Abstract
Supply chains are among the most exposed and vulnerable component of any system. This chapter explores the resilience perspective of the supply chain for the ubiquitous electronic hardware embedded within modern cyber-physical systems. The chapter begins by identifying a set of factors that enable resilience. It also explains the nature of actors within the supply chain and discusses possible metrics for characterizing cyber resilience of supply chains, as well as of broader systems in which a supply chain is a component. This chapter provides a review of the research on numerous emerging topics and lays the groundwork for future research efforts aimed at understanding the ways of quantifying, analyzing, and enhancing the cyber resilience of supply chains.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Barker, K., Lambert, J. H., Zobel, C. W., Tapia, A. H., Ramirez-Marquez, J. E., McLay, L. A., Nicholson, C. D., & Caragea, C. (2017). Defining resilience analytics for interdependent cyber-physical-social networks. Sustainable and Resilient Infrastructure, 2(2), 59–67. https://doi.org/10.1080/23789689.2017.1294859.
Bodeau, D., & Graubart, R. (2016). Cyber resilience metrics: Key observations. The MITRE Corporation. https://www.mitre.org/sites/default/files/publications/pr-16-0779-cyber-resilience-metrics-key-observations.pdf
Carvalho, H., & Cruz-Machado, V. (2011). Integrating lean, agile, resilience and green paradigms in supply chain management (LARG_SCM). In P. Li (Ed.), Supply chain management (pp. 27–48). Rijeka: InTech.
Christopher, M., & Peck, H. (2004). Building the resilient supply chain. International Journal of Logistics Management, 15(2), 1–13.
Clark D., Berson, T., & Lin, H. (2014). At the nexus of cybersecurity and public policy, some basic concepts and issues. Washington, DC: National Research Council, The National Academies Press. http://www.nap.edu/catalog/18749/at-the-nexus-of-cybersecurity-and-public-policy-some-basic
Coalition for American Electronics Recycling. (2016). Unregulated E-Waste Exports Fuel Counterfeit Electronics that Undermine US National Security. http://americanerecycling.org/images/Counterfeiting_position_paper_3_1-16.pdf
Collier, Z. A., DiMase, D., Walters, S., Tehranipoor, M. M., Lambert, J. H., & Linkov, I. (2014a). Cybersecurity standards: Managing risk and creating resilience. Computer, 47(9), 70–76.
Collier, Z.A., Walters, S., DiMase, D., Keisler, J. M., & Linkov, I. (2014b). A semi-quantitative risk assessment standard for counterfeit electronics detection. SAE International Journal of Aerospace, 7(2014-01-9002), 171–181.
Collier, Z.A., DiMase, D., Heffner, K., & Linkov, I. (2015). Building a trusted and agile supply chain network for electronic hardware. In Proceedings from the 20th international command and control research and technology symposium.
Collier, Z. A., Panwar, M., Ganin, A. A., Kott, A., & Linkov, I. (2016). Security metrics in industrial control systems. In E. J. M. Colbert & A. Kott (Eds.), Cyber-security of SCADA and other industrial control systems (pp. 167–185). Springer, Switzerland.
Collier, Z. A., Connelly, E. B., Polmateer, T. L., & Lambert, J. H. (2017). Value chain for next-generation biofuels: Resilience and sustainability of the product life cycle. Environment Systems & Decisions, 37(1), 22–33.
DiMase, D., & Zulueta, P. (2009). An industry united to fight counterfeiting. A counterfeit EEE parts solution. In SMTA international conference, San Diego, CA.
DiMase, D., Collier, Z. A., Heffner, K., & Linkov, I. (2015). Systems engineering framework for cyber physical security and resilience. Environment Systems & Decisions, 35(2), 291.
DiMase, D., Collier, Z. A., Carlson, J., Gray, R. B., & Linkov, I. (2016). Traceability and risk analysis strategies for addressing counterfeit electronics in supply chains for complex systems. Risk Analysis, 36(10), 1834–1843.
