Subject Matter Experts' Feedback on Cybersecurity Footprint Index Measures to Assess Organizational Cyber Posture of Manufacturing Companies

John Del Vecchio; Yair Levy; Ling Wang; Ajoy Kumar

doi:10.1007/978-3-031-86637-1_21

Subject Matter Experts' Feedback on Cybersecurity Footprint Index Measures to Assess Organizational Cyber Posture of Manufacturing Companies

John Del Vecchio
, Yair Levy
, Ling Wang
, Ajoy Kumar

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Manufacturing is one of the 16 critical infrastructure sectors designated by the United States government. Manufacturing is known for complex integrated Information Systems (ISs) deeply embedded into production operations, such that disruptions to manufacturing companies can result in substantial financial losses and impacts across both economic and safety domains in society. Interconnectedness among companies within the manufacturing sector often leads to inherited cybersecurity vulnerabilities, in which exploits on an entity can cascade to others. Many of these ISs are procured and maintained by third-party entities, often called interconnected entities within the supply chain. Notable data breaches have originated from cyber-attacks on these third parties, causing significant business impacts by misusing sensitive company information. Consequently, the Theory of Cybersecurity Footprint formulates the core of this study, highlighting the relationship among interconnected entities and the potential ripple effects one organization can have on another, irrespective of size. To mitigate these risks, it is imperative to enhance cybersecurity practices to assess supply chain cybersecurity posture and manage the risks from lower-tier interconnected entities to the originating organization. The overarching aim of this study is to devise an index to measure the cyber posture of manufacturing organizations based on their interconnected entities. In this paper, we outline the results of the first phase with 30 Subject Matter Experts (SMEs) participated in a survey intended to determine the number of tiers to assess in the supply chain and establish the importance of the tiers, domains, and elements in evaluating an organization’s cyber posture. This research outlines measures aligned with the CMMC 2.0 Level 1 standards, presented within a hierarchical index structure and the resulting SME weights calculated for the domains and associated elements.

Original language	English
Title of host publication	Security And Management And Wireless Networks, Sam 2024, Icwn 2024
Editors	K Daimi, HR Arabnia, L Deligiannidis
Pages	280-295
Number of pages	16
DOIs	https://doi.org/10.1007/978-3-031-86637-1_21
State	Published - 2025

Funding

This publication was supported by the U.S. Department of Defense (DoD), managed by the National Security Agency (NSA), award number H98230-22-1-0262.

Keywords

Supply chain risks
Cybersecurity footprint
Data breach
Index model
Interconnected entities
Manufacturing

Access to Document

10.1007/978-3-031-86637-1_21

Cite this

Del Vecchio, J., Levy, Y., Wang, L., & Kumar, A. (2025). Subject Matter Experts' Feedback on Cybersecurity Footprint Index Measures to Assess Organizational Cyber Posture of Manufacturing Companies. In K. Daimi, HR. Arabnia, & L. Deligiannidis (Eds.), Security And Management And Wireless Networks, Sam 2024, Icwn 2024 (pp. 280-295) https://doi.org/10.1007/978-3-031-86637-1_21

Subject Matter Experts' Feedback on Cybersecurity Footprint Index Measures to Assess Organizational Cyber Posture of Manufacturing Companies. / Del Vecchio, John; Levy, Yair ; Wang, Ling et al.
Security And Management And Wireless Networks, Sam 2024, Icwn 2024. ed. / K Daimi; HR Arabnia; L Deligiannidis. 2025. p. 280-295.

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

@inproceedings{40171b831a414cd3894005fa76433f05,

title = "Subject Matter Experts' Feedback on Cybersecurity Footprint Index Measures to Assess Organizational Cyber Posture of Manufacturing Companies",

abstract = "Manufacturing is one of the 16 critical infrastructure sectors designated by the United States government. Manufacturing is known for complex integrated Information Systems (ISs) deeply embedded into production operations, such that disruptions to manufacturing companies can result in substantial financial losses and impacts across both economic and safety domains in society. Interconnectedness among companies within the manufacturing sector often leads to inherited cybersecurity vulnerabilities, in which exploits on an entity can cascade to others. Many of these ISs are procured and maintained by third-party entities, often called interconnected entities within the supply chain. Notable data breaches have originated from cyber-attacks on these third parties, causing significant business impacts by misusing sensitive company information. Consequently, the Theory of Cybersecurity Footprint formulates the core of this study, highlighting the relationship among interconnected entities and the potential ripple effects one organization can have on another, irrespective of size. To mitigate these risks, it is imperative to enhance cybersecurity practices to assess supply chain cybersecurity posture and manage the risks from lower-tier interconnected entities to the originating organization. The overarching aim of this study is to devise an index to measure the cyber posture of manufacturing organizations based on their interconnected entities. In this paper, we outline the results of the first phase with 30 Subject Matter Experts (SMEs) participated in a survey intended to determine the number of tiers to assess in the supply chain and establish the importance of the tiers, domains, and elements in evaluating an organization{\textquoteright}s cyber posture. This research outlines measures aligned with the CMMC 2.0 Level 1 standards, presented within a hierarchical index structure and the resulting SME weights calculated for the domains and associated elements.",

keywords = "Supply chain risks, Cybersecurity footprint, Data breach, Index model, Interconnected entities, Manufacturing",

author = "\{Del Vecchio\}, John and Yair Levy and Ling Wang and Ajoy Kumar",

year = "2025",

doi = "10.1007/978-3-031-86637-1\_21",

language = "English",

isbn = "978-3-031-86636-4",

pages = "280--295",

editor = "K Daimi and HR Arabnia and L Deligiannidis",

booktitle = "Security And Management And Wireless Networks, Sam 2024, Icwn 2024",

