Integrated model to optimize supplier selection and investments for cyber resilience in digital supply chains

IF 9.8 1区工程技术 Q1 ENGINEERING, INDUSTRIAL

International Journal of Production Economics Pub Date : 2024-07-14 DOI:10.1016/j.ijpe.2024.109338

Harpreet Kaur , Mahima Gupta , Surya Prakash Singh

{"title":"Integrated model to optimize supplier selection and investments for cyber resilience in digital supply chains","authors":"Harpreet Kaur , Mahima Gupta , Surya Prakash Singh","doi":"10.1016/j.ijpe.2024.109338","DOIUrl":null,"url":null,"abstract":"<div><p>Digitalization has revolutionized the supply chain networks but also introduces vulnerabilities to the cyber threats. Notably, in past two years, the cyber-attacks on different organizations worldwide have increased at an alarming rate resulting in significant financial loss to supply chains, intellectual property breaches and supply disruptions. As a result, companies are making significant investments in their cybersecurity. However, many incidents were reported where threat actors attacked a company using the shared digital systems with its suppliers. Therefore, it is important that suppliers are selected based on their cyber resilience. This paper identifies the cyber resilience criteria and proposed a multi criteria decision making based framework to evaluate the cyber resilience of a supply chain partner. It has been also realized that investment in organizational cybersecurity alone is not sufficient to protect supply chains. Companies are now investing in increasing their supply chain cyber capabilities. In this direction, paper also proposes a mixed integer linear program (MILP) to jointly optimize supplier selection and cyber investment decisions in a supply chain based on the supplier's current cyber resilience and potential return on the cyber investments made in selected suppliers. Computational experiments are conducted to study the tradeoffs and impact of sourcing strategy, supplier capacity, cyber security investment decisions on supply chain cyber resilience. The findings underscore that an integrated decision making of supplier selection and cyber investments maximizes the supply chain cyber resilience.</p></div>","PeriodicalId":14287,"journal":{"name":"International Journal of Production Economics","volume":"275 ","pages":"Article 109338"},"PeriodicalIF":9.8000,"publicationDate":"2024-07-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Journal of Production Economics","FirstCategoryId":"5","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0925527324001956","RegionNum":1,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"ENGINEERING, INDUSTRIAL","Score":null,"Total":0}

引用次数: 0

Abstract

Digitalization has revolutionized the supply chain networks but also introduces vulnerabilities to the cyber threats. Notably, in past two years, the cyber-attacks on different organizations worldwide have increased at an alarming rate resulting in significant financial loss to supply chains, intellectual property breaches and supply disruptions. As a result, companies are making significant investments in their cybersecurity. However, many incidents were reported where threat actors attacked a company using the shared digital systems with its suppliers. Therefore, it is important that suppliers are selected based on their cyber resilience. This paper identifies the cyber resilience criteria and proposed a multi criteria decision making based framework to evaluate the cyber resilience of a supply chain partner. It has been also realized that investment in organizational cybersecurity alone is not sufficient to protect supply chains. Companies are now investing in increasing their supply chain cyber capabilities. In this direction, paper also proposes a mixed integer linear program (MILP) to jointly optimize supplier selection and cyber investment decisions in a supply chain based on the supplier's current cyber resilience and potential return on the cyber investments made in selected suppliers. Computational experiments are conducted to study the tradeoffs and impact of sourcing strategy, supplier capacity, cyber security investment decisions on supply chain cyber resilience. The findings underscore that an integrated decision making of supplier selection and cyber investments maximizes the supply chain cyber resilience.

查看原文本刊更多论文

优化供应商选择和投资以提高数字供应链网络复原力的综合模型

数字化彻底改变了供应链网络，但也带来了网络威胁的脆弱性。值得注意的是，在过去两年中，全球不同组织受到的网络攻击以惊人的速度增加，导致供应链遭受重大经济损失、知识产权泄露和供应中断。因此，企业纷纷在网络安全方面进行大量投资。然而，据报道，在许多事件中，威胁分子利用公司与其供应商共享的数字系统对公司进行攻击。因此，必须根据供应商的网络复原力来选择供应商。本文确定了网络复原力标准，并提出了一个基于多标准决策的框架，用于评估供应链合作伙伴的网络复原力。人们还认识到，仅投资于组织网络安全不足以保护供应链。目前，企业正在投资提高其供应链网络能力。在这个方向上，本文还提出了一个混合整数线性程序（MILP），根据供应商当前的网络复原力和对选定供应商进行网络投资的潜在回报，联合优化供应链中的供应商选择和网络投资决策。通过计算实验研究了采购策略、供应商能力、网络安全投资决策对供应链网络复原力的权衡和影响。研究结果表明，供应商选择和网络投资的综合决策可最大限度地提高供应链网络复原力。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

International Journal of Production Economics 管理科学-工程：工业

CiteScore

21.40

自引率

7.50%

发文量

266

审稿时长

52 days

期刊介绍： The International Journal of Production Economics focuses on the interface between engineering and management. It covers all aspects of manufacturing and process industries, as well as production in general. The journal is interdisciplinary, considering activities throughout the product life cycle and material flow cycle. It aims to disseminate knowledge for improving industrial practice and strengthening the theoretical base for decision making. The journal serves as a forum for exchanging ideas and presenting new developments in theory and application, combining academic standards with practical value for industrial applications.