DMEA. (2002). Trusted Foundry Program. http://www.dmea.osd.mil/trustedic.html
DoD. (2012). Protection of mission critical functions to achieve trusted systems and networks (TSN). Department of Defense Instruction Number 5200.44.
DoD. (2016). Defense Federal Acquisition Regulation Supplement: Detection and Avoidance of Counterfeit Electronic Parts—Further Implementation (DFARS Case 2014–D005). Federal Register, Vol. 81, No. 148, Tuesday, August 2, 2016.
Eckerson, W. W. (2009). Performance management strategies: How to create and deploy effective metrics. TDWI best practices report. Renton: The Data Warehousing Institute.
Ernst & Young. (2014). The DNA of the CIO: Opening the Door to the C-Suite. http://www.ey.com/Publication/vwLUAssets/ey-the-dna-of-the-cio/$FILE/ey-the-dna-of-the-cio.pdf
Exec. Order No. 13636. 78 Fed. Reg. 11739–11744 (Feb 19, 2013).
Exec. Order No. 13800. 82 Fed. Reg. 22391–22397 (May 16, 2017).
Falasca, M., Zobel, C. W., & Cook, D. (2008, May). A decision support framework to assess supply chain resilience. In F. Fiedrich & B. Van de Walle (Eds.), Proceedings of the 5th international ISCRAM conference (pp. 596–605). Washington, DC.
Fiksel, J., Polyviou, M., Croxton, K. L., & Pettit, T. J. (2015). From risk to resilience: Learning to deal with disruption. MIT Sloan Management Review, 56(2), 1–8.
Ford, R., Cavalho, M., Mayron, L., & Bishop, M. (2012). Toward metrics for cyber resilience. In 21st EICAR (European Institute for Computer Anti-Virus Research) annual conference proceedings.
Fox-Lent, C., Bates, M. E., & Linkov, I. (2015). A matrix approach to community resilience assessment: An illustrative case at rockaway peninsula. Environment Systems & Decisions, 35(2), 209–218.
Gaffey, C. (2015). German missiles hacked by foreign source. Newsweek, http://europe.newsweek.com/german-missiles-hacked-by-foreign-source-329980
Gardner, J. T., & Cooper, M. C. (2003). Strategic supply chain mapping approaches. Journal of Business Logistics, 24(2), 37–64.
Gosine, A. (2017). Building an ICS cybersecurity ecosystem. Control Engineering. http://www.controleng.com/industry-news/more-news/single-article/building-an-ics-cybersecurity-ecosystem/564abfc38c1592f752a5eaa8fbc2f664.html
Guin, U., Huang, K., DiMase, D., Carulli, J., Tehranipoor, M., & Makris, Y. (2014). Counterfeit integrated circuits: A rising threat in the global semiconductor supply chain. Proceedings of the IEEE, 102(8), 1207–1228.
Hamilton, M. C., Lambert, J. H., Keisler, J. W., Linkov, I., & Holcomb, F. M. (2013). Research and development priorities for energy islanding of military and industrial installations. ASCE Journal of Infrastructure Systems, 19(3), 297–305.
Hamilton, M. C., Lambert, J. H., Connelly, E. B., & Barker, K. (2016). Resilience analytics with disruption of preferences and lifecycle cost analysis for energy microgrids. Reliability Engineering and System Safety, 150, 11–21.
Horowitz, B. M., & Lambert, J. H. (2006). Assembling off-the-shelf components: Learn as you go systems engineering. Transactions on Systems, Man, and Cybernetics Part A, 36(2), 286–297.
Kaplan, S., & Garrick, B. J. (1981). On the quantitative definition of risk. Risk Analysis, 1(1), 11–27.
Karvetski, C. W., & Lambert, J. H. (2012). Evaluating deep uncertainties in strategic priority-setting with an application to facility energy investments. Systems Engineering, 15(4), 483–493.
Karvetski, C. W., Lambert, J. H., & Linkov, I. (2011). Scenario and multiple criteria decision analysis for energy and environmental security of military and industrial installations. Integrated Environmental Assessment and Management, 7(2), 228–236.
