Segurança na cadeia de suprimentos internacional : protocolo de gestão de risco para o transporte marítimo de cargas less than container load

Bonatto, Heitor

January 2016

A gestão das ameaças e dos riscos nas empresas tem se dedicado a estudar estes problemas, pelo viés de mercado, com o intuito de torná-las mais preparadas para enfrentar estes desafios. Nesse sentido, uma série de instrumentos de análise diagnosticaram que as ameaças e os riscos fazem parte da natureza das relações empresariais. Dentre as inúmeras relações que uma empresa estabelece para atingir os seus objetivos, destacam-se as que estão inseridas em um sistema denominado “cadeia de suprimentos” que, em decorrência do processo de globalização tornou-se internacionalizada. As empresas, ao prolongarem suas cadeias de suprimentos “além fronteiras”, estão submetidas, às influências do ambiente econômico, geopolítico, social e histórico. Nesses ambientes, o ano de 2001 originou uma série de estudos de gestão de risco que identificaram, nas ameaças externas ou exógenas, isto é, as que estão fora do viés de mercado, a possibilidade de tornar a cadeia de suprimentos internacional insegura. Tais ameaças se configuram em ações da natureza e ações praticadas pelo ser humano, por meio de atos criminosos, como, o terrorismo, o tráfico, o contrabando e a pirataria marítima Além das empresas, os países criaram regimes internacionais que buscaram proteger as cadeias de suprimentos, principalmente, em seu sistema de transporte, destacando-se o modo chamado “marítimo”, em razão da sua intensa utilização para transportar cargas. O presente estudo tem como objetivo propor um protocolo de gestão de risco para o transporte marítimo de cargas “less than container load”, para tornar a cadeia de suprimentos internacional mais segura. A metodologia utilizada nesta pesquisa, foi descritiva e documental, já que descreveu o processo de operacionalização e baseou-se na análise dos documentos, utilizados na gestão do transporte marítimo “less than container load”. Conclui-se, assim, que o operador de transporte multimodal, como responsável por operacionalizar uma forma de transportar cargas, a qual torna a cadeia de suprimentos insegura, tem condições e, principalmente, o dever de juntar-se aos outros atores, em prol do aumento da segurança do sistema. / The management of threats and risks in the company has been dedicated to study these problems by market bias in order to make them better prepared to face these challenges. In this regard a number of analytical tools diagnosed threats and risks as part of the business relations. Among the many relationships that a company established to achieve their goals, we highlight those that are embedded in a system called the supply chain, which as a result of the globalization process has become internationalized. Companies to extend their supply chains "across borders", are subject to the influences of economic, geopolitical, social and historical environment. In these environments, the year 2001 led to a series of risk management studies that have identified the external or exogenous threats, those outside the market bias, the possibility of making the chain of uncertain international supplies. Such threats are configured shares of nature and actions taken by humans, by means of criminal acts as terrorism, trafficking, smuggling and maritime piracy In addition to companies, countries have created international regimes that sought to protect supply chains, especially in its transport system, highlighting the called maritime, because of their heavy use to transport cargo. The thesis aims to propose a risk management protocol for the shipping cargo "less than container load" to make the international supply chain more secure. The methodology used was based on descriptive type and documentary because described the operational process and analized documents used in the management of shipping “less than container load”, In conclusion, the multimodal transport operator who is responsible for operating a means of transporting cargo , which makes the supply chain insecure supplies, has conditions , and especially the obligation to join the other actors , in favor of the increase system security.

