Document Type : Review Paper
Authors
1 Canadian Institute for Cybersecurity, University of New Brunswick
2 Huawei Ottawa Research & Development Centre
3 ADGA Group Consultants Inc., Ottawa, Canada
4 Canadian Institute for Cybersecurity, University of New Brunswick, Fredericton, Canada
Abstract
Keywords
Abrams, L. (2021a). Chemical distributor pays $4.4 million to DarkSide ransomware. https://www.bleepingcomputer.com/news/security/chemical-distributor-pays44-million-to-darkside-ransomware/.
Abrams, L. (2021b). Kia Motors America suffers ransomware attack, $20 million ransom. https://www.bleepingcomputer.com/news/security/kia-motors-americasuffers-ransomware-attack-20-million-ransom/.
Adnan, S. M., Hamdan, A., & Alareeni, B. (2021). Artificial intelligence for public sector: Chatbots as a customer service representative. In The Importance of New Technologies and Entrepreneurship in Business Development: In The Context of Economic Diversity in Developing Countries (pp. 164–73). Springer International Publishing.
Alkhader, W., Salah, K., Sleptchenko, A., Jayaraman, R., Yaqoob, I., & Omar, M. (2021). Blockchain-based decentralized digital manufacturing and supply for COVID-19 medical devices and supplies. IEEE Access, 9, 137923–4.
Alshurideha, M. T., Alquqac, E. K., Alzoubid, H. M., AlKurdie, B., & AlHamad, A. (2023). The impact of cyber resilience and robustness on supply chain performance: Evidence from the uae chemical industry. Uncertain Supply Chain Management, 11.
Alzahrani, N., & Bulusu, N. (2018). Block-supply chain: A new anti-counterfeiting supply chain using NFC and Blockchain. Proceedings of the 1st Workshop on Cryptocurrencies and Blockchains for Distributed Systems.
Andoni, M., Robu, V., Flynn, D., Abram, S., Geach, D., Jenkins, D., McCallum, P., & Peacock, A. (2019). Blockchain technology in the energy sector: A systematic review of challenges and opportunities. Renewable and Sustainable Energy Reviews, 100, 143–74.
Aniello, L., Halak, B., Chai, P., Dhall, R., Mihalea, M., & Wilczynski, A. (2019). Towards a supply chain management system for counterfeit mitigation using Blockchain and PUF.
Arooj, A., Farooq, M. S., & Umer, T. (2022). Unfolding the blockchain era: Timeline, evolution, types and real-world applications. Journal of Network and Computer Applications, (p. 103511).
Arora, M., & Gigras, Y. (2018). Importance of supply chain management in healthcare of third world countries. International Journal of Supply and Operations Management, 5.
Asante, M., Epiphaniou, G., Maple, C., Al-Khateeb, H., Bottarelli, M., & Ghafoor, K. Z. (2021). Distributed ledger technologies in supply chain security management: A comprehensive survey. IEEE Transactions on Engineering Management, (pp. 1–27).
Ashok, M., Madan, R., Joha, A., & Sivarajah, U. (2022). Ethical framework for artificial intelligence and digital technologies. International Journal of Information Management, 62, 102433.
Aslam, J., Saleem, A., Khan, N. T., & Kim, Y. B. (2021). Factors influencing blockchain adoption in supply chain management practices: A study based on the oil industry. Journal of Innovation & Knowledge, 6, 124–34.
Baezner, M., & Robin, P. (2017). Stuxnet. Technical Report ETH Zurich.
Banerjea, A. (2018). NotPetya: How a Russian malware created the world’s worst cyberattack ever. https://www.business-standard.com/article/technology/notpetyahow-a-russian-malware-created-the-world-s-worst-cyberattack-ever118082700261_1.html.
Booz-Allen, & Hamilton (2004). Engineering principles for information technology security (a baseline for achieving security), revision a. NIST Special Publication.
Bottoni, P., Gessa, N., Massa, G., Pareschi, R., Selim, H., & Arcuri, E. (2020). Intelligent smart contracts for innovative supply chain management. Frontiers in Blockchain, 3.
Boyson, S. (2014). Cyber supply chain risk management: Revolutionizing the strategic control of critical IT systems. Technovation, 34, 342–53.