Keeney, R. L., & Gregory, R. S. (2005). Selecting attributes to measure the achievement of objectives. Operations Research, 53(1), 1–11.
Kelly, E., & Marchese, K. (2015). Supply chains and value webs. Deloitte University Press. https://dupress.deloitte.com/dup-us-en/focus/business-trends/2015/supply-chains-to-value-webs-business-trends.html
Lambert, J. H., & Farrington, M. W. (2006). Risk-based objectives for the allocation of chemical, biological, and radiological air emissions sensors. Risk Analysis, 26(6), 1659–1674.
Lambert, J. H., & Sarda, P. (2005). Terrorism scenario identification by superposition of infrastructure networks. Journal of Infrastructure Systems, 11(4), 211–220.
Lambert, J. H., Schulte, B. L., & Sarda, P. (2005). Tracking the complexity of interactions between risk incidents and engineering systems. Systems Engineering, 8(3), 262–277.
Lambert, J. H., Keisler, J. M., Wheeler, W. E., Collier, Z. A., & Linkov, I. (2013). Multiscale approach to the security of hardware supply chains for energy systems. Environment Systems & Decisions, 33(3), 326–334.
Linkov, I., Eisenberg, D. A., Plourde, K., Seager, T. P., Allen, J., & Kott, A. (2013). Resilience metrics for cyber systems. Environment Systems & Decisions, 33(4), 471–476.
Linkov, I., Bridges, T., Creutzig, F., Decker, J., Fox-Lent, C., Kröger, W., Lambert, J. H., Levermann, A., Montreuil, B., Nathwani, J., Nyer, R., Renn, O., Scharte, B., Scheffler, A., Schreurs, M., & Thiel-Clemen, T. (2014). Changing the resilience paradigm. Nature Climate Change, 4, 407–409.
Marr, B. (2010). How to design key performance indicators. Milton Keynes: The Advanced Performance Institute.
Martinez, L. J., & Lambert, J. H. (2012). Risk-benefit-cost prioritization of independent protection layers for a liquefied natural gas terminal. International Journal of Critical Infrastructures, 8(4), 306–325.
Martinez, L. J., Thekdi, S. A., & Lambert, J. H. (2013). Modeling energy facility regulatory compliance with application to multi-scale liquefied natural gas facilities. Environment Systems & Decisions, 33(3), 404–412.
Mason, S. J., Cole, M. H., Ulrey, B. T., & Yan, L. (2002). Improving electronics manufacturing supply chain agility through outsourcing. International Journal of Physical Distribution & Logistics Management, 32(7), 610–620.
McKay, S. K., Linkov, I., Fischenich, J. C., Miller, S. J., & Valverde, L. J., Jr. (2012). Ecosystem restoration objectives and metrics, ERDC TN-EMRRP-EBA-12-16. Vicksburg: U.S. Army Engineer Research and Development Center.
National Institute of Standards and Technology. (2016). Framework for cyber-physical systems. Release 1.0. In Cyber physical systems public working group. Gaithersburg: NIST.
National Research Council. (2012). Disaster resilience: A National Imperative. Washington, DC: National Academies Press.
Neely, A., Richards, H., Mills, J., Platts, K., & Bourne, M. (1997). Designing performance measures: A structured approach. International Journal of Operations & Production Management, 17(11), 1131–1152.
Park, J., Seager, T. P., Rao, P. S. C., Convertino, M., & Linkov, I. (2013). Integrating risk and resilience approaches to catastrophe management in engineering systems. Risk Analysis, 33, 356–367.
Pecht, M., & Tiku, S. (2006). Bogus: Electronic manufacturing and consumers confront a rising tide of counterfeit electronics. IEEE Spectrum, 43(5), 37–46.
Reichert, P., Borsuk, M., Hostmann, M., Schweizer, S., Sporri, C., Tockner, K., et al. (2007). Concepts of decision support for river rehabilitation. Environmental Modeling and Software, 22, 188–201.
Roege, P. E., Collier, Z. A., Mancillas, J., McDonagh, J. A., & Linkov, I. (2014). Metrics for energy resilience. Energy Policy, 72(1), 249–256.
