Cyber risks and supply chain effects
Cyber threats never target just one organisation. They threaten all companies, institutions, and processes that are digitally connected. We therefore focus on strengthening processes and supply chains through innovative research and technical solutions. In this way, we boost resilience to cyber threats.
Cyber security and supply chains
Many important processes in society – including a number of vital processes – are carried out through chains of organisations. Supply chain organisations ensure the protection of their own products and services – and thus protect part of the chain. However, the continuing threat to cyber security has no respect for organisational boundaries. An organisation may have its own internal cyber security in order. And also security to protect its products and services. But that still isn’t enough to manage the cyber risk to the organisation, let alone a process as a whole.
Cyber resilience in the supply chain
To manage cyber risk, we need to emphasise cyber resilience in the supply chain. Supply chain resilience to cyber threats concerns the ability of chains to:
- protect themselves against cyber threats
- recover from incidents
- constantly adapt to a changing threat landscape.
White paper: supply chain resilience to cyber threats
Is your organisation part of a chain and do you want to strengthen cyber security? Then download our white paper ‘Ketenweerbaarheid tegen cyberdreigingen’ (Supply chain resilience to cyber threats). This white paper provides you with background information, good examples, and a practical step-by-step plan for increasing supply chain cyber resilience.
Technological solutions for cyber risks
Technological solutions against cyber attacks provide a false sense of security if you don’t include the entire supply chain or organisation. There are other important factors involved, such as:
- the process side
- perspectives for action
- risk assessments
- understanding cyber security.
Processing cyber threat information
This specifically concerns the processing of threat information within the supply chain. It’s important to ensure there is clarity on this subject. For example:
- What are the protocols for this processing?
- What types of cyber security information are available?
- And what information does an organisation need?
- How and when does scaling up take place?
- What external suppliers or information does the organisation depend on?
Choosing the best follow-up actions
Cyber threat intelligence analysts who receive cyber security information often have to determine themselves whether a threat is potentially harmful. We’re researching and developing tools that will enable us to automate the processing of threat information, either partially or fully. This will enable us to choose the best follow-up actions in all cases.
Sharing information within supply chains
Departments or organisations that work together need to exchange information. Good protocols for this are often lacking. As a result, sensitive information may leak out of the chain through carelessness and fall into the wrong hands. In the cyber security domain, information sharing and cooperation within chains is often still underdeveloped. We have substantial knowledge about partnerships and how departments and organisations can share information with each other securely. We design processes to be safer and give organisations a framework for action.
Cyber security for SMEs
We’re exploring how to increase the resilience of SMEs through information sharing. And how the process of sharing information on cyber security between organisations can be shaped. What do we need for this purpose? We’re also developing techniques to make the exchange of information more secure. One example is differential privacy. With this technique, we add noise to data, which we can later remove.
National system of information hubs
The Dutch government has designated 9 top sectors. These are industries that form the backbone of the Dutch economy, the knowledge economy, and Dutch innovation. The level of digitalisation is high in these top sectors, which makes them vulnerable to cyber attacks. And this means that the Dutch economy as a whole is vulnerable. It’s important to share knowledge about possible threats and raise awareness. Cyber attacks are not only the responsibility of information security officers, but also of innovation managers and senior management. We therefore support the Dutch national government in building a nationwide system of information hubs to exchange knowledge about cyber security threats and solutions.
Predicting cyber attacks
If we want to spot developments in cyber threats in good time, we must actively monitor many different sources. It appears to be a challenge to make sound analyses and reliable predictions. This is due to:
- the speed of technological developments
- the international aspect
- the shifting threats.
Horizon scanning and cyber forecasting
Here, too, good information sharing plays a crucial role in managing the risks. What are the current threats? And which actors and factors influence the relevance of the threat? Methods for horizon scanning and cyber forecasting use the latest models by:
- combining different sources
- practising predicting
- receiving targeted feedback on reliability
- making more accurate predictions about future cyber attacks.
Freek BomhofFunctie:Senior Consultant
Freek Bomhof is senior consultant in the Data Science group, focusing on responsible data sharing, mostly for the Safety & Security sector. He is one of the driving forces behind the National Innovation Center for Privacy Enhancing Technologies, and he is also board member of the Big Data Value Association.
Richard KerkdijkFunctie:Senior Cyber Security Consultant
Richard Kerkdijk is senior consultant in the cyber security field. His role involves strategic advisory work, security evaluations and benchmarking and coordination of innovation projects in automated security. He has a.o. worked with telecommunications providers, financial institutions, the Dutch National Cyber Security Center and the Dutch Ministry of Defense and is also a core member of the European Telecommunications ISAC.
Looking for an expert?View all experts