Brock, D. L. (2001). The electronic product code (EPC)-a naming scheme for physical objects. White paper, .
Buckley, G. J., & Gostin, L. O. (2013). Countering the problem of falsified and substandard drugs. Consensus Study Report - Institute of Medicine.
Budhwar, P., Chowdhury, S., Wood, G., Aguinis, H., Bamber, G. J., Beltran, J. R., Boselie, P., Lee Cooke, F., Decker, S., DeNisi, A., Dey, P. K., Guest, D., Knoblich, A. J., Malik, A., Paauwe, J., Papagiannidis, S., Patel, C., Pereira, V., Ren, S., Rogelberg, S., Saunders, M. N. K., Tung, R. L., & Varma, A. (2023). Human resource management in the age of generative artificial intelligence: Perspectives and research directions on ChatGPT. Human Resource Management Journal, 33, 606–59.
Carmody, S., Coravos, A., Fahs, G., Hatch, A., Medina, J., Woods, B., & Corman, J. (2021). Building resilient medical technology supply chains with a software bill of materials. NPJ Digital Medicine, 4, 1–6.
Cheung, K.-F., Bell, M. G., & Bhattacharjya, J. (2021). Cybersecurity in logistics and supply chain management: An overview and future research directions. Transportation Research Part E: Logistics and Transportation Review, 146, 102217.
Chmielewski, J., Daher, M., & Ghazal, O. (2021). Enabling holistic decisionmaking to create a more intelligent network - The future of movement of goods. https://www2.deloitte.com/us/en/insights/focus/transportation/intelligentsupply-chain-movement-of-goods.html.
Chowdhury, M., Rifat, N., Latif, S., Ahsan, M., Rahman, M. S., & Gomes, R. (2023). ChatGPT: The curious case of attack vectors’ supply chain management improvement. IEEE International Conference on Electro Information Technology,.
Christopher, M. L. (1992). Supply chain. Logistics and Supply Chain Management.
Cimpanu, C. (2020a). Cloud provider stopped ransomware attack but had to pay ransom demand anyway. https://www.zdnet.com/article/cloud-provider-stoppedransomware-attack-but-had-to-pay-ransom-demand-anyway/.
Cimpanu, C. (2020b). FBI warns about ongoing attacks against software supply chain companies. https://www.zdnet.com/article/fbi-warns-about-ongoing-attacksagainst-software-supply-chain-companies/.
Coates, R. (2019). Counterfeits are still a major problem. https://www.scmr.com/article/ counterfeits_are_still_a_major_problem.
Constantin, L. (2020). SolarWinds attack explained: And why it was so hard to detect. https://www.csoonline.com/article/3601508/solarwinds-supply-chainattack-explained-why-organizations-were-not-prepared.html.
Cooper, M. C., & Ellram, L. M. (1993). Characteristics of supply chain management and the implication for purchasing and logistics strategy. The International Journal of Logistics Management, 4, 13–24.
Cortese, P. F., Gemmiti, F., Palazzi, B., Pizzonia, M., & Rimondini, M. (2010). Efficient and practical authentication of PUF-based RFID tags in supply chains. In IEEE International Conference on RFID-Technology and Applications (pp. 182–8).
Cruz, L., & Ignacio, P. S. D. A. (2023). Application of blockchain disruptive technology in agri-food chains for sustainable development, a systematic review. International Journal of Supply and Operations Management, 10.
Devadas, S., Suh, E., Paral, S., Sowell, R., Ziola, T., & Khandelwal, V. (2008). Design and implementation of PUF-based ”unclonable” RFID ICs for anti-counterfeiting and security applications. In IEEE International Conference on RFID (pp. 58–64).
Doman, C. (2020). Team TNT – the first cryptomining worm to steal AWS credentials. https://www.cadosecurity.com/team-tnt-the-first-crypto-mining-wormto-steal-aws-credentials/.
Duman, O., Ghafouri, M., Kassouf, M., Atallah, R., Wang, L., & Debbabi, M. (2019). Modeling supply chain attacks in IEC 61850 substations. In IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids (SmartGridComm) (pp. 1–6). IEEE.