}

TY - GEN

T1 - Subject Matter Experts' Feedback on Cybersecurity Footprint Index Measures to Assess Organizational Cyber Posture of Manufacturing Companies

AU - Del Vecchio, John

AU - Levy, Yair

AU - Wang, Ling

AU - Kumar, Ajoy

PY - 2025

Y1 - 2025

N2 - Manufacturing is one of the 16 critical infrastructure sectors designated by the United States government. Manufacturing is known for complex integrated Information Systems (ISs) deeply embedded into production operations, such that disruptions to manufacturing companies can result in substantial financial losses and impacts across both economic and safety domains in society. Interconnectedness among companies within the manufacturing sector often leads to inherited cybersecurity vulnerabilities, in which exploits on an entity can cascade to others. Many of these ISs are procured and maintained by third-party entities, often called interconnected entities within the supply chain. Notable data breaches have originated from cyber-attacks on these third parties, causing significant business impacts by misusing sensitive company information. Consequently, the Theory of Cybersecurity Footprint formulates the core of this study, highlighting the relationship among interconnected entities and the potential ripple effects one organization can have on another, irrespective of size. To mitigate these risks, it is imperative to enhance cybersecurity practices to assess supply chain cybersecurity posture and manage the risks from lower-tier interconnected entities to the originating organization. The overarching aim of this study is to devise an index to measure the cyber posture of manufacturing organizations based on their interconnected entities. In this paper, we outline the results of the first phase with 30 Subject Matter Experts (SMEs) participated in a survey intended to determine the number of tiers to assess in the supply chain and establish the importance of the tiers, domains, and elements in evaluating an organization’s cyber posture. This research outlines measures aligned with the CMMC 2.0 Level 1 standards, presented within a hierarchical index structure and the resulting SME weights calculated for the domains and associated elements.

AB - Manufacturing is one of the 16 critical infrastructure sectors designated by the United States government. Manufacturing is known for complex integrated Information Systems (ISs) deeply embedded into production operations, such that disruptions to manufacturing companies can result in substantial financial losses and impacts across both economic and safety domains in society. Interconnectedness among companies within the manufacturing sector often leads to inherited cybersecurity vulnerabilities, in which exploits on an entity can cascade to others. Many of these ISs are procured and maintained by third-party entities, often called interconnected entities within the supply chain. Notable data breaches have originated from cyber-attacks on these third parties, causing significant business impacts by misusing sensitive company information. Consequently, the Theory of Cybersecurity Footprint formulates the core of this study, highlighting the relationship among interconnected entities and the potential ripple effects one organization can have on another, irrespective of size. To mitigate these risks, it is imperative to enhance cybersecurity practices to assess supply chain cybersecurity posture and manage the risks from lower-tier interconnected entities to the originating organization. The overarching aim of this study is to devise an index to measure the cyber posture of manufacturing organizations based on their interconnected entities. In this paper, we outline the results of the first phase with 30 Subject Matter Experts (SMEs) participated in a survey intended to determine the number of tiers to assess in the supply chain and establish the importance of the tiers, domains, and elements in evaluating an organization’s cyber posture. This research outlines measures aligned with the CMMC 2.0 Level 1 standards, presented within a hierarchical index structure and the resulting SME weights calculated for the domains and associated elements.

KW - Supply chain risks

KW - Cybersecurity footprint

KW - Data breach

KW - Index model

KW - Interconnected entities

KW - Manufacturing

UR - https://www.webofscience.com/api/gateway?GWVersion=2&SrcApp=novaseuniv&SrcAuth=WosAPI&KeyUT=WOS:001509600700047&DestLinkType=FullRecord&DestApp=WOS_CPL

U2 - 10.1007/978-3-031-86637-1_21

DO - 10.1007/978-3-031-86637-1_21

M3 - Conference contribution

SN - 978-3-031-86636-4

SP - 280

EP - 295

BT - Security And Management And Wireless Networks, Sam 2024, Icwn 2024

A2 - Daimi, K

A2 - Arabnia, HR

A2 - Deligiannidis, L

ER -

Subject Matter Experts' Feedback on Cybersecurity Footprint Index Measures to Assess Organizational Cyber Posture of Manufacturing Companies

Abstract

Funding

Keywords

Access to Document

Other files and links

Fingerprint

Cite this