Supply Chain Cybersecurity Survey

Thank you for contributing to this European initiative with your feedback. With it we want to understand the four dimensions of the value of the technology we are preparing to boost the supply chain cybersecurity.

You can evaluate these at each tab by using numbers 1 to 5 (min=1-5=max) and you can comment those evaluations if you like. Please start by filling-in your identification. 
Thanks in advance for this helpful contribution. For any question please contact the innovation manager of the FISHY project at joao (dot) pitacosta (at) xlab (dot) si. This project has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No 952644.
FISHY Key Exploitable Results
Short Introduction to FISHY
Get to know FISHY's Coordinated Framework for Cyber Resilient Supply Chain Systes by watching this short video and visiting
Company/Institution *
What is your  role in supply chain management? *
What is relevent for adoption, in your opinion?
What do you value in a cybersecurity platform protecting your supply chain? 
Benefit 1: Cybersec information readiness with uniform view of security alerts
Benefit 2: Automation of cybersec pipelines
Benefit 3: Non vendor specific and able to integrate with existing solutions
What is more important for you in vulnerability assessment and incident management? *
Benefit 1: Continuous monitoring of infrastructure
Benefit 2: Immediate notification of anomalies
Benefit 3: Automated recommendations for mitigating actions
What should be the focus of intent-based resilience orchestration? *
Benefit 1: Automation: Set, modify or delete security policies at scale using high level intent language
Benefit 2: Monitor of IT infrastructure, IRO notifications/alerts on network condition, recommended actions, and react based on the situation
Benefit 3: Using predefined policies, IRO can react to detected threats automatically or after confirmation from the user, and enforce security rules
What is relevant for you in security assurance and certification management? *
Benefit 1: Audit component, with custom-based rules described using a high level language named Event Calculus logic
Benefit 2: Event collection engine using Elasticsearch stack and connecting with other (external) data pools using AMQP technologies (message brokers)
Benefit 3: The Audit component is integrated in Drools rules management system
What do you prioritize in the security and privacy of your dataspace infrastructure? *
Benefit 1: Access Control (AC) policy and rules definition and enforcement technology
Benefit 2: Identity management, as an essential function in supply chains to ensure the coexistence of different access profiles
Benefit 3: Data sanitization and flow control from low-level on-premise components, according to previously defined security and privacy rules
What is essential in the translation of high-level policies into low-level configurations? *
Benefit 1: Empowered capability model, allowing an administrator to add support for new types of security controls with ease
Benefit 2: Ability to quickly and easily describe what the network functionalities are using close to human language, independent of implementation
Benefit 3: Seamless support of both physical and virtualized security controls, allowing the administrators to configure mixed networks containing both types of devices
How would you qualify the impact of the potential benefits of being able to apply cross-infrastructure mitigation actions? *
Benefit 1: OSM-enabled network function orchestration
Benefit 2: Able to support virtualization environments based on VMs (OpenStack) and containers (Kubernetes)
Benefit 3: Secure multi-domain connectivity relying on IPsec
What is the Value of the Outcomes of FISHY?  *
Will adopt
Will consider
Will not adopt
FISHY End-to-end Platform
Trust & Incident Manager
Intent-based Resilience Orchestration
Security Assurance & Certification Manager
Security & Privacy Dataspace Infrastructure
Enforcement & Dynamic Configuration
Secure Infrastructure Abstraction
FISHY Key Exploitable Results (KERs)
The building blocks of FISHY's supply chain resilience technology are as follows:

Outcome 1 Dashboard & Platform: Easing FISHY platform usability, making the whole system user-friendly and ready to be used for different users according to their expected profile and thus permitted functionalities
Outcome 2 Vulnerability Forecast & Risk Estimation (TIM): Monitoring and gathering metrics from supply chain infrastructure, performing analysis, raising alerts, proposing mitigation actions
Outcome 3 Intent-based Resilience Orchestration (IRO): Automating the interactions between the user defining high level intents and the system applying high level policies
Outcome 4 Security Assurance and Certification Manager (SACM): Auditing and reasoning security metrics tailored to the pilots infrastructure and collecting certifiable evidence from the pilots infrastructure
Outcome 5 Security & Privacy Dataspace Infrastructure (SPI): Organizing data related to infrastructure events and enforcing privacy and Access Control rules, including Identity Management
Outcome 6 Enforcement & Dynamic Configuration (EDC): Translating high-level policies into low-level configurations for a variety of NSFs (security controls)
Outcome 7 Secure Infrastructure Abstraction (SIA): Abstracting the execution of mitigation actions on different types of underlying infrastructure (IoT, IaaS, baremetal, etc)
Any further comments/suggestions?
Clear form
Never submit passwords through Google Forms.
This form was created inside of XLAB research. Report Abuse