| Abstract: | The various technologies presented herein relate to pertaining to
identifying and mitigating risks and attacks on a supply chain. A
computer-implemented representation of a supply chain is generated
comprising nodes (locations) and edges (objects, information). Risk to
attack and different attack vectors can be defined for the various nodes
and edges, and further, based upon the risks and attacks, (difficulty,
consequence) pairs can be determined. One or more mitigations can be
generated to increase a difficulty of attack and/or reduce consequence of
an attack. The one or more mitigations can be constrained, e.g., by cost,
time, etc., to facilitate determination of how feasible a respective
mitigation is to implement with regard to finances available, duration to
implement, etc. A context-free grammar can be utilized to identify one or
more attacks in the supply chain. Further, the risks can undergo a
ranking to enable mitigation priority to be determined. |