Supply chain networks face diverse risks that threaten operational continuity and economic stability. Traditional disruptions such as natural disasters, geopolitical conflicts, and supplier failures have long challenged global and European supply chains, but cyber threats have recently emerged as an equally critical concern. High-profile cyberattacks on supply chains including ransomware strikes, third-party software compromises, and assaults on logistics systems – have surged in frequency and impact, disrupting the production and delivery of essential goods. In response, policymakers in the European Union have introduced robust regulatory frameworks to bolster resilience. Key among these are the General Data Protection Regulation (GDPR) for data protection, the Digital Operational Resilience Act (DORA) for financial services, and the Network and Information Security directives (NIS and the new NIS2) aimed at safeguarding critical infrastructure. The current study examines the full spectrum of supply chain risks with an emphasis on cyber threats, and traces the evolution of EU cybersecurity policy culminating in the NIS2 Directive. By analyzing real-world case studies of breaches and regulatory responses, the urgent need for enhanced cyber resilience in supply chains is highlighted. In addition, a step-by-step guide to implement NIS2 in enterprises with different level of cyber maturity is required. The thesis also evaluates how NIS2’s expanded scope and stricter requirements address these challenges, explicitly mandating supply chain security measures for a wide range of sectors. Furthermore, the research highlights industry best practices and expert insights for managing cyber risks, and it offers practical recommendations both technical recommendations and policy actions to help organizations strengthen their supply chain cybersecurity and their overall cybersecurity and future development. In sum, the findings underscore that while NIS2 provides a much-needed framework to improve resilience, effective implementation and proactive risk management are essential to secure European supply chains against evolving cyber threats, and if the EU sees it as an opportunity and builds on it with our other medium to high maturity level technologies such as AI, ML the EU can further improve their cyber-resilience for future attacks.
Supply chain networks face diverse risks that threaten operational continuity and economic stability. Traditional disruptions such as natural disasters, geopolitical conflicts, and supplier failures have long challenged global and European supply chains, but cyber threats have recently emerged as an equally critical concern. High-profile cyberattacks on supply chains including ransomware strikes, third-party software compromises, and assaults on logistics systems – have surged in frequency and impact, disrupting the production and delivery of essential goods. In response, policymakers in the European Union have introduced robust regulatory frameworks to bolster resilience. Key among these are the General Data Protection Regulation (GDPR) for data protection, the Digital Operational Resilience Act (DORA) for financial services, and the Network and Information Security directives (NIS and the new NIS2) aimed at safeguarding critical infrastructure. The current study examines the full spectrum of supply chain risks with an emphasis on cyber threats, and traces the evolution of EU cybersecurity policy culminating in the NIS2 Directive. By analyzing real-world case studies of breaches and regulatory responses, the urgent need for enhanced cyber resilience in supply chains is highlighted. In addition, a step-by-step guide to implement NIS2 in enterprises with different level of cyber maturity is required. The thesis also evaluates how NIS2’s expanded scope and stricter requirements address these challenges, explicitly mandating supply chain security measures for a wide range of sectors. Furthermore, the research highlights industry best practices and expert insights for managing cyber risks, and it offers practical recommendations both technical recommendations and policy actions to help organizations strengthen their supply chain cybersecurity and their overall cybersecurity and future development. In sum, the findings underscore that while NIS2 provides a much-needed framework to improve resilience, effective implementation and proactive risk management are essential to secure European supply chains against evolving cyber threats, and if the EU sees it as an opportunity and builds on it with our other medium to high maturity level technologies such as AI, ML the EU can further improve their cyber-resilience for future attacks.
Cyber Resilience in Practice: enablers, barriers and implementation roadmap for NIS2 adoption
HARB, JOHNNY
2024/2025
Abstract
Supply chain networks face diverse risks that threaten operational continuity and economic stability. Traditional disruptions such as natural disasters, geopolitical conflicts, and supplier failures have long challenged global and European supply chains, but cyber threats have recently emerged as an equally critical concern. High-profile cyberattacks on supply chains including ransomware strikes, third-party software compromises, and assaults on logistics systems – have surged in frequency and impact, disrupting the production and delivery of essential goods. In response, policymakers in the European Union have introduced robust regulatory frameworks to bolster resilience. Key among these are the General Data Protection Regulation (GDPR) for data protection, the Digital Operational Resilience Act (DORA) for financial services, and the Network and Information Security directives (NIS and the new NIS2) aimed at safeguarding critical infrastructure. The current study examines the full spectrum of supply chain risks with an emphasis on cyber threats, and traces the evolution of EU cybersecurity policy culminating in the NIS2 Directive. By analyzing real-world case studies of breaches and regulatory responses, the urgent need for enhanced cyber resilience in supply chains is highlighted. In addition, a step-by-step guide to implement NIS2 in enterprises with different level of cyber maturity is required. The thesis also evaluates how NIS2’s expanded scope and stricter requirements address these challenges, explicitly mandating supply chain security measures for a wide range of sectors. Furthermore, the research highlights industry best practices and expert insights for managing cyber risks, and it offers practical recommendations both technical recommendations and policy actions to help organizations strengthen their supply chain cybersecurity and their overall cybersecurity and future development. In sum, the findings underscore that while NIS2 provides a much-needed framework to improve resilience, effective implementation and proactive risk management are essential to secure European supply chains against evolving cyber threats, and if the EU sees it as an opportunity and builds on it with our other medium to high maturity level technologies such as AI, ML the EU can further improve their cyber-resilience for future attacks.| File | Dimensione | Formato | |
|---|---|---|---|
|
Thesis_Harb Johnny.pdf
Accesso riservato
Dimensione
952.79 kB
Formato
Adobe PDF
|
952.79 kB | Adobe PDF |
The text of this website © Università degli studi di Padova. Full Text are published under a non-exclusive license. Metadata are under a CC0 License
https://hdl.handle.net/20.500.12608/87210