Rojo, F. J. R., Roy, R., & Shehab, E. (2010). Obsolescence management for long-life contracts: State of the art and future trends. The International Journal of Advanced Manufacturing Technology, 49(9), 1235–1250.
SAE. (2017). AS6171: Test Methods Standard; General Requirements, Suspect/Counterfeit, Electrical, Electronic, and Electromechanical Parts. http://standards.sae.org/as6171/
Seager, T. P., Satterstrom, F. K., Linkov, I., Tuler, S. P., & Kay, R. (2007). Typological review of environmental performance metrics (with illustrative examples for oil spill response). Integrated Environmental Assessment and Management, 3(3), 310–321.
Sheffi, Y. (2005). Building a resilient supply chain. Harvard Business Review, 1(8), 1–4.
Sood, B., Das, D., & Pecht, M. (2011). Screening for counterfeit electronic parts. Journal of Materials Science: Materials in Electronics, 22(10), 1511–1522.
Teng, K., Thekdi, S. A., & Lambert, J. H. (2012a). Identification and evaluation of priorities in the business process of a risk or safety organization. Reliability Engineering and System Safety, 99, 74–86.
Teng, K., Thekdi, S. A., & Lambert, J. H. (2012b). Risk and safety program performance evaluation and business process modeling. IEEE Transactions on Systems, Man, and Cybernetics: Part A, 42(6), 1504–1513.
Thorisson, H., Lambert, J. H., Cardenas, J. J., & Linkov, I. (2017). Resilience analytics for power grid capacity expansion in a developing region. Risk Analysis, 37(7), 1268–1286. https://doi.org/10.1111/risa.12711.
US Department of Commerce. (2010). Defense industrial base assessment: Counterfeit electronics. Bureau of Industry and Security, Office of Technology Evaluation. https://www.bis.doc.gov/index.php/forms-documents/technology-evaluation/37-defense-industrial-base-assessment-of-counterfeit-electronics-2010/file
US Government Accountability Office. (2010). Intellectual property: Observations on efforts to quantify the economic effects of counterfeit and pirated goods. (GAO-10-423, April 2010).
Villasenor, J. (2013). Compromised by design?: Securing the defense electronics supply chain. Center for Technology Innovation at Brookings Institute. Washington, DC
Wood, G. (2016). Costly counterfeit electronic components in the supply chain can also be a safety concern. IHS Markit. http://blog.ihs.com/costly-counterfeit-electronic-components-in-the-supply-chain-can-also-be-a-safety-concern
Wood, M. D., Thorne, S., Kovacs, D., Butte, G., & Linkov, I. (2017). Mental modeling approach: Risk management application case studies. New York: Springer.
Acknowledgments
This effort was supported in part by National Science Foundation Grant 1541165 “CRISP Type 2: Collaborative Research: Resilience Analytics: A Data-Driven Approach for Enhanced Interdependent Network Resilience” at University of Virginia. The authors are grateful for the comments of Mr. Thomas L. Polmateer, Logistics Systems Data Analyst, University of Virginia, and Commonwealth Center for Advanced Logistics Systems (CCALS). The authors are grateful for support of Mr. Mark C. Manasco, Executive Director of the CCALS. Some of the authors are engaged with the CCALS in a multi-year contract for systems modeling and risk management for the Port of Virginia, USA, which had the first automated freight container port in the Western Hemisphere.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer International Publishing AG, part of Springer Nature
About this chapter
Cite this chapter
Collier, Z.A., Hassler, M.L., Lambert, J.H., DiMase, D., Linkov, I. (2019). Supply Chains. In: Kott, A., Linkov, I. (eds) Cyber Resilience of Systems and Networks. Risk, Systems and Decisions. Springer, Cham. https://doi.org/10.1007/978-3-319-77492-3_19
Download citation
DOI: https://doi.org/10.1007/978-3-319-77492-3_19
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-77491-6
Online ISBN: 978-3-319-77492-3
eBook Packages: EngineeringEngineering (R0)