Supply chain security has become a growing concern in security risk analysis of the Internet of Things (IoT) systems. Their highly connected structures have significantly enlarged the attack surface, making it difficult to track the source of the risk posed by malicious or compromised suppliers. This chapter presents a system-scientific framework to study the accountability in IoT supply chains and provides a holistic risk analysis technologically and socio-economically. We develop stylized models and quantitative approaches to evaluate the accountability of the suppliers. Two case studies are used to illustrate accountability measures for scenarios with single and multiple agents. Finally, we present the contract design and cyber insurance as economic solutions to mitigate supply chain risks. They are incentive-compatible mechanisms that encourage truth-telling of the supplier and facilitate reliable accountability investigation for the buyer.
翻译:供应链安全已成为对物联网系统安全风险分析中日益引起关注的问题,这些系统高度连接的结构大大增加了攻击面,难以追踪恶意或受损供应商构成的风险来源,本章为研究因特网供应链的问责制提供了一个系统科学框架,从技术和社会经济角度提供了全面风险分析,我们开发了评估供应商问责制的系统化模式和定量方法,两个案例研究被用来说明单一和多种代理的问责制措施,最后,我们提出合同设计和网络保险作为减少供应链风险的经济解决办法,它们是鼓励供应商披露真相和促进买方可靠问责调查的符合奖励要求的机制。