Logística

Transporte marítimo

Política marítima

Logistic

International supply chain security

World maritime industry

Maritime transport

Risk management

Transnational threats

Adaptive Beyond Von-Neumann Computing Devices and Reconfigurable Architectures for Edge Computing Applications

Hossain, Mousam

01 January 2024

The Von-Neumann bottleneck, a major challenge in computer architecture, results from significant data transfer delays between the processor and main memory. Crossbar arrays utilizing spin-based devices like Magnetoresistive Random Access Memory (MRAM) aim to overcome this bottleneck by offering advantages in area and performance, particularly for tasks requiring linear transformations. These arrays enable single-cycle and in-memory vector-matrix multiplication, reducing overheads, which is crucial for energy and area-constrained Internet of Things (IoT) sensors and embedded devices. This dissertation focuses on designing, implementing, and evaluating reconfigurable computation platforms that leverage MRAM-based crossbar arrays and analog computation to support deep learning and error resilience implementations. One key contribution is the investigation of Spin Torque Transfer MRAM (STT-MRAM) technology scaling trends, considering power dissipation, area, and process variation (PV) across different technology nodes. A predictive model for power estimation in hybrid CMOS/MTJ technology has been developed and validated, along with new metrics considering the Internet of Things (IoT) energy profile of various applications. The dissertation introduces the Spintronically Configurable Analog Processing in-memory Environment (SCAPE), integrating analog arithmetic, runtime reconfigurability, and non-volatile devices within a selectable 2-D topology of hybrid spin/CMOS devices. Simulation results show improvements in error rates, power consumption, and power-error-product metric for real-world applications like machine learning and compressive sensing, while assessing process variation impact. Additionally, it explores transportable approaches to more robust SCAPE implementations, including applying redundancy techniques for artificial neural network (ANN)-based digit recognition applications. Generic redundancy techniques are developed and applied to hybrid spin/CMOS-based ANNs, showcasing improved/comparable accuracy with smaller-sized networks. Furthermore, the dissertation examines hardware security considerations for emerging memristive device-based applications, discussing mitigation approaches against malicious manufacturing interventions. It also discusses reconfigurable computing for AI/ML applications based on state-of-the-art FPGAs, along with future directions in adaptive computing architectures for AI/ML at the edge of the network.

Computer and Systems Architecture

Computer Engineering

<strong>Countermeasures for Preventing Malicious Infiltration on the Information Technology Supply Chain</strong>

Leah Michelle Roberts (15952769)

31 May 2023

<p>  </p> <p>Supply chain security continues to be an overlooked field with consequences that can disrupt industrial complexes, cause irreparable harm to critical infrastructure services, and bring unparalleled devastation to human lives. These risks, once constrained to physical tactics, have advanced to undetectable cyber strategies as in the case of the infamous third-party attacks on Target and SolarWinds (Wright, 2021). Moreover, no one sector appears to be immune, as a study by the Government Accountability Office (GAO) found that federal agencies also lag in complying with their own standards as published by the National Institute of Standards and Technology (NIST) (Eyadema, 2021).  Throughout this research study, malicious infiltrations propagated by nefarious actors were explored to identify countermeasures and best practices that can be deployed to protect organizations. Often, the lack of defense strategies is not from an absence of information, but from overly complex procedures and a lack of concise requirements. In a recent survey of Department of Defense (DoD) suppliers, 46% of respondents claimed that the supply chain requirements were too difficult to understand, thus reaffirming the importance of creating tools and techniques that are pragmatic and easily implementable (Boyd, 2020).</p> <p><br></p> <p>The research study presented offered notable safeguards through a literature review of prior studies, standards, and a document analysis of three prominent Information Technology (IT) companies who have made considerable advances in the field of IT supply chain. The results of the research led to the creation of the <em>Roberts Categorization Pyramid </em>which follows a zero-trust framework of “never trust, always verify” (Pavana & Prasad, 2022, p. 2). The pyramid is then further broken down into a formidable six-layer support structure consisting of governance, physical security, sourcing security, manufacturing, hardware security, and software security best practices. Finally, the importance of persistent vigilance throughout the life cycle of IT is highlighted through a continuous monitoring defense strategy layer that engulfs the entirety of the pyramid.  Through this compilation of pragmatic countermeasures, supply chain practitioners can become more informed, leading to more mindful decisions and protective requirements in future solicitations and supplier flow-downs. </p>

Supply chains

supply chain security

cyber supply chain

IT supply chain countermeasures

IT infiltration

zero trust

embedded hardware devices

malicious code

cyber

Cyber Supply Chain Security and the Swedish Security Protected Procurement with Security Protective Agreement