Dwivedi, Y. K., Kshetri, N., Hughes, L., Slade, E. L., Jeyaraj, A., Kar, A. K., Baabdullah, A. M., Koohang, A., Raghavan, V., Ahuja, M., Albanna, H., Albashrawi, M. A., AlBusaidi, A. S., Balakrishnan, J., Barlette, Y., Basu, S., Bose, I., Brooks, L., Buhalis, D., Carter, L., Chowdhury, S., Crick, T., Cunningham, S. W., Davies, G. H., Davison,
EL Azzaoui, A., Chen, H., Kim, S. H., Pan, Y., & Park, J. H. (2022). Blockchain-based distributed information hiding framework for data privacy preserving in medical supply chain systems. Sensors, 22, 1371.
El Hathat, Z., Zouadi, T., Sreedharan, V. R., & Sunder M., V. (2023). Strategizing a logistics framework for organizational transformation: A technological perspective. IEEE Transactions on Engineering Management, 1–22.
Epiphaniou, G., Pillai, P., Bottarelli, M., Al-Khateeb, H., Hammoudesh, M., & Maple, C. (2020). Electronic regulation of data sharing and processing using smart ledger technologies for supply-chain security. IEEE Transactions on Engineering Management, 67, 1059–73.
Falcone, A., Felicetti, C., Garro, A., Rullo, A., & Sacca`, D. (2021). PUF-based smart tags for supply chain management. In The 16th International Conference on Availability, Reliability and Security. Association for Computing Machinery.
Ferdousi, T., Gruenbacher, D., & Scoglio, C. M. (2020). A permissioned distributed ledger for the US beef cattle supply chain. IEEE Access, 8, 154833–4.
Fernando, Y., Tseng, M.-L., Wahyuni-Td, I. S., Jabbour, A. B. L. d. S., Jabbour, C. J. C., & Foropon, C. (2023). Cyber supply chain risk management and performance in industry 4.0 era: information system security practices in malaysia. Journal of Industrial and Production Engineering, 40.
Fiorini, P. d. C., & Jabbour, C. J. C. (2017). Information systems and sustainable supply chain management towards a more sustainable society: Where we are and where we are going. International Journal of Information Management, 37, 241–9.
Fishbein, N. (2021). Rocke group actively targeting the cloud: Wants your
SSH keys. https://www.intezer.com/blog/cloud-security/rocke-group-activelytargeting-the-cloud-wants-your-ssh-keys/.
Garrod, J. (2016). The real world of the decentralized autonomous society. tripleC, 14.
Ghadge, A., Weiß, M., Caldwell, N. D., & Wilding, R. (2019). Managing cyber risk in supply chains: A review and research agenda. Supply Chain Management: An International Journal.
Gokhale, V. (2021). Protecting hospitals from supply-chain counterfeits and other security threats. https://www.securitymagazine.com/blogs/14-security-blog/post/96068protecting-hospitals-from-supply-chain-counterfeits-and-other-securitythreats.
Green, W. (2022). Cyber attack on supplier halts Toyota production. https:
//www.cips.org/supply-management/news/2022/march/cyber-attack-onsupplier-halts-toyota-production/.
Gupta, A., Anpalagan, A., Guan, L., & Khwaja, A. S. (2021). Deep learning for object detection and scene perception in self-driving cars: Survey, challenges, and open issues. Array, 10, 100057.
Haddad, A., Habaebi, M. H., Islam, M. R., Hasbullah, N. F., & Zabidi, S. A. (2022). Systematic review on ai-blockchain based e-healthcare records management systems. IEEE Access, 10, 94583–615.
Hammi, B., & Zeadally, S. (2023). Software supply-chain security: Issues and countermeasures. IEEE Computer, 56.
Hammi, B., Zeadally, S., & Nebhen, J. (2023). Security threats, countermeasures, and challenges of digital supply chains. ACM Computing Surveys, 55.
Hashim, A. (2021). Swiss cloud hosting provider suffered ransomware attack. https://latesthackingnews.com/2021/05/06/swiss-cloud-hosting-providersuffered-ransomware-attack/.
Hassija, V., Chamola, V., Gupta, V., Jain, S., & Guizani, N. (2020). A survey on supply chain security: Application areas, security threats, and solution architectures. IEEE Internet of Things Journal, 8, 6222–46.
