Cybersecurity in ICT Supply Chains: Key Challenges and a Relevant Architecture.

The specific demands of supply chains built upon large and complex IoT systems, make it a must to design a coordinated framework for cyber resilience provisioning, intended to guarantee trusted supply chains of ICT systems, built upon distributed, dynamic, potentially insecure, and heterogeneous ICT infrastructures. As such, the solution proposed in this paper is envisioned to deal with the whole supply chain system components, from the IoT ecosystem to the infrastructure connecting them, addressing security and privacy functionalities related to risks and vulnerabilities management, accountability, and mitigation strategies, as well as security metrics and evidence-based security assurance. In this paper, we present FISHY as a preliminary architecture that is designed to orchestrate existing and beyond state-of-the-art security appliances in composed ICT scenarios.