Next Article in Journal
A Cache Placement Strategy with Energy Consumption Optimization in Information-Centric Networking
Next Article in Special Issue
Gamification vs. Privacy: Identifying and Analysing the Major Concerns
Previous Article in Journal
Modeling of Information Operations Effects: Technological Systems Example
Previous Article in Special Issue
IoH: A Platform for the Intelligence of Home with a Context Awareness and Ambient Intelligence Approach
Article Menu
Issue 3 (March) cover image

Export Article

Open AccessFeature PaperArticle

Cyber Security Threat Modeling for Supply Chain Organizational Environments

School of Architecture Computing & Engineering, University of East London, London E16 2RD, UK
Author to whom correspondence should be addressed.
Future Internet 2019, 11(3), 63;
Received: 26 December 2018 / Revised: 14 February 2019 / Accepted: 21 February 2019 / Published: 5 March 2019
(This article belongs to the Special Issue 10th Anniversary Feature Papers)
PDF [1702 KB, uploaded 5 March 2019]


Cyber security in a supply chain (SC) provides an organization the secure network facilities to meet its overall business objectives. The integration of technologies has improved business processes, increased production speed, and reduced distribution costs. However, the increased interdependencies among various supply chain stakeholders have brought many challenges including lack of third party audit mechanisms and cascading cyber threats. This has led to attacks such as the manipulation of the design specifications, alterations, and manipulation during distribution. The aim of this paper is to investigate and understand supply chain threats. In particular, the paper contributes towards modeling and analyzing CSC attacks and cyber threat reporting among supply chain stakeholders. We consider concepts such as goal, actor, attack, TTP, and threat actor relevant to the supply chain, threat model, and requirements domain, and modeled the attack using the widely known STIX threat model. The proposed model was analyzed using a running example of a smart grid case study and an algorithm to model the attack. A discrete probability method for calculating the conditional probabilities was used to determine the attack propagation and cascading effects, and the results showed that our approach effectively analyzed the threats. We have recommended a list of CSC controls to improve the overall security of the studied organization. View Full-Text
Keywords: cyber supply chain; cyber security; attack modeling; smart grid; threat intelligence; threat actor cyber supply chain; cyber security; attack modeling; smart grid; threat intelligence; threat actor

Figure 1

This is an open access article distributed under the Creative Commons Attribution License which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited (CC BY 4.0).

Share & Cite This Article

MDPI and ACS Style

Yeboah-Ofori, A.; Islam, S. Cyber Security Threat Modeling for Supply Chain Organizational Environments. Future Internet 2019, 11, 63.

Show more citation formats Show less citations formats

Note that from the first issue of 2016, MDPI journals use article numbers instead of page numbers. See further details here.

Related Articles

Article Metrics

Article Access Statistics



[Return to top]
Future Internet EISSN 1999-5903 Published by MDPI AG, Basel, Switzerland RSS E-Mail Table of Contents Alert
Back to Top