Hassija, V., Chamola, V., Saxena, V., Jain, D., Goyal, P., & Sikdar, B. (2019). A survey on IoT security: Application areas, security threats, and solution architectures. IEEE Access, 7, 82721–43.
Herr, T., Lee, J., Loomis, W., & Scott, S. (2020). Deep impact: States and software supply chain attacks. https://www.atlanticcouncil.org/commentary/feature/deepimpact-states-and-software-supply-chain-attacks/.
Holloway, M. (2015). Stuxnet worm attack on Iranian nuclear facilities. http://large. stanford.edu/courses/2015/ph241/holloway1/.
Hou, Y., Such, J., & Rashid, A. (2019). Understanding security requirements for industrial control system supply chains. In IEEE/ACM 5th International Workshop on Software Engineering for Smart Cyber-Physical Systems (SEsCPS) (pp. 50–3). IEEE.
Hristea, C., & T¸iplea, F. L. (2019). A PUF-based destructive private mutual authentication RFID protocol. In Innovative Security Solutions for Information Technology and Communications (pp. 331–43). Springer International Publishing.
Huang, H.-H., Yeh, L.-Y., & Tsaur, W.-J. (2017). PUF-based protocols about mutual authentication and ownership transfer for RFID Gen2 v2 systems. In Transactions on Engineering Technologies (pp. 49–59). Springer.
Hwang, Y., Moon, J., & Yoo, S. (2015). Developing a RFID-based food traceability system in Korea Ginseng industry: Focused on the business process reengineering. International Journal of Control and Automation, 8, 397–406.
Islam, M. N., & Kundu, S. (2019). Enabling IC traceability via blockchain pegged to embedded PUF. ACM Transactions on Design Automation of Electronic Systems, 24.
Kaiser, D., & Vincent, S. (2019). Analysis and detection of golden SAML attacks. Report, .
Kelion, L. (2020). Huawei 5G kit must be removed from UK by 2027. https://www.bbc. com/news/technology-53403793.
Khursheed, A., Kumar, M., & Sharma, M. (2016). Security against cyber-attacks in food industry. International Journal of Control Theory and Applications, 9, 8623–8.
Kim, K., Kim, J. S., Jeong, S., Park, J.-H., & Kim, H. K. (2021). Cybersecurity for autonomous vehicles: Review of attacks and defense. Computers & Security, 103, 102150.
Kim, S., Heo, G., Zio, E., Shin, J., & Song, J.-g. (2020). Cyber attack taxonomy for digital environment in nuclear power plants. Nuclear Engineering and Technology, 52, 995–1001.
Koeberl, P., Li, J., Maes, R., Rajan, A., Vishik, C., Wo´jcik, M., & Wu, W. (2012). A practical device authentication scheme using SRAM PUFs. Journal of Cryptographic Engineering, 2, 255–69.
Kosba, A., Miller, A., Shi, E., Wen, Z., & Papamanthou, C. (2016). Hawk: The blockchain model of cryptography and privacy-preserving smart contracts. In IEEE Symposium on Security and Privacy (SP) (pp. 839–58).
La Londe, B. J., & Masters, J. M. (1994). Emerging logistics strategies: Blueprints for the next century. International Journal of Physical Distribution and Logistics Management, 24, 35–47.
Lennane, A. (2020). Toll group resists ransom demands from hackers after cyber attack. https://theloadstar.com/toll-group-resists-ransom-demands-fromhackers-after-cyber-attack/.
Lin, Q., Wang, H., Pei, X., & Wang, J. (2019). Food safety traceability system based on Blockchain and EPCIS. IEEE Access, 7.
Logility (2023). Ai-first demand planning how human-machine collaboration cuts costs, error, and implementation time.
Mahraz, M.-I., Benabbou, L., & Berrado, A. (2022). Machine learning in supply chain management: A systematic literature review. International Journal of Supply and Operations Management, 9.
Mainetti, L., Patrono, L., Stefanizzi, M. L., & Vergallo, R. (2013). An innovative and lowcost gapless traceability system of fresh vegetable products using RF technologies and EPC global standard. Computers and electronics in agriculture, 98, 146–57.
Marle, G. v. (2020). Toll refuses to pay cyber ransom as it acts to get its systems back online. https://theloadstar.com/toll-refuses-to-pay-cyber-ransom-as-it-actsto-get-its-systems-back-online/.
