Preventing or Mitigating Adversarial Supply Chain Attacks: A Legal Analysis

Proceedings of the 2022 ACM Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses Pub Date : 2022-08-06 DOI:10.1145/3560835.3564552

K. Ludvigsen, Shishir Nagaraja, A. Daly

{"title":"Preventing or Mitigating Adversarial Supply Chain Attacks: A Legal Analysis","authors":"K. Ludvigsen, Shishir Nagaraja, A. Daly","doi":"10.1145/3560835.3564552","DOIUrl":null,"url":null,"abstract":"The world is currently strongly connected through both the internet at large, but also the very supply chains which provide everything from food to infrastructure and technology. The supply chains are themselves vulnerable to adversarial attacks, both in a digital and physical sense, which can disrupt or at worst destroy them. In this paper, we take a look at two examples of such successful attacks to put the idea of Supply Chain Attacks into perspective, and analyse how EU and national law can prevent these attacks or otherwise punish companies which do not try to mitigate them at all possible costs. We find that the current types of national regulation are not technology specific enough, and cannot force or otherwise mandate the correct parties who could play the biggest role in preventing supply chain attacks to do everything in their power to mitigate them. But, current EU law is on the right path, and further \\textcolorblack development of this may be what is necessary to combat these large threats, as national law may fail at properly regulating companies when it comes to cybersecurity.","PeriodicalId":208151,"journal":{"name":"Proceedings of the 2022 ACM Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses","volume":"80 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-08-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 2022 ACM Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3560835.3564552","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 3

Abstract

The world is currently strongly connected through both the internet at large, but also the very supply chains which provide everything from food to infrastructure and technology. The supply chains are themselves vulnerable to adversarial attacks, both in a digital and physical sense, which can disrupt or at worst destroy them. In this paper, we take a look at two examples of such successful attacks to put the idea of Supply Chain Attacks into perspective, and analyse how EU and national law can prevent these attacks or otherwise punish companies which do not try to mitigate them at all possible costs. We find that the current types of national regulation are not technology specific enough, and cannot force or otherwise mandate the correct parties who could play the biggest role in preventing supply chain attacks to do everything in their power to mitigate them. But, current EU law is on the right path, and further \textcolorblack development of this may be what is necessary to combat these large threats, as national law may fail at properly regulating companies when it comes to cybersecurity.

查看原文本刊更多论文

预防或减轻对抗性供应链攻击:法律分析

目前，整个世界通过互联网紧密相连，同时也通过提供从食品到基础设施和技术的供应链紧密相连。供应链本身很容易受到数字和物理方面的对抗性攻击，这些攻击可能会破坏或在最坏的情况下摧毁它们。在本文中，我们看了两个这样成功的攻击的例子，把供应链攻击的想法透视，并分析欧盟和国家法律如何防止这些攻击或以其他方式惩罚那些不试图尽一切可能的代价减轻攻击的公司。我们发现，目前的国家监管类型在技术上不够具体，也不能强迫或以其他方式授权能够在防止供应链攻击方面发挥最大作用的正确各方尽其所能减轻攻击。但是，目前的欧盟法律正走在正确的道路上，进一步发展这一点可能是对抗这些巨大威胁所必需的，因为国家法律可能无法在网络安全方面适当地规范公司。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Proceedings of the 2022 ACM Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses

自引率

0.00%

发文量