Interorganizational cooperation in supply chain cybersecurity: a cross-industry study of the effectiveness of the UK implementation of the NIS Directive

Wallis, T. , Johnston, C. and Khamis, M. (2021) Interorganizational cooperation in supply chain cybersecurity: a cross-industry study of the effectiveness of the UK implementation of the NIS Directive. Information and Security: An International Journal, 48, pp. 36-68. (doi: 10.11610/isij.4812)

[img] Text
240966.pdf - Published Version
Available under License Creative Commons Attribution Non-commercial.

836kB

Publisher's URL: https://doi.org/10.11610/isij.4812

Abstract

The transposition of the EU Directive on Network and Information Security (NIS) by EU Member States involved assigning a set of responsibilities to operators, regulators and policy makers within a national cybersecurity strategy, in order to improve cybersecurity levels across critical infrastructures. This research investigates the perspectives and experiences of organisations affected by the NIS Directive focussing on three different sectors (Energy, Water & Aviation). The authors evaluate the response of different actors to NIS interventions and their challenges in meeting their assigned responsibilities, in particular their ability to oversee supply chain cybersecurity. It proposes further support for partnerships and cooperation across organisations to increase the effectiveness of NIS implementation. Based on results from semi-structured interviews and observations of industry working groups, an approach to supply chain oversight to achieve a balance between control and cooperation is recommended, to improve cybersecurity within industry sectors and across critical national infrastructures. Although our initial focus has been on working mainly with UK stakeholders, we argue that our recommendations have a more general application beyond those countries directly affected by the Directive.

Item Type:Articles
Additional Information:This work was supported and funded by the Research Institute of Trustworthy Inter-connected Cyber-physical Systems (RITICS) and the UK NCSC.
Status:Published
Refereed:Yes
Glasgow Author(s) Enlighten ID:Khamis, Dr Mohamed and Wallis, Dr Tania
Authors: Wallis, T., Johnston, C., and Khamis, M.
College/School:College of Science and Engineering > School of Computing Science
Journal Name:Information and Security: An International Journal
Publisher:Procon Ltd.
ISSN:0861-5160
ISSN (Online):1314-2119
Published Online:08 May 2021
Copyright Holders:Copyright © 2021 Procon Ltd.
First Published:First published in Information and Security: An International Journal 48: 36-68
Publisher Policy:Reproduced under a Creative Commons License

University Staff: Request a correction | Enlighten Editors: Update this record