Johnson, C. W. (2016) You Outsource the Service but Not the Risk: Supply Chain Risk Management for the Cyber Security of Safety Critical Systems. In: 34th International System Safety Conference, Orlanda, FL, USA, 8-12 Aug 2016,
|
Text
130825.pdf - Accepted Version 474kB |
Publisher's URL: http://www.dcs.gla.ac.uk/~johnson/papers/ISSC16/supply.pdf
Abstract
Companies increasingly form interdependent relationships between contractors and sub-contractors that extend across national borders and legal jurisdictions. In consequence, supply chain risk management (SCRM) is an increasing concern for the cyber security of safety-critical systems. The following pages argue that outsourcing undermines SCRM by eroding technical expertise, which companies need to select and audit their suppliers. They are still held accountable when the failure of a sub-contractor jeopardizes the continuity of critical national infrastructures. Subsequent sections present SCRM techniques that support the cyber-security of safety-critical applications and at the same time help to realize the benefits of vertical market integration. Rather than de-risking, the aim of the paper is to reiterate that ‘safety-critical organizations outsource the service but they do not outsource the risk’.
Item Type: | Conference Proceedings |
---|---|
Status: | Published |
Refereed: | Yes |
Glasgow Author(s) Enlighten ID: | Johnson, Professor Chris |
Authors: | Johnson, C. W. |
College/School: | College of Science and Engineering > School of Computing Science |
Copyright Holders: | Copyright © 2016 The Authors |
Publisher Policy: | Reproduced with the permission of the authors. |
Related URLs: |
University Staff: Request a correction | Enlighten Editors: Update this record