Accountability and Insurance in IoT Supply Chain
This work addresses supply chain security for IoT systems, which is an incremental contribution focusing on risk analysis and economic mechanisms.
The authors tackled the problem of tracking malicious suppliers in IoT supply chains by developing a system-scientific framework for accountability and risk analysis, resulting in quantitative models and economic solutions like contract design and cyber insurance to incentivize truth-telling.
Supply chain security has become a growing concern in security risk analysis of the Internet of Things (IoT) systems. Their highly connected structures have significantly enlarged the attack surface, making it difficult to track the source of the risk posed by malicious or compromised suppliers. This chapter presents a system-scientific framework to study the accountability in IoT supply chains and provides a holistic risk analysis technologically and socio-economically. We develop stylized models and quantitative approaches to evaluate the accountability of the suppliers. Two case studies are used to illustrate accountability measures for scenarios with single and multiple agents. Finally, we present the contract design and cyber insurance as economic solutions to mitigate supply chain risks. They are incentive-compatible mechanisms that encourage truth-telling of the supplier and facilitate reliable accountability investigation for the buyer.