Mentzer, J. T., DeWitt, W., Keebler, J. S., Min, S., Nix, N. W., Smith, C. D., & Zacharia, Z. G. (2001). Defining supply chain management. Journal of Business Logistics, 22, 1–25.
Min, H. (2019). Blockchain technology for enhancing supply chain resilience. International Journal of Information Management, 62, 35–45.
Monczka, R., Trent, R., & Handfield, R. (1998). Purchasing and Supply Chain Management volume 8. South-Western College Publishing.
Mor, R., Singh, S., Bhardwaj, A., & Singh, L. (2015). Technological implications of supply chain practices in agri-food sector: A review. International Journal of Supply and Operations Management, 2.
Morgan, T. R., Gabler, C. B., & Manhart, P. S. (2023). Supply chain transparency: theoretical perspectives for future research. The International Journal of Logistics Management, 34, 1422–45.
Musamih, A., Salah, K., Jayaraman, R., Arshad, J., Debe, M., Al-Hammadi, Y., & Ellahham, S. (2021). A blockchain-based approach for drug traceability in healthcare supply chain. IEEE Access, 9, 9728–43.
Network, T. L. (2020). How Walmart used blockchain to increase supply chain transparency. https://theleadershipnetwork.com/article/how-walmartused-blockchain-to-increase-supply-chain-transparency.
Nicholson, P. (2022). Five most famous DDoS attacks and then some. https://www. a10networks.com/blog/5-most-famous-ddos-attacks/.
Nofer, M., Gomber, P., Hinz, O., & Schiereck, D. (2017). Blockchain. Business and Information Systems Engineering, 59, 183–187.
Park, A., & Li, H. (2021). The effect of blockchain technology on supply chain sustainability performances. Sustainability, 13.
Peepliwal, A. K., Narula, S., Sharma, R., Bonde, C., & Jain, K. (2022). Theoretical blockchain architecture model (t-bam) to control covid-19 related counterfeit medical products across supply chain. International Journal of Supply and Operations Management, 9.
Piper, E. (2017). Cyber attack hits 200,000 in at least 150 countries: Europol. Reuters.
Polatidis, N., Pavlidis, M., & Mouratidis, H. (2018). Cyber-attack path discovery in a dynamic supply chain maritime risk management system. Computer Standards & Interfaces, 56, 74–82.
Pratap, M. (2018). How is blockchain disrupting the supply chain industry? https://medium.com/hackernoon/how-is-blockchain-disrupting-thesupply-chain-industry-f3a1c599daef.
Puthal, D., Malik, N., Mohanty, S., Kougianos, E., & Yang, C. (2018). The blockchain as a decentralized security framework. IEEE Consumer Electronics Magazine, 7, 18–21.
Quist, N. (2021). TeamTNT actively enumerating cloud environments to infiltrate organisations. https://unit42.paloaltonetworks.com/teamtnt-operations-cloudenvironments/.
Ranathunga, D., Roughan, M., Nguyen, H., Kernick, P., & Falkner, N. (2016). Case studies of scada firewall configurations and the implications for best practices. IEEE Transactions on Network and Service Management, 13, 871–84.
Richey Jr., R. G., Chowdhury, S., Davis-Sramek, B., Giannakis, M., & Dwivedi, Y. K. (2023). Artificial intelligence in logistics and supply chain management: A primer and roadmap for research. Journal of Business Logistics, 44, 532–49.
Robinson, R., & Fishbein, N. (2021). New attacks on Kubernetes via misconfigured Argo
Workflows. https://www.intezer.com/blog/container-security/new-attacks-onkubernetes-via-misconfigured-argo-workflows/.
Ruan, P., Dinh, T. T. A., Loghin, D., Zhang, M., & Chen, G. (2022). Blockchains: Decentralized and Verifiable Data Systems. Springer.
Sabry, S. S., Kaittan, N. M., & Majeed, I. (2019). The road to the blockchain technology: Concept and types. Periodicals of Engineering and Natural Sciences, 7, 1821–32.
Savelyev, A. (2017). Contract law 2.0: ‘smart’ contracts as the beginning of the end of classic contract law. Information & Communications Technology Law, 26, 116–34.
