(Montreal) Hackers could attack the weakest links in the supply chain and then infiltrate the computer networks of some of the largest companies on the planet, fears an expert from Polytechnique Montreal.
While giants like Apple or Airbus can afford to make their networks virtually impenetrable, said Professor Nora Cuppens, the same is not necessarily true for the hundreds, if not thousands, of suppliers with whom they deal on a regular basis. Malicious actors could therefore decide to attack these small businesses and then trace them back to their large customers.
It is to counter this threat that Polytechnique Montréal announced on Thursday the launch of the activities of the CRITiCAL chair (Cyber-Resilience of Infrastructures of Transport Systems and Logistics Chains), a five-year scientific partnership with the SystemX Institute for Technological Research (IRT), in France.
“The pirates are like, ‘instead of attacking a tightly closed, well-locked car, I’m going to attack a car that I can steal fairly quickly,’ ‘Professor Cuppens explained exclusively to The Canadian Press, who will oversee the activities of this new chair on this side of the Atlantic.
“It is through small SMEs, subcontractors who make up the supply chain, that hackers will reach large groups. […] When you make a system, the hacker will look for a vulnerability in that system, that’s how he does it. And afterwards, from this vulnerability, it will reach its target at the level of a system. ”
Hackers, she continues, know full well that multinationals deploy immense resources and spend colossal sums to protect themselves from unauthorized intrusions and to detect those that do occur. It is therefore more logical and efficient for them to look for a secondary door that is less well locked than to try to enter through the main door.
Professor Cuppens is also head of Polytechnique’s new Maritime Cyber Security Center of Excellence in Canada, dedicated to the cybersecurity of ships and critical maritime infrastructure, announced in January.
Since ships are only one part of the supply chain, it made sense to be interested in others as well, explained Prof Cuppens.
Cyber resilience
The work of the new research chair will revolve around three main axes.
We will first analyze the threat that targets transport and logistics systems, in order to better understand it.
We will also study the contribution of artificial intelligence techniques to strengthen the cyber-resilience of transport and logistics systems. Three sub-projects will be devoted to this axis: the use of reinforcement learning to improve cybersecurity; the resilience of machine learning techniques to adverse attacks; and deterrent techniques for luring hackers.
Finally, we will focus on strengthening and assessing the resilience of transport and logistics systems.
Since the supply chain is made up of tens or hundreds of links possibly distributed around the planet, said Professor Cuppens, it is important to be able to assess how well this chain will be able to withstand the compromise of one of these. these components.
“If you want to solve a problem, you have to ask it,” she summed up. We have to organize ourselves to see to what extent our system is able to configure itself in such a way that if (a) component […] starts behaving maliciously, the system continues anyway. The idea is to have what are called resilience metrics: how is our system able to resist or not? ”
The research will be carried out with co-supervision by the two organizations on the basis of a location shared between the cities of Montreal and Saclay, in France. Six doctoral students, two post-docs and two master’s students will therefore benefit from the supervision of research engineers from IRT SystemX and teacher-researchers from Polytechnique Montréal.