I-SCRAM: A Framework for IoT Supply Chain Risk Analysis and Mitigation Decisions

I-SCRAM: A Framework for IoT Supply Chain Risk Analysis and Mitigation Decisions

Supply chain security is becoming an important factor in security risk analysis for modern information and communication technology (ICT) systems. As Internet of Things (IoT) devices proliferate and get adopted into critical infrastructure, the role of suppliers in risk assessment becomes all the mo...

Full description

Bibliographic Details
Main Authors: Timothy Kieras, Junaid Farooq, Quanyan Zhu
Format: Article
Language:English
Published: IEEE 2021-01-01
Series:IEEE Access
Subjects:
Attack tree
supply chain risk management
Internet of things
Birnbaum structural importance
component importance
risk mitigation
Online Access:https://ieeexplore.ieee.org/document/9350583/
id doaj-241cfb1ea88e4e89a8e3ccd23ec0830c
record_format Article
spelling doaj-241cfb1ea88e4e89a8e3ccd23ec0830c2021-03-30T15:23:28ZengIEEEIEEE Access2169-35362021-01-019298272984010.1109/ACCESS.2021.30583389350583I-SCRAM: A Framework for IoT Supply Chain Risk Analysis and Mitigation DecisionsTimothy Kieras0https://orcid.org/0000-0001-9062-1529Junaid Farooq1https://orcid.org/0000-0003-0618-9345Quanyan Zhu2Department of Computer Science, Tandon School of Engineering, New York University, Brooklyn, NY, USADepartment of Electrical and Computer Engineering, University of Michigan-Dearborn, Dearborn, MI, USADepartment of Electrical and Computer Engineering, Tandon School of Engineering, New York University, Brooklyn, NY, USASupply chain security is becoming an important factor in security risk analysis for modern information and communication technology (ICT) systems. As Internet of Things (IoT) devices proliferate and get adopted into critical infrastructure, the role of suppliers in risk assessment becomes all the more significant. IoT security risks are affected by supplier trust since suppliers possess the capacity to modify black box systems without detection. The risks posed by potentially malicious or compromised suppliers are compounded by interdependence among suppliers. In this paper, we propose I-SCRAM, a framework to analyze supply chain risks in IoT systems and to support risk mitigating decisions. After defining an expanded system model that consists of interconnected components and a hierarchy of component vendors, we develop and propose metrics to quantify systemic risks. Finally, we present a decision framework that helps in selection of vendors to mitigate supply chain risk. Through a case study and simulation, we show that I-SCRAM successfully minimizes system risk as higher budget and more reliable component sources become available, while allowing flexibility in prioritizing sources of risk.https://ieeexplore.ieee.org/document/9350583/Attack treesupply chain risk managementInternet of thingsBirnbaum structural importancecomponent importancerisk mitigation
collection DOAJ
language English
format Article
sources DOAJ
author Timothy Kieras
Junaid Farooq
Quanyan Zhu
spellingShingle Timothy Kieras
Junaid Farooq
Quanyan Zhu
I-SCRAM: A Framework for IoT Supply Chain Risk Analysis and Mitigation Decisions
IEEE Access
Attack tree
supply chain risk management
Internet of things
Birnbaum structural importance
component importance
risk mitigation
author_facet Timothy Kieras
Junaid Farooq
Quanyan Zhu
author_sort Timothy Kieras
title I-SCRAM: A Framework for IoT Supply Chain Risk Analysis and Mitigation Decisions
title_short I-SCRAM: A Framework for IoT Supply Chain Risk Analysis and Mitigation Decisions
title_full I-SCRAM: A Framework for IoT Supply Chain Risk Analysis and Mitigation Decisions
title_fullStr I-SCRAM: A Framework for IoT Supply Chain Risk Analysis and Mitigation Decisions
title_full_unstemmed I-SCRAM: A Framework for IoT Supply Chain Risk Analysis and Mitigation Decisions
title_sort i-scram: a framework for iot supply chain risk analysis and mitigation decisions
publisher IEEE
series IEEE Access
issn 2169-3536
publishDate 2021-01-01
description Supply chain security is becoming an important factor in security risk analysis for modern information and communication technology (ICT) systems. As Internet of Things (IoT) devices proliferate and get adopted into critical infrastructure, the role of suppliers in risk assessment becomes all the more significant. IoT security risks are affected by supplier trust since suppliers possess the capacity to modify black box systems without detection. The risks posed by potentially malicious or compromised suppliers are compounded by interdependence among suppliers. In this paper, we propose I-SCRAM, a framework to analyze supply chain risks in IoT systems and to support risk mitigating decisions. After defining an expanded system model that consists of interconnected components and a hierarchy of component vendors, we develop and propose metrics to quantify systemic risks. Finally, we present a decision framework that helps in selection of vendors to mitigate supply chain risk. Through a case study and simulation, we show that I-SCRAM successfully minimizes system risk as higher budget and more reliable component sources become available, while allowing flexibility in prioritizing sources of risk.
topic Attack tree
supply chain risk management
Internet of things
Birnbaum structural importance
component importance
risk mitigation
url https://ieeexplore.ieee.org/document/9350583/
work_keys_str_mv AT timothykieras iscramaframeworkforiotsupplychainriskanalysisandmitigationdecisions
AT junaidfarooq iscramaframeworkforiotsupplychainriskanalysisandmitigationdecisions
AT quanyanzhu iscramaframeworkforiotsupplychainriskanalysisandmitigationdecisions
_version_ 1724179501988970496

Similar Items