Supply chain environments are evolving with new flourishing technologies that provide improved functionalities and benefits to the whole ecosystem. In this way, the implementation of cloud systems, IoT devices, artificial intelligence and other trending technologies make the supply chain systems much more effective, competent, and productive. However, and at the same time, the use of these new tools and solutions also brings undesirable collateral effects: weaknesses and flaws can make the system more vulnerable than earlier.

Many examples of how vulnerabilities can affect the supply chain can be found on the Internet such as the cyberattack that targeted Maersk and costed millions. This fact, and the increasing need of companies to go digital due to the COVID-19 crisis, makes users feel worried about the trust and assurance of the new solutions incorporated in their systems. Moreover, it is mandatory that all actors in the supply chain systems keep the same levels of security against cyber vulnerabilities; if just one of these actors is targeted by a cyber-attack, the rest of the chain elements would be affected in a domino effect, becoming their effort fully useless.

For the above reasons and because adaptation of new technologies should bring benefits and never negative effects, cybersecurity must shift from being a secondary aspect in the supply chain systems to be naturally integrated and aligned with them, as well with their needs and functionalities. IT providers should offer cybersecurity solutions that can work and integrate smoothly with existing and new technologies, meanwhile ensuring the system performance.

In this context, FISHY raises to offer a cybersecurity framework focused on the supply chain requirements, constraints and functionalities. This solution will address complex ICT systems end-to-end, ranging from cloud/edge infrastructures to IoT devices. Moreover, the main cybersecurity services that FISHY includes are risk and vulnerability management, accountability, mitigation strategies and evidence-based cybersecurity assurance.

The design and development of these services and characteristics will be guided by a joint work with three different supply chain pilots. These three pilots for agriculture, manufacturing and transport sectors will continuously evaluate the approach and results of the FISHY project in order to adapt them to their specific needs as well as to integrate them with their systems in a smooth way.

After six months of hard work, FISHY has already achieved the preliminary technical results with regards to the identification of the supply chain technologies to be adapted as well as the definition of the initial architecture and approach for the FISHY technical solution.

Last but not least, the FISHY consortium plans to deliver an first version of the framework and solutions in short term so that the validation activities with the different pilots can start soon, and if feasible, t is intended to open the FISHY solution to interested stakeholders for testing purposes.

José Francisco Ruiz (ATOS)