Cyber security always forms a significant aspect of ICT infrastructure, with threats on supply-chain networks gaining greater attention nowadays. The secure autonomous driving domain presents a unique set of challenges for supply- chain security. Autonomous vehicles rely on a complex ecosystem of hardware and software components, many of which are sourced from third-party suppliers. Ensuring the security and reliability of this supply-chain is essential to maintain the safety and viability of autonomous driving as a technology. To address these challenges, a continuous security assurance approach is necessary. This involves ongoing monitoring, assessment, and improvement of security measures to detect and mitigate potential vulnerabilities in the supply chain. Key measures may include regular vulnerability assessments, penetration testing, and security awareness training for employees and contractors, as well as the implementation of security controls such as secure communication protocols, access controls, and intrusion detection systems. By adopting a continuous security assurance approach for supply chain security in the secure autonomous driving domain, organizations can safeguard their operations and ensure the safety of passengers and other road users. This paper presents a security assurance and certification solution for supply-chain services. Security elements are continuously assessed based on AI operations. The proposal is implemented under the EU funded project FISHY and applied in the supply- chain of secure autonomous driving (SADE) pilot with REMOTIS smart vehicles. Nevertheless, it is a generic solution that can be applied in any domain.

Hatzivasilis, George, Sotiris Ioannidis, Grigoris Kalogiannis, Manolis Chatzimpyrros, George Spanoudakis, Guillermo Jiménez Prieto, Araceli Rojas Morgan, Miguel Juaniz Lopez, Cataldo Basile, and Jose Francisco Ruiz.
Continuous Security Assurance of Modern Supply-Chain Ecosystems with Application in Autonomous Driving: The FISHY approach for the secure autonomous driving domain. In 2023 IEEE International Conference on Cyber Security and Resilience (CSR) (pp. 464-469)