Preventing or mitigating adversarial supply chain attacks: A legal analysis

Kaspar Rosager Ludvigsen; Shishir Nagaraja; Angela Daly

doi:10.1145/3560835.3564552

Preventing or mitigating adversarial supply chain attacks: A legal analysis

Kaspar Rosager Ludvigsen, Shishir Nagaraja, Angela Daly

Leverhulme Research Centre for Forensic Science

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

4 Citations (Scopus)

Abstract

The world is currently strongly connected through both the internet at large, but also the very supply chains which provide everything from food to infrastructure and technology. The supply chains are themselves vulnerable to adversarial attacks, both in a digital and physical sense, which can disrupt or at worst destroy them. In this paper, we take a look at two examples of such successful attacks to put the idea of Supply Chain Attacks into perspective, and analyse how EU and national law can prevent these attacks or otherwise punish companies which do not try to mitigate them at all possible costs. We find that the current types of national regulation are not technology specific enough, and cannot force or otherwise mandate the correct parties who could play the biggest role in preventing supply chain attacks to do everything in their power to mitigate them. But, current EU law is on the right path, and further development of this may be what is necessary to combat these large threats, as national law may fail at properly regulating companies when it comes to cybersecurity.

Original language	English
Title of host publication	SCORED 2022
Subtitle of host publication	Proceedings of the 2022 ACM Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses, co-located with CCS 2022
Place of Publication	New York, NY
Publisher	Association for Computing Machinery
Pages	25-34
Number of pages	10
ISBN (Electronic)	9781450398855
ISBN (Print)	9781450398855
DOIs	https://doi.org/10.1145/3560835.3564552 https://doi.org/10.1145/3560835.3564552
Publication status	Published - 8 Nov 2022
Event	2022 ACM Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses, SCORED 2022: Co-located with CCS 2022 - Los Angeles, United States Duration: 11 Nov 2022 → 11 Nov 2022 https://scored.dev/

Conference

Conference	2022 ACM Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses, SCORED 2022
Abbreviated title	SCORED 2022
Country/Territory	United States
City	Los Angeles
Period	11/11/22 → 11/11/22
Internet address	https://scored.dev/

Keywords

Cybersecurity
Danish Law
EU Law
Irish Law
Supply Chain Attacks
Supply Chains
UK Law

ASJC Scopus subject areas

Computer Networks and Communications
Computer Science Applications
Information Systems
Software

Access to Document

4 Citations
1 Preprint

Preventing or Mitigating Adversarial Supply Chain Attacks; a legal analysis
Ludvigsen, K. R., Nagaraja, S. & Daly, A., 6 Aug 2022, Cornell University: arXiv.
Research output: Working paper/Preprint › Preprint

Open Access
File
106 Downloads (Pure)

Cite this

Ludvigsen, K. R., Nagaraja, S., & Daly, A. (2022). Preventing or mitigating adversarial supply chain attacks: A legal analysis. In SCORED 2022: Proceedings of the 2022 ACM Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses, co-located with CCS 2022 (pp. 25-34). Association for Computing Machinery. https://doi.org/10.1145/3560835.3564552, https://doi.org/10.1145/3560835.3564552

@inproceedings{df2421dbcbdb4c828af3b0c172b5d74d,

title = "Preventing or mitigating adversarial supply chain attacks: A legal analysis",

abstract = "The world is currently strongly connected through both the internet at large, but also the very supply chains which provide everything from food to infrastructure and technology. The supply chains are themselves vulnerable to adversarial attacks, both in a digital and physical sense, which can disrupt or at worst destroy them. In this paper, we take a look at two examples of such successful attacks to put the idea of Supply Chain Attacks into perspective, and analyse how EU and national law can prevent these attacks or otherwise punish companies which do not try to mitigate them at all possible costs. We find that the current types of national regulation are not technology specific enough, and cannot force or otherwise mandate the correct parties who could play the biggest role in preventing supply chain attacks to do everything in their power to mitigate them. But, current EU law is on the right path, and further development of this may be what is necessary to combat these large threats, as national law may fail at properly regulating companies when it comes to cybersecurity.",

keywords = "Cybersecurity, Danish Law, EU Law, Irish Law, Supply Chain Attacks, Supply Chains, UK Law",

author = "Ludvigsen, {Kaspar Rosager} and Shishir Nagaraja and Angela Daly",

note = "Funding Information: The authors are supported by EPSRC funding under the PETRAS ROAST project. Publisher Copyright: {\textcopyright} 2022 Copyright held by the owner/author(s). Publication rights licensed to ACM.; 2022 ACM Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses, SCORED 2022 : Co-located with CCS 2022, SCORED 2022 ; Conference date: 11-11-2022 Through 11-11-2022",

