REFERENCES

1. Boyens J, Smith A, Bartol N, Winkler K, Holbrook A, Fallon M. Cybersecurity supply chain risk management practices for systems and organizations. Technical report, National Institute of Standards and Technology, 2022. Available from: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-161r1.pdf[Last accessed on 27 Oct 2022].

2. Humayed A, Lin J, Li F, Luo B. Cyber-physical systems security — a survey. IEEE Int Things J 2017;4:1802-31.

3. Thakur K, Ali ML, Jiang N, Qiu M. Impact of cyber-attacks on critical infrastructure. In 2016 IEEE 2nd International Conference on Big Data Security on Cloud (BigDataSecurity), IEEE International Conference on High Performance and Smart Computing (HPSC), and IEEE International Conference on Intelligent Data and Security (IDS), IEEE, 2016, 183–186.

4. Kavallieratos G, Katsikas S. Attack path analysis for cyber physical systems. In: Katsikas S, Cuppens F, Cuppens N, Lambrinoudakis C, Kalloniatis C, Mylopoulos J, Antón A, Gritzalis S, Meng W, Furnell S, editors. Computer security. Cham: Springer International Publishing; 2020, pp. 19-33.

5. Filho NG, Rego N, Claro J. Supply chain flows and stocks as entry points for cyber-risks. Proc Comp Sci 2021;181:261-8.

6. Mensah P, Merkuryev Y. Developing a resilient supply chain. Proc Soc behav sci 2014;110:309-19.

7. Warren M, Hutchinson W. Cyber attacks against supply chain management systems: a short note. Int J Phys Distrib Logist Manag 2000;30:710-6.

8. Polatidis N, Pavlidis M, Mouratidis H. Cyber-attack path discovery in a dynamic supply chain maritime risk management system. Comp Stand Interfaces 2018;56:74-82.

9. Ho W, Zheng T, Yildiz H, Talluri S. Supply chain risk management: a literature review. Int J Prod Res 2015;53:5031-69.

10. ISO International Organization for Standardization. Iso 31000: 2018 risk management - guidelines. 2018. Available from: https://www.is o.org/standard/65694.html[Last accessed on 27 Oct 2022].

11. Stellios I, Kotzanikolaou P, Grigoriadis C. Assessing iot enabled cyber-physical attack paths against critical systems. Comp Secur 2021;107:102316.

12. Spathoulas G, Kavallieratos G, Katsikas S, Baiocco A. Attack path analysis and cost-efficient selection of cybersecurity controls for complex cyberphysical systems. In: Katsikas S, Lambrinoudakis C, Cuppens N, Mylopoulos J, Kalloniatis C, Meng W, Furnell S, Pallas F, Pohle J, Sasse MA, Abie H, Ranise S, Verderame L, Cambiaso E, Maestre Vidal J, Sotelo Monge MA, editors. Computer Security. ESORICS 2021 international workshops. Cham: Springer International Publishing; 2022. pp. 74-90.

13. Kavallieratos G, Spathoulas G, Katsikas S. Cyber risk propagation and optimal selection of cybersecurity controls for complex cyberphysical systems. Sensors 2021;21:1691.

14. Official common platform enumeration (cpe) dictionary. Available from: https://nvd.nist.gov/products/cpe[Last accessed on 14 Oct 2022].

15. MITRE. Common vulnerabilities and exposures (CVE). Available from: https://cve.mitre.org/[Last accessed on 14 Oct 2022].

16. FIRST. Common vulnerability scoring system (CVSS). Available from: https://www.first.org/cvss/[Last accessed on 14 Oct 2022].

17. Microsoft. Chapter 3 – threat modeling. 2010. Available from: https://docs.microsoft.com/en-us/previous-versions/msp-n-p/ff64864 4(v=pandp.10)?redirectedfrom=MSDN[Last accessed on 14 Oct 2022].

18. Shostack A. Threat modeling: designing for security. John Wiley & Sons, 2014. Available from: https://www.wiley.com/en-us/Threat +Modeling%3A+Designing+for+Security-p-9781118809990#permission-section[Last accessed on 27 Oct 2022].

