3.8 Proceedings Paper

Integrating Zero Trust in the cyber supply chain security

Publisher

IEEE
DOI: 10.1109/WCNPS53648.2021.9626299

Keywords

Zero Trust; Cyber Supply Chain; Software Bill of Materials; SBOM; DevSecOps; Gap analysis

Funding

  1. Institutional Security Office of the Presidency of Brazil (GSI/PR)
  2. Brazilian Intelligence System (SisBIn)
  3. Brazilian Supreme Electoral Court (TSE)
  4. RedeGigaCandanga

Ask authors/readers for more resources

The use of a Zero Trust architecture in a cyber supply chain can enhance security by revising trust in all relationships and assuming the presence of internal threats. This study contributes to the improvement of cyber supply chain security by proposing security controls organization, providing a control checklist, and suggesting ways to visualize the results.
The cyber supply chain has been a target of sophisticated attacks. Vulnerabilities in components that were once considered secure due to perceived trusting relationships are being exploited. One way to reduce this type of cyber risk is through the use of a Zero Trust architecture. This type of approach revises trust in all relationships. It disregards the implicit trust in any component and is based on the premise of the existence of internal threats to the corporate network. The present work proposes to integrate a Zero Trust architecture in a cyber supply chain. The main contribution of this study is to propose an organization of security controls for a cyber supply chain in domains, enabling improvements in the security of the cyber supply chain by applying the principles of a Zero Trust architecture. The study also provides a checklist of controls that allows a gap analysis and suggests some ways of visualizing this result.

Authors

I am an author on this paper
Click your name to claim this paper and add it to your profile.

Reviews

Primary Rating

3.8
Not enough ratings

Secondary Ratings

Novelty
-
Significance
-
Scientific rigor
-
Rate this paper

Recommended

No Data Available
No Data Available