Risk-based Cyber Security Chain

NIS2 makes shared responsibility in the supply chain more urgent than ever. In this project, universities of applied sciences and industry partners jointly develop a risk-based cybersecurity supply-chain approach for the...

Centre of Expertise Cyber Security

Cyber security

Organisations no longer operate in isolation, but as part of interconnected supply chains. As a result, security has become chain-dependent: a chain is only as strong as its weakest link. In addition, legislation such as NIS2 and related standards impose shared responsibilities across organisations. This raises a key question: how can organisations within a supply chain arrive at a joint and effective cybersecurity approach?

Objective

To support organisations in meeting these responsibilities, Utrecht University of Applied Sciences, together with Avans University of Applied Sciences, The Hague University of Applied Sciences, and a range of private-sector partners, has initiated a research project on cybersecurity within supply chains. The objective is to collaboratively develop a supply chain security architecture based on the risks present within the chain. Responsibilities, concrete security measures, and a shared chain-wide approach are explicitly incorporated.

Approach

To secure chain products and the associated data flows in a responsible and efficient manner, a supply chain–oriented approach is required. In this project, the consortium investigates and develops a cybersecurity supply chain architecture that, on the one hand, facilitates structured dialogue among chain partners to jointly arrive at a secure approach, and on the other hand provides a framework of risk-based security measures that organisations within the chain can apply.

The outcome is a transparent analysis and coordinated approach to the cyber resilience of the entire supply chain.

Target Group

The target group consists of the ICT and Energy Top Sectors.

Expected (Interim) Results

The consortium will develop:

  • a consultation model for exchanging knowledge and experience between supply chain partners, taking into account differences in expertise and organisational scale;
  • a description of a generally applicable process and deliverables for developing a cybersecurity supply chain architecture;
  • a supply chain architecture for the energy sector, based on this approach.

The Network & Systems Engineering (NSE) research group will focus specifically on the detection of and response to OT malware and its application within the energy sector.

Project Duration

The project runs from 1 April 2025 to 31 March 2028.

Project Team and Contact

  • Gerard Hoekstra
  • Eric ten Bos
  • Arthur Djamardzhashvili

Client

This project is carried out on behalf of CS4NL.

Partners

The partners include The Hague University of Applied Sciences (research groups NSE and CSS), Utrecht University of Applied Sciences, Avans University of Applied Sciences, and a broad range of private-sector organisations, from energy producers to consumers, architects to developers, and multinationals to SMEs, including: Milence, Solventa, Alliander, Sopra Steria, X-Alert Technologies, Verum, Strategy Alliance, Bvolve, and Synergy.

Funding

This project is funded through the TKI Call Critical Chains and Systems – TKI Energy.

Involved Programme

The HBO-ICT programme of the Faculty of IT & Design (IT&D) is involved in this project.