The human factor impact on a Supply Chain Tracking Service through a Risk Assessment Methodology

Koutras, D., Kioskli, K., Kotzanikolaou, P.  (2024). The human factor impact on a Supply Chain Tracking Service through a Risk Assessment Methodology. In: Abbas Moallem (eds) Human Factors in Cybersecurity. AHFE (2024) International Conference. AHFE Open Access, vol 127. AHFE International, USA.
http://doi.org/10.54941/ahfe1004779

Abstract: In the rapidly evolving landscape of supply chain (SC) management, the importance of tracking services in overseeing the lifecycle from production to sale cannot be overstated. These services rely on sophisticated systems that monitor vital condition information such as temperature and humidity. However, beyond the technical and mechanical aspects, human factors play a critical role in the operational integrity of these systems. This paper introduces a novel risk assessment methodology for SC tracking, emphasising human error alongside technological and security risks, and integrates motivation and contribution aspects into the SC risk assessment framework. Our methodology is comprehensive, exploring the strategic business and technical requirements of SC tracking systems. It uniquely extends to assess the frequency, nature, and impact of human errors, alongside considering technological aspects. We investigate how human factors interact with elements such as IoT, cloud services, and standard IT systems, potentially leading to security vulnerabilities and operational inefficiencies. By mapping these human-centric risks to key operational components, we provide a comprehensive view of potential threats in SC tracking.In an environment where standardisation efforts in SC risk assessment methodologies are ongoing, our work identifies the necessity for more specialised techniques, particularly those addressing security risks related to tracking and monitoring systems. Given the distributed nature and internet connectivity of these systems, they are inherently susceptible to numerous security challenges, predominantly involving their technological equipment. This underscores the imperative for a targeted risk assessment methodology focusing on the security risks of SC tracking systems, particularly in the context of traceability services and the monitoring of the state of assets in transit. Employing well-known risk assessment standards and threat modelling guides, our methodology scrutinises targeted IT components used in SC tracking systems, their technical characteristics, and realistic threat agents in the SC ecosystem. We aim to evaluate whether security attacks originating from SC-specific threat agents result in tangible security risks against targeted hardware and software components within SC networks.To validate our methodology, we present a proof-of-concept application based on a real-case scenario. This demonstration highlights the versatility of our methodology to accommodate various SC scenarios, such as food, pharmaceuticals, and cold supply chains. The primary advantage of our proposed methodology lies in its ability to integrate risk estimation with the technological attributes of typical SC tracking systems and their operational requirements, which may vary based on the type of goods and services involved.In conclusion, this paper addresses the broader challenges in developing and implementing smart SC tracking systems, with a special emphasis on the integration of human error in these technologically advanced environments. We underscore the significant influence of human factors on the reliability and security of SC tracking systems and the cost implications and potential operational disruptions caused by human factors, thereby highlighting their pivotal role in the overall effectiveness and security of SC ecosystems.