Dios Falk, Carina

January 2023

Digitalisation and globalisation are increasing the number of integrated and interconnected information technology (IT) systems worldwide. Consequently, these relationships and dependencies develop technological relationships through their services. Identifying all these relations is for organisations a challenge and complex since it involves millions of source code lines and global connections. For this reason, cyber supply chain risk management (C-SCRM) is becoming ever more critical for organisations to manage risks associated with information technology and operational technology (OT). At the same time, during a press conference, the Swedish Minister for Defense Peter Hultquist estimated that there are approx. 100.000 cyber activities against Swedish targets every year that targets both the Private and Public sector. In response to the evolving threat landscape, Sweden is experiencing a paradigm shift in protective security processes with new legislation entering into force that aims to protect Sweden's security against espionage, sabotage, terrorist offences and other crimes against national security. These rules on protective security, the Protective Security Act (2018:585) and Protective Security Ordinance (2021:955) apply to operators that are important for Sweden's national security and affect how public procurement processes are regulated. This thesis aims to study how the Swedish Security Protected Procurement with Security Protective Agreements (SUA) process and Cyber Supply Chain Risk Management (C-SCRM) relate and to understand what practices increase and decrease the level of C-SCRM in the current SUA process. The research questions are Q1) How does the SUA process relate to C-SCRM? and Q2) How does the SUA process affect the level of C-SCRM? This research paper contributes to understanding C-SCRM in the context of the Swedish Security Protected Procurement with Security Protective Agreements (SUA). To answer the research questions a Case study strategy was used, and interviews were conducted with eight key experts as well as a document analysis. The results showed that audit, regulation and people and processes are essential to managing C-SCRM and that processes within other international models, including the CMMC and Cyber Essential Plus, should be adopted to the SUA process to better manage cyber supply chain risks.

Cyber Security

Protective Security

Public Procurement

Cyber Supply Chain Security

Swedish National Security

Risk Management

Cyber Security Risk Management

NIST 800-161

ISO/IEC 27036

NISTIR 8276

Computer Sciences

Datavetenskap (datalogi)

Towards Understanding and Securing the OSS Supply Chain

Vu Duc, Ly

14 March 2022

Free and Open-Source Software (FOSS) has become an integral part of the software supply chain in the past decade. Various entities (automated tools and humans) are involved at different stages of the software supply chain. Some actions that occur in the chain may result in vulnerabilities or malicious code injected in a published artifact distributed in a package repository. At the end of the software supply chain, developers or end-users may consume the resulting artifacts altered in transit, including benign and malicious injection. This dissertation starts from the first link in the software supply chain, ‘developers’. Since many developers do not update their vulnerable software libraries, thus exposing the user of their code to security risks. To understand how they choose, manage and update the libraries, packages, and other Open-Source Software (OSS) that become the building blocks of companies’ completed products consumed by end-users, twenty-five semi-structured interviews were conducted with developers of both large and small-medium enterprises in nine countries. All interviews were transcribed, coded, and analyzed according to applied thematic analysis. Although there are many observations about developers’ attitudes on selecting dependencies for their projects, additional quantitative work is needed to validate whether behavior matches or whether there is a gap. Therefore, we provide an extensive empirical analysis of twelve quality and popularity factors that should explain the corresponding popularity (adoption) of PyPI packages was conducted using our tool called py2src. At the end of the software supply chain, software libraries (or packages) are usually downloaded directly from the package registries via package dependency management systems under the comfortable assumption that no discrepancies are introduced in the last mile between the source code and their respective packages. However, such discrepancies might be introduced by manual or automated build tools (e.g., metadata, Python bytecode files) or for evil purposes (malicious code injects). To identify differences between the published Python packages in PyPI and the source code stored on Github, we developed a new approach called LastPyMile . Our approach has been shown to be promising to integrate within the current package dependency management systems or company workflow for vetting packages at a minimal cost. With the ever-increasing numbers of software bugs and security vulnerabilities, the burden of secure software supply chain management on developers and project owners increases. Although automated program repair approaches promise to reduce the burden of bug-fixing tasks by suggesting likely correct patches for software bugs, little is known about the practical aspects of using APR tools, such as how long one should wait for a tool to generate a bug fix. To provide a realistic evaluation of five state-of-the-art APR tools, 221 bugs from 44 open-source Java projects were run within a reasonable developers’ time and effort.

