Geographically Dispersed Supply Chains: A Strategy to Manage Cybersecurity in Industrial Networks Integration

Large industries usually imply geographically dispersed supply chains composed of facilities localized in diverse regions. These facilities commonly involve operational technology (OT) (i.e., industrial control systems—ICS) and information technology (IT) infrastructures, which require integration to enable information processing. Such integration, achieved through cyber-physical systems, and leveraged by the Industry 4.0 emergence, may transform the industry and facilitate the transformation of vast data volumes into valuable information. Security risks posed by dispersed cyber-physical systems may be substantial, and dealing with cybersecurity issues in such context could be very expensive. This study reviews directives regarding cybersecurity risks in companies with dispersed supply chains and also applicable international cybersecurity standards and regulations to derive a strategy to manage cybersecurity in integrated industrial networks. The strategy proposes centralized services, optimized perimeter segregation, and data flow policies among OT and IT networks to balance the trade-off between a high level of protection with cost-effectiveness.