Scholliers, J., Permala, A., Toivonen, S., & Salmela, H. (2016). Improving the security of containers in port related supply chains. Transportation research procedia, 14, 1374–83.
Scroxton, A. (2020). Cloud Snooper firewall bypass may be work of nation state. https://www.computerweekly.com/news/252479189/Cloud-Snooperfirewall-bypass-may-be-work-of-nation-state.
Shahrubudin, N., Lee, T. C., & Ramlan, R. (2019). An overview on 3D printing technology: Technological, materials, and applications. Procedia Manufacturing, 35, 1286–96.
Shamsoshoara, A., Korenda, A., Afghah, F., & Zeadally, S. (2020). A survey on physical unclonable function (PUF)-based security solutions for internet of things. Computer Networks, 183, 107593.
Shepard, W. (2018). Meet the man fighting America’s trade war against Chinese counterfeits
(it’s not Trump). https://www.forbes.com/sites/wadeshepard/2018/03/29/meetthe-man-fighting-americas-trade-war-against-chinese-counterfeits.
Sillaber, C., & Waltl, B. (2017). Life cycle of smart contracts in blockchain ecosystems.
Datenschutz und Datensicherheit, 41, 497–500.
Snowdon, A. W., Saunders, M., & Wright, A. (2021). Key characteristics of a fragile healthcare supply chain: Learning from a pandemic. Healthcare quarterly (Toronto, Ont.), 24, 36–43.
Staake, T., Thiesse, F., & Fleisch, E. (2005). Extending the EPC network: the potential of RFID in anti-counterfeiting. In Proceedings of the 2005 ACM symposium on Applied computing (pp. 1607–12).
Suh, G. E., & Devadas, S. (2007). Physical unclonable functions for device authentication and secret key generation. In 2007 44th ACM/IEEE Design Automation Conference (pp. 9–14).
Szabo, N. (1997). Formalizing and securing relationships on public networks. First Monday, 2.
Tian, F. (2016). An agri-food supply chain traceability system for china based on RFID & blockchain technology. International Conference on Service Systems and Service Management (ICSSSM), .
Toyoda, K., Mathiopoulos, P. T., Sasase, I., & Ohtsuki, T. (2017). A novel blockchain-based product ownership management system (POMS) for anti-counterfeits in the post supply chain. IEEE Access, 5, 17465–77.
Treiblmaier, H., & Garaus, M. (2023). Using blockchain to signal quality in the food supply chain: The impact on consumer purchase intentions and the moderating effect of brand familiarity. International Journal of Information Management, 68.
Urciuoli, L., Ma¨nnisto¨, T., Hintsa, J., & Khan, T. (2013). Supply chain cyber security– potential threats. Information & Security: An International Journal, 29.
Verma, G. K., Singh, B., Kumar, N., & Chamola, V. (2019). CB-CAS: Certificate-based efficient signature scheme with compact aggregation for industrial Internet of Things environment. IEEE Internet of Things Journal, 7, 2563–72.
Wang, L., Xu, L., Zheng, Z., Liu, S., Li, X., Cao, L., Li, J., & Sun, C. (2021). Smart contract-based agricultural food supply chain traceability. IEEE Access, 9, 9296–307.
Weingartner, T., Batista, D., Kochli, S., & Voutat, G. (2021). Prototyping a smart contract based public procurement to fight corruption. Computers, 10.
Wong, L.-W., Lee, V.-H., Tan, G. W.-H., Ooi, K.-B., & Sohal, A. (2022). The role of cybersecurity and policy awareness in shifting employee compliance attitudes: Building supply chain capabilities. International Journal of Information Management, 66.
Wright, A., & De Filippi, P. (2015). Decentralized blockchain technology and the rise of lex cryptographia. SSRN, .
Xiujuan Wang, M. K. (2018). Blockchain based provenance for agricultural products: A distributed platform with duplicated and shared bookkeeping. In IEEE Intelligent Vehicles Symposium. IEEE.
Yu, M.-D., Hiller, M., Delvaux, J., Sowell, R., Devadas, S., & Verbauwhede, I. (2016). A lockdown technique to prevent machine learning on PUFs for lightweight authentication.
IEEE Transactions on Multi-Scale Computing Systems, 2, 146–59.
)