BIECO - Building Trust in Ecosystems and Ecosystem Components (DIT.AD006.057)
Thematic area
Engineering, ICT and technologies for energy and transportation
Project area
CyberSecurity (DIT.AD006)Structure responsible for the research project
Institute of information science and technologies "Alessandro Faedo" (ISTI)
Project manager
EDA MARCHETTI
Phone number: +39 050 621 3467
Email: eda.marchetti@isti.cnr.it
Abstract
Nowadays most of the ICT solutions developed by companies require the integration or collaboration with other ICT components, which are typically developed by third parties. Even though this kind of procedures are key in order to maintain productivity and competitiveness, the fragmentation of the supply chain can pose a high risk regarding security, as in most of the cases there is no way to verify if these other solutions have vulnerabilities or if they have been built taking into account the best security practices. In order to deal with these issues, it is important that companies make a change on their mindset, assuming an "untrusted by default" position. According to a recent study only 29% of IT business know that their ecosystem partners are compliant and resilient with regard to security. However, cybersecurity attacks have a high economic impact and it is not enough to rely only on trust. ICT components need to be able to provide verificable guarantees regarding their security and privacy properties. It is also imperative to detect more accurately vulnerabilities from ICT components and understand how they can propagate over the supply chain and impact on ICT ecosystems.
Start date of activity
01/09/2020
Keywords
vulnerability management, resilience, auditing of complex systems, risk analysis, mitigation strategies, security certification harmonization
Last update: 06/10/2024