These capabilities can be exploited in SSC environments in the various disciplines identified so far,
            thus providing the ability to remotely control the components of the different systems.

            With  this  ability  come  additional  vulnerabilities:  on  one  hand,  in  the  shape  of  new  doors  for
            malicious attacks, and on the other, in terms of the significant amount of data generated while
            exchanging information or data that will need to be managed, stored and restored in case of an
            incident. Hence, this constitutes an additional area of potential concern in managing SSCs.

                   Sensor network security
            Sensor  information  should  be  transmitted  outside  through  one  or  more  sensing  nodes,  called
            gateway nodes. Thus, the security of sensor network security should be considered.

            Sensor nodes are deployed in unattended situations, for example, when node resources are severely
            limited  it  is  difficult  to  adopt  sophisticated  security  mechanisms,  or  when  the  node  processing
            capacity  is  weak.  Due  to  these  features,  the  sensor  nodes  can  pose  security  issues  such  as
            intermittent  connection,  vulnerability  to  capture,  or  false  data  being  sent.  In  these  cases,  the
            traditional security mechanisms cannot be applied.

            In these circumstances, the risks are as follows:
            a)      If the sensor network gateway node is controlled by the attacker, it may lead to the loss of
                    security  in  the  sensor  network,  with  subsequent  uncontrolled  access  to  the  existing
                    information through the gateway.
            b)      If the ordinary sensor node is still controlled, but the key is leaked, the attacker could be
                    able to gain control of the node in order to transmit some erroneous data.
            c)      If the ordinary sensor node is controlled, but not the key, then the attacker can discriminate
                    node functions, such as testing temperature, humidity, among others.

                   Bottlenecks of radio frequency identification (RFID) security
            The characteristics of RFID include non‐contact operation, long distance identification, and reading
            without visible light, among others. Due to its nature, RFID technology involves privacy risks. For
            example, information may be illegally collected and the location illegally tracked. Furthermore, RFID
            authentication should also be considered as part of the security strategies.

                   Data
                  Embedding security with data to achieve confidentiality, integrity and authentication

                    o  SSC will need to manage a significant number of smart devices and associated data,
                       together  with  identity  and  services  across  the  entire  supply  chain.  Thus,  it  will  be
                       important to secure smart endpoints and embedded systems in order to ensure these
                       devices to avoid exposing to additional threat vectors and risk.
                    o  Protecting  data  explosion,  including  real‐time  information,  involves  a  sound
                       management approach to storing, protecting, and backing‐up, as well as archiving and
                       retrieving data whenever needed.
                  Data confidentiality issues

                    o  SSC  systems  can  access,  use  and  exchange  sensitive  personal  information,  which,  if
                       disclosed,  could  cause  great  harm  to  individuals.  Typically,  health  care  systems  will
                       include detailed medical history and other sensitive information closely related to the
                       patient's life.





            440                                                      ITU‐T's Technical Reports and Specifications