Framework and methodology for supply chain lifecycle analytics
The various technologies presented herein relate to pertaining to identifying and mitigating risks and attacks on a supply chain. A computer-implemented representation of a supply chain is generated comprising nodes (locations) and edges (objects, information). Risk to attack and different attack vectors can be defined for the various nodes and edges, and further, based upon the risks and attacks, (difficulty, consequence) pairs can be determined. One or more mitigations can be generated to increase a difficulty of attack and/or reduce consequence of an attack. The one or more mitigations can be constrained, e.g., by cost, time, etc., to facilitate determination of how feasible a respective mitigation is to implement with regard to finances available, duration to implement, etc. A context-free grammar can be utilized to identify one or more attacks in the supply chain. Further, the risks can undergo a ranking to enable mitigation priority to be determined.
- Research Organization:
- Sandia National Laboratories (SNL), Albuquerque, NM, and Livermore, CA (United States)
- Sponsoring Organization:
- USDOE
- DOE Contract Number:
- AC04-94AL85000
- Assignee:
- National Technology & Engineering Solutions of Sandia, LLC (Albuquerque, NM)
- Patent Number(s):
- 9,992,219
- Application Number:
- 14/940,005
- OSTI ID:
- 1455194
- Country of Publication:
- United States
- Language:
- English
Similar Records
Deconstructing the Nuclear Supply Chain Cyber-Attack Surface
Towards a New Supply Chain Cybersecurity Risk Analysis Technique