The development of a criminological intervention model for the Rosslyn industrial environment in Tshwane, Gauteng, South Africa

Pretorius, William Lyon

02 1900

The problem investigated in this research is the ongoing crime threat and the extreme risks which impact negatively on the sustainability of the Rosslyn Industry - the industrial hub of Tshwane in the Gauteng Provence of South Africa. Businesses in Rosslyn are desperate for a solution that will mitigate these crime threats and risks, and ensure the future sustainability of this important industrial community. An intervention model is urgently required to prevent this type of crime, not only as a short term solution but as a sustainable long term intervention. This research study initiated the collaboration required for the successful implementation of a Crime Prevention Intervention Model (CPIM) in the Rosslyn industrial environment. The intended crime prevention model has been designed in such a way that it addresses the entire environment of crime that prevails in the Rosslyn area involving both the offender and the victim. This design is rooted in the ontology of Environmental Criminology and more specific on the applied epistemology of Crime Prevention Through Environmental Design (CPTED). Participants in this project are representatives who are responsible for all security functions in both big businesses and small enterprises. And with their dedicated assistance the research findings disclosed the current crime status of the Rosslyn environment regarding the threat, risk, security vulnerabilities, controls and needs: • Crime and its causal factors, in Rosslyn, are rife and no noteworthy action has been implemented to mitigate these threats. • Collaboration between Rosslyn role players (neighbours, local government and law enforcement) is for all purposes non-existent. • And to complicate matters even more, knowledge of how to effectively mitigate crime is limited and handicapped by the re-active physical security methods currently being used. • The implication of these findings is that the status quo will eventually render business in Rosslyn unsustainable. Thus a CPIM in Rosslyn is inevitable. What was crucial to this research and to the CTPED design is the detailed sourcing of accurate data addressing the experiences and the needs the respondents identified in the current Rosslyn crime situation concerning; status, the threat, risk, security, vulnerabilities and controls. In order to achieve this level of data sourcing and assimilation, the essential features of the research method were based on a mixed approach where quantitative and qualitative methods were implemented in parallel. The diverse fields, sources and respondent mix required for a Rosslyn Industry CPIM also necessitated a MIT (Multi,-Inter,-Trans,-Disciplinary) approach. This MIT requirement is successfully facilitated through the applied criminological CPTED approach. The CPIM is based on the combined outcomes of the following three research fields: • Field-one: Environmental criminology theories are researched through an in-depth literature review to demonstrate the criminological grounding of crime prevention and to guide its application through the development of an applied CPTED SUITE. • Field-two: Supply Chain Security (SCS) are researched through an in-depth literature review to establish its criminological relevance and applications. SCS requirements are identified and built into the Field-Three research process and tested for relevance and for incorporation in the CPTED SUITE. • Field-three: Based on a mixed research process, using a custom designed Criminological Risk Analyses tool incorporating scheduled interviews and questionnaires, the crime and needs profile of the Rosslyn Industry are uncovered and analysed. The results are filtered through the CPTED SUITE to indicate the correct criminological approach for mitigating the identified problems and needs. Even though this study takes an applied crime preventative approach, the criminological-philosophical mould of crime prevention is imperative for the effective application of the CPTED. Security and crime prevention training, planning and application, without this approach will remain underdeveloped and outdated. Finally the underlying intention of this research is for this Crime Prevention Intervention Model (CPIM) to be adapted and implemented and to serve as a guide or a benchmark for security practitioners in any industrial environment that has the same crime threats and crime risk challenges. / Criminology and Security Science / D. Litt. et Phil. (Criminology)

