| dc.description.abstract | Globalization in the hardware supply chain has increased sophisticated hardware security breaches.~Once considered safe and secure in the early phases of the manufacturing life cycle, the semiconductor supply chain has become a convenient target for malicious attackers to take control of the hardware to execute cyber-attacks. Adopting a product integration model with multiple tiers of suppliers, contractors, and distributors spread across the globe optimizes cost and efficiency for original equipment manufacturers (OEM). Although economically beneficial, this model has increased hardware's exposure to supply chain vulnerabilities and challenges, such as counterfeiting, hardware trojan insertion, backdoors, intentional sabotage, and tampering attacks. After the manufacturing phase, the product is deployed in safety-critical industries such as automotive, military, healthcare, aerospace, and defence industries. These sectors' entire ecosystem greatly depends on a trust-based supply chain.~They are largely unaware of the new cyber threats to hardware that might compromise the product's quality, security, and safety.~Compromised hardware with substandard components or malicious modifications deployed in mission-critical sectors is prone to failures before its average life cycle, leading to loss/injury to life, disruption of infrastructure, financial losses, damage to the company's reputation and legal scrutiny.
The cycle of trust placed on suppliers and vendors within the supply chain can be disrupted by educating manufacturers about the risks posed by new threat actors, indicators of compromise and implementing the necessary preventive measures to avoid cyber attacks in the hardware supply chain. Several training programs have been widely adopted to raise awareness of cybersecurity risks. Gamification has proven effective in conveying complex security concepts using innovative and engaging in-game elements to deliver educational content.\
This thesis aims to educate about the different types of cyberattacks in a hardware supply chain by suggesting a gamified tabletop exercise (TTX). This interactive approach is designed to educate about the risks of a trust-based supply chain in a way that actively involves the organizations exposed to such risks, allowing them to deploy necessary countermeasures well in advance to lower the impact of the attacks, ensure business continuity by evaluating and implementing the required policies. | en |
