity KW - risk management KW - supply chain KW - threat management AB - There has been a rapid growth in the use of communications and information technology, whether embedded in products, used to deliver services, or employed to enable integration and automation of increasingly global supply chains. Increased use of information technology introduces a number of cybersecurity risks affecting cyber-resilience of the supply chain, both in terms of the product or service delivered to a customer and supply chain operation. The situation is complicated by factors such as the global sourcing of technology components or software, ownership of the systems in a supply chain, different legal jurisdictions involved, and the extensive use of third parties to deliver critical functionality. This article examines the cyber-resilience issues related to the supply of products, services, and the supply chain infrastructure considering the nature of threats and vulnerabilities and the attributes of cybersecurity. In doing so, it applies a model for cybersecurity that is adapted from the Parkerian hexad to explore the security and trustworthiness facets of supply chain operations that may impact cyber-resilience. PB - Talent First Network CY - Ottawa VL - 5 UR - http://timreview.ca/article/888 IS - 4 U1 - University of Warwick Hugh Boyes is a Principal Fellow at WMG at the University of Warwick, United Kingdom, where he focuses on cyber-resilience and the cybersecurity of cyber-physical systems. He is a Chartered Engineer, a Fellow of the IET and holds the CISSP credential issued by (ISC)2. Hugh is also the Cyber Security Lead at the Institution of Engineering and Technology (IET), where he focuses on developing cybersecurity skills initiatives for engineering and technology communities. This work is particularly focused on the design and operation of physical-cyber systems (e.g., industrial control systems, building automation systems). He has written two guidance documents for the Institution of Engineering and Technology (IET) on cybersecurity in the built environment, and with Alex Luck, is the joint technical author of a BSI publicly available specification (PAS) on security-minded building information modeling, digital built environments, and smart asset management. ER - TY - JOUR T1 - Editorial: Cyber-Resilience in Supply Chains (April 2015) JF - Technology Innovation Management Review Y1 - 2015 A1 - Chris McPhee A1 - Omera Khan KW - cyber-attacks KW - cyber-resilience KW - cyber-risk KW - cybersecurity KW - resilience KW - supply chains PB - Talent First Network CY - Ottawa VL - 5 UR - http://timreview.ca/article/884 IS - 4 U1 - Technology Innovation Management Review Chris McPhee is Editor-in-Chief of the Technology Innovation Management Review. He holds an MASc degree in Technology Innovation Management from Carleton University in Ottawa, Canada, and BScH and MSc degrees in Biology from Queen's University in Kingston, Canada. Chris has over 15 years of management, design, and content-development experience in Canada and Scotland, primarily in the science, health, and education sectors. As an advisor and editor, he helps entrepreneurs, executives, and researchers develop and express their ideas. U2 - Technical University of Denmark Omera Khan is a Full Professor of Operations Management at the Technical University of Denmark. She works with leading organizations on a range of supply chain and logistics issues and is advisor to many universities developing courses in logistics, supply chains, and operations management. She has led and conducted research projects commissioned by government agencies, research councils, and companies in supply chain resilience, responsiveness, sustainability, and the impact of product design on the supply chain. Her latest area of research focuses on cyber-risk and resilience in the supply chain. Omera is an advisor to many organizations and provides specialist consultancy in supply chain risk management. She is a highly acclaimed presenter and is regularly invited as a keynote speaker at global conferences and corporate events. She has published her research in leading journals, contributed to several book chapters, and is lead author of Handbook for Supply Chain Risk Management: Case Studies, Effective Practices and Emerging Trends. She founded and was Chair of the Supply Chain Risk and Resilience Research Club and the Product Design and Supply Chain Special Interest Group. She has also been a visiting professor at a number of leading business schools. ER -