CPTED

Crime prevention

Crime prevention intervention model

Environmental criminology

Mix research

Multi-Inter-Trans-Disciplinary

Risk analysis

Rosslyn

Security applications

Supply chain security

364.22096822

Spatial analysis (Statistics)

Rosslyn (Pretoria, South Africa)

The development of a criminological intervention model for the Rosslyn industrial environment in Tshwane, Gauteng, South Africa

Pretorius, William Lyon

02 1900

The problem investigated in this research is the ongoing crime threat and the extreme risks which impact negatively on the sustainability of the Rosslyn Industry - the industrial hub of Tshwane in the Gauteng Provence of South Africa. Businesses in Rosslyn are desperate for a solution that will mitigate these crime threats and risks, and ensure the future sustainability of this important industrial community. An intervention model is urgently required to prevent this type of crime, not only as a short term solution but as a sustainable long term intervention. This research study initiated the collaboration required for the successful implementation of a Crime Prevention Intervention Model (CPIM) in the Rosslyn industrial environment. The intended crime prevention model has been designed in such a way that it addresses the entire environment of crime that prevails in the Rosslyn area involving both the offender and the victim. This design is rooted in the ontology of Environmental Criminology and more specific on the applied epistemology of Crime Prevention Through Environmental Design (CPTED). Participants in this project are representatives who are responsible for all security functions in both big businesses and small enterprises. And with their dedicated assistance the research findings disclosed the current crime status of the Rosslyn environment regarding the threat, risk, security vulnerabilities, controls and needs: • Crime and its causal factors, in Rosslyn, are rife and no noteworthy action has been implemented to mitigate these threats. • Collaboration between Rosslyn role players (neighbours, local government and law enforcement) is for all purposes non-existent. • And to complicate matters even more, knowledge of how to effectively mitigate crime is limited and handicapped by the re-active physical security methods currently being used. • The implication of these findings is that the status quo will eventually render business in Rosslyn unsustainable. Thus a CPIM in Rosslyn is inevitable. What was crucial to this research and to the CTPED design is the detailed sourcing of accurate data addressing the experiences and the needs the respondents identified in the current Rosslyn crime situation concerning; status, the threat, risk, security, vulnerabilities and controls. In order to achieve this level of data sourcing and assimilation, the essential features of the research method were based on a mixed approach where quantitative and qualitative methods were implemented in parallel. The diverse fields, sources and respondent mix required for a Rosslyn Industry CPIM also necessitated a MIT (Multi,-Inter,-Trans,-Disciplinary) approach. This MIT requirement is successfully facilitated through the applied criminological CPTED approach. The CPIM is based on the combined outcomes of the following three research fields: • Field-one: Environmental criminology theories are researched through an in-depth literature review to demonstrate the criminological grounding of crime prevention and to guide its application through the development of an applied CPTED SUITE. • Field-two: Supply Chain Security (SCS) are researched through an in-depth literature review to establish its criminological relevance and applications. SCS requirements are identified and built into the Field-Three research process and tested for relevance and for incorporation in the CPTED SUITE. • Field-three: Based on a mixed research process, using a custom designed Criminological Risk Analyses tool incorporating scheduled interviews and questionnaires, the crime and needs profile of the Rosslyn Industry are uncovered and analysed. The results are filtered through the CPTED SUITE to indicate the correct criminological approach for mitigating the identified problems and needs. Even though this study takes an applied crime preventative approach, the criminological-philosophical mould of crime prevention is imperative for the effective application of the CPTED. Security and crime prevention training, planning and application, without this approach will remain underdeveloped and outdated. Finally the underlying intention of this research is for this Crime Prevention Intervention Model (CPIM) to be adapted and implemented and to serve as a guide or a benchmark for security practitioners in any industrial environment that has the same crime threats and crime risk challenges. / Criminology and Security Science / D. Litt. et Phil. (Criminology)

CPTED

Crime prevention

Crime prevention intervention model

Environmental criminology

Mix research

Multi-Inter-Trans-Disciplinary

Risk analysis

Rosslyn

Security applications

Supply chain security

364.22096822

Spatial analysis (Statistics)

Rosslyn (Pretoria, South Africa)