🌙

零信任供应链:在缺乏信任的情况下管理供应链风险

The zero trust supply chain: Managing supply chain risk in the absence of trust

International Journal of Production Research · 2021
被引 131 · 同刊同年前 9%
ABS 3

中文导读

本文提出零信任供应链概念,将网络安全中的零信任理念映射到供应链管理,讨论组织如何通过不信任所有参与方来降低风险,并提出了研究议程。

Abstract

The modern supply chain is characterised by an ill-defined and porous perimeter, allowing entry points for potential adversaries to intercept sensitive information and disrupt operations. Such supply chain attacks are increasing in frequency and their impacts can be costly to an organisation. Trust between supply chain partners is commonly thought to be a risk management tool, where increasing trust results in reduced risk. However, increased trust may actually expose the supply chain to more risk, not less. In this paper, we propose the concept of the zero trust supply chain. Originating in the field of information technology and cybersecurity, a zero trust philosophy assumes that all actors and activity are untrusted. In contrast to perimeter-based security, which attempts to keep adversarial actors out, a zero trust-based security posture assumes that adversaries are already inside the system, and therefore imposes strict access and authentication requirements. In this paper, we map zero trust concepts to the supply chain, and discuss the steps an organisation might take to transition to zero trust. We set forth a research agenda by examining zero trust through the lens of several organisational theories and propose a number of research propositions.

供应链管理网络安全风险管理组织理论