year = "2022",

month = nov,

day = "8",

doi = "10.1145/3560835.3564552",

language = "English",

isbn = "9781450398855",

pages = "25--34",

booktitle = "SCORED 2022",

publisher = "Association for Computing Machinery",

url = "https://scored.dev/",

}

Ludvigsen, KR, Nagaraja, S & Daly, A 2022, Preventing or mitigating adversarial supply chain attacks: A legal analysis. in SCORED 2022: Proceedings of the 2022 ACM Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses, co-located with CCS 2022. Association for Computing Machinery, New York, NY, pp. 25-34, 2022 ACM Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses, SCORED 2022, Los Angeles, United States, 11/11/22. https://doi.org/10.1145/3560835.3564552, https://doi.org/10.1145/3560835.3564552

Preventing or mitigating adversarial supply chain attacks: A legal analysis. / Ludvigsen, Kaspar Rosager; Nagaraja, Shishir; Daly, Angela.
SCORED 2022: Proceedings of the 2022 ACM Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses, co-located with CCS 2022. New York, NY: Association for Computing Machinery, 2022. p. 25-34.

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - Preventing or mitigating adversarial supply chain attacks

T2 - 2022 ACM Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses, SCORED 2022

AU - Ludvigsen, Kaspar Rosager

AU - Nagaraja, Shishir

AU - Daly, Angela

N1 - Funding Information: The authors are supported by EPSRC funding under the PETRAS ROAST project. Publisher Copyright: © 2022 Copyright held by the owner/author(s). Publication rights licensed to ACM.

PY - 2022/11/8

Y1 - 2022/11/8

N2 - The world is currently strongly connected through both the internet at large, but also the very supply chains which provide everything from food to infrastructure and technology. The supply chains are themselves vulnerable to adversarial attacks, both in a digital and physical sense, which can disrupt or at worst destroy them. In this paper, we take a look at two examples of such successful attacks to put the idea of Supply Chain Attacks into perspective, and analyse how EU and national law can prevent these attacks or otherwise punish companies which do not try to mitigate them at all possible costs. We find that the current types of national regulation are not technology specific enough, and cannot force or otherwise mandate the correct parties who could play the biggest role in preventing supply chain attacks to do everything in their power to mitigate them. But, current EU law is on the right path, and further development of this may be what is necessary to combat these large threats, as national law may fail at properly regulating companies when it comes to cybersecurity.

AB - The world is currently strongly connected through both the internet at large, but also the very supply chains which provide everything from food to infrastructure and technology. The supply chains are themselves vulnerable to adversarial attacks, both in a digital and physical sense, which can disrupt or at worst destroy them. In this paper, we take a look at two examples of such successful attacks to put the idea of Supply Chain Attacks into perspective, and analyse how EU and national law can prevent these attacks or otherwise punish companies which do not try to mitigate them at all possible costs. We find that the current types of national regulation are not technology specific enough, and cannot force or otherwise mandate the correct parties who could play the biggest role in preventing supply chain attacks to do everything in their power to mitigate them. But, current EU law is on the right path, and further development of this may be what is necessary to combat these large threats, as national law may fail at properly regulating companies when it comes to cybersecurity.

KW - Cybersecurity

KW - Danish Law

KW - EU Law

KW - Irish Law

KW - Supply Chain Attacks

KW - Supply Chains

KW - UK Law

U2 - 10.1145/3560835.3564552

DO - 10.1145/3560835.3564552

M3 - Conference contribution

AN - SCOPUS:85143975669

SN - 9781450398855

SP - 25

EP - 34

BT - SCORED 2022

PB - Association for Computing Machinery

CY - New York, NY

Y2 - 11 November 2022 through 11 November 2022

ER -

Ludvigsen KR, Nagaraja S, Daly A. Preventing or mitigating adversarial supply chain attacks: A legal analysis. In SCORED 2022: Proceedings of the 2022 ACM Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses, co-located with CCS 2022. New York, NY: Association for Computing Machinery. 2022. p. 25-34 doi: 10.1145/3560835.3564552, 10.1145/3560835.3564552

Preventing or mitigating adversarial supply chain attacks: A legal analysis

Abstract

Conference

Keywords

ASJC Scopus subject areas

Access to Document

Fingerprint

Research output

Preventing or Mitigating Adversarial Supply Chain Attacks; a legal analysis

Cite this