Publications
Supply chain decision analytics: Application and case study for critical infrastructure security
Edwards, Nathan J.; Kao, Gio K.; Hamlet, Jason H.; Bailon, John; Liptak, Shane
Today's globalized supply chains are complex systems of systems characterized by a conglomeration of interconnected networks and dependencies. There is a constant supply and demand for materials and information exchange with many entities such as people, organizations, processes, services, products, and infrastructure at various levels of involvement. Fully comprehending supply chain risk (SCR) is a challenging problem, as attacks can be initiated at any point within the system lifecycle and can have detrimental effects to mission assurance. Counterfeit items, from individual components to entire systems, have been found in commercial and government systems. Cyber-attacks have been enabled by suppliers' lack of security. Furthermore, there have been recent trends to incorporate supply chain security to help defend against potential cyber-attacks, however, we find that traditional supply chain risk reduction and screening methods do not typically identify intrinsic vulnerabilities of realized systems. This paper presents the application of a supply chain decision analytics framework for assisting decision makers in performing risk-based cost-benefit prioritization of security investments to manage SCR. It also presents results from a case study along with discussions on data collection and pragmatic insight to supply chain security approaches. This case study considers application of the framework in analyzing the supply chain of a United States Government critical infrastructure construction project, clarifies gaps between supply chain analysis and technical vulnerability analysis, and illustrates how the framework can be used to identify supply chain threats and to suggest mitigations.