Supply chain cybersecurity
Funding from NSF and NIST powers research into cybersecurity of supply chain at CSU
story by Josh Rhoten
published Nov. 29, 2023
The modern supply chain is built on a complex network that connects transportation, manufacturing and other key systems across the country. However, the aging technology that underpins those key relationships through the internet is an increasingly soft and enticing target for cyberattacks.
Protecting cyber-physical elements in the chain like a truck’s navigation system or a customer’s personal information stored in shipping databases, for example, is becoming increasingly important, said Colorado State University Computer Science Professor Indrakshi Ray.
“At CSU we are training the next generation of researchers on ways to prevent, detect and respond to those kinds of attacks on our infrastructure while also building up resilience to them,” she said. “That is difficult because we are dealing with legacy systems that have a very long lifespan and have worked well, but were designed without modern cybersecurity needs in mind. In this newly interconnected world, attacks by malicious groups can be launched both remotely or physically on key elements of the system, and an attack on one has an impact on all of them.”
“At CSU we are training the next generation of researchers on ways to prevent, detect and respond to those kinds of attacks on our infrastructure while also building up resilience to them.”
— Computer Science Professor Indrakshi Ray
Ray currently serves as a site director for the Center for Cybersecurity Analytics and Automation on campus, which focuses on security for complex cyber-systems. Her team’s work there includes developing algorithms to prevent hacking of heavy vehicles such as tractors and supporting phishing detection to protect both consumers and companies. She said the center is a unique partnership through the National Science Foundation with George Mason University and the University of North Carolina Charlotte through the Industry-University Cooperative Research Centers program.
The program is designed to help startups, established industry and agencies connect directly with university faculty and student researchers to solve shared pre-competitive challenges in a low-risk environment. The aim is to develop new technology, leverage resources and – most importantly – build out the U.S. workforce in critical areas like the supply chain and cybersecurity through graduate student-led research projects.
Ray is also leading similar research at the university through a newly funded partnership with the National Institute of Standards and Technology. That work focuses on “broken access control” – when an unauthorized user is able to gain access to information such as user names or entire systems such as mail servers due to poor initial authentication protections. Ray said the project is directly relevant to supply chain security and advanced manufacturing.
“We are investigating how to develop new access control models that take into account properties of users, properties of devices and the conditions of the environment before giving access,” she said. “Our model will also allow for the access control configuration to change while it is deployed.”