19. Kavallieratos G, Katsikas S, Gkioulos V. Cyber-attacks against the autonomous ship. In: Katsikas SK, Cuppens F, Cuppens N, Lambrinoudakis C, Antón A, Gritzalis S, Mylopoulos J, Kalloniatis C, editors. Computer security. Cham: Springer International Publishing; 2019. pp. 20-36.

20. Seifert D, Reza H. A security analysis of cyber-physical systems architecture for healthcare. Computers 2016;5:27.

21. Rafiullah Khan, Kieran McLaughlin, David Laverty, and Sakir Sezer. Stride-based threat modeling for cyber-physical systems. In 2017 IEEE PES Innovative Smart Grid Technologies Conference Europe (ISGT-Europe), IEEE, 2017, pp 1–6.

22. Goldberg DE. Genetic algorithms in search, optimization and machine learning. boston. usa. 1989. Available from: https://www.semantic scholar.org/paper/Genetic-Algorithms-in-Search-Optimization-and-Goldberg/2e62d1345b340d5fda3b092c460264b9543bc4b5[Last accessed on 27 Oct 2022].

23. Blickle T, Thiele L. A comparison of selection schemes used in evolutionary algorithms. Evolut Comp 1996;4:361-94.

24. Kott A, Ludwig J, Lange M. Assessing mission impact of cyberattacks: toward a model-driven paradigm. IEEE Secur Priv 2017;15:65-74.

25. Lyu X, Ding Y, Yang S. Bayesian network based c2p risk assessment for cyber-physical systems. IEEE Access 2020;8:88506-17.

26. Tantawy A, Abdelwahed S, Erradi A, Shaban K. Model-based risk assessment for cyber physical systems security. Computers & Security 2020;96:101864.

27. Abie H, Balasingham I. Risk-based adaptive security for smart iot in ehealth. In Proceedings of the 7th International Conference on Body Area Networks, ICST (Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering), 2012, pp. 269–275.

28. Seale K, McDonald J, Glisson W, Pardue H, Jacobs M. Meddevrisk: risk analysis methodology for networked medical devices. In Proceedings of the 51st Hawaii International Conference on System Sciences, 2018.

29. Mokalled H, Pragliola C, Debertol D, Meda E, Zunino R. A comprehensive framework for the security risk management of cyber-physical systems. In: Flammini F, editor. Resilience of cyber-physical systems. Cham: Springer International Publishing; 2019. pp. 49-68.

30. Rosado DG, Santos-olmo A, Sánchez LE, et al. Managing cybersecurity risks of cyber-physical systems: The marisma-cps pattern. Comp Industry 2022;142:103715.

31. Sahay R, Meng W, Estay DS, Jensen CD, Barfod MB. Cybership-iot: a dynamic and adaptive sdn-based security policy enforcement framework for ships. Future Gener Comp Syst 2019;100:736-50.

32. Orojloo H, Azgomi MA. A method for evaluating the consequence propagation of security attacks in cyber–physical systems. Future Gener Comp Syst 2017;67:57-71.

33. Liu B, Qu G. Vlsi supply chain security risks and mitigation techniques: a survey. Integration 2016;55:438-48.

34. Ghadge A, Weiß M, Caldwell ND, Wilding R. Managing cyber risk in supply chains: a review and research agenda. Supply Chain Manag Int J 2019;25:223-40.

35. Timothy Kieras, Muhammad Junaid Farooq, and Quanyan Zhu. Modeling and assessment of iot supply chain security risks: the role of structural and parametric uncertainties. In 2020 IEEE Security and Privacy Workshops (SPW), IEEE, 2020, pp. 163–170.

36. FIRST. Org. Common vulnerability scoring system v3.1: user guide, 2019. Available from: https://www.first.org/cvss/v3-1/cvss-v31-use r-guide_r1.pdf[Last accessed on 27 Oct 2022].

37. Kavallieratos G, Katsikas S. Managing cyber security risks of the cyber-enabled ship. J Mar Sci Engin 2020;8:768.

38. Rothlauf F. Optimization methods. Design of modern heuristics. Berlin: Springer Berlin Heidelberg; 2011. pp. 45-102.