Enhancing Digital Supply Chain Security Through Critical Infrastructure Protection Blueprints: A Review on Challenges, Reference Architectures and Software Bills of Material

Critical Infrastructure Protection (CIP)Critical Infrastructure Protection (CIP) against cascading effects of cyber and physical threats involves several solutions (i.e., software) from CIP domains such as Risk Assessment and Management, Infrastructure InterdependenciesInterdependencies, Resilience Engineering, Data Analytics and Predictive Modelling, and Technological Innovations, e.g., Digital Twin. However, these solutions are often bespoke, limiting reuse, and are scattered across repositories and deliverables. Commercial solutions can be costly and come with licensing constraints and data restrictions. Furthermore, CIP software assets are subjected to supply chainSupply chain attacks. This chapter reviews the blueprint concept for reusing CIP assets and introduces zero trust architectures. This chapter also proposes a community-based approach to facilitate the description, adoption, and reuse of integrated CIP software by researchers and Critical Infrastructure (CI) operators. This approach is based on (i) the definition of reference architecturesReference architecture for CIP software; (ii) the provision of re-usable concrete implementations of these architectures; and (iii) the description of these implementations using TOSCATopology and Orchestration Specification for Cloud Applications (TOSCA) for their deployment and orchestration, considering security and quality of service policies. Overall, this chapter lays the groundwork for a blueprint repository including software, datasets, documentation, and TOSCA service templates, to support broader adoption and reuse of CIP tools.