Abstract The nuclear supply chain attack surface is a large, complex network of interconnected stakeholders and activities. The global economy has widened and deepened the supply chain, resulting in larger numbers of geographically dispersed locations and increased difficulty ensuring the authenticity and security of critical digital assets. Although the nuclear industry has made significant strides in securing facilities from cyber-attacks, the supply chain remains vulnerable. This paper discusses supply chain threats and vulnerabilities that are often overlooked in nuclear cyber supply chain risk analysis. A novel supply chain cyber-attack surface diagram is provided to assist with enumeration of risks and to examine the complex issues surrounding the requirements for securing hardware, firmware, software, and system information throughout the entire supply chain lifecycle. This supply chain cyber-attack surface diagram provides a dashboard that security practitioners and researchers can use to identify gaps in current cyber supply chain practices and develop new risk-informed, cyber supply chain tools and processes.

中文翻译：

---

一种分析核供应链网络攻击面的新方法

摘要 核供应链攻击面是一个由相互关联的利益相关者和活动组成的大型复杂网络。全球经济扩大和深化了供应链，导致更多的地理位置分散，确保关键数字资产的真实性和安全性的难度增加。尽管核工业在保护设施免受网络攻击方面取得了重大进展，但供应链仍然很脆弱。本文讨论了核网络供应链风险分析中经常被忽视的供应链威胁和漏洞。提供了一种新颖的供应链网络攻击表面图，以帮助列举风险并检查围绕保护硬件、固件、软件、和整个供应链生命周期中的系统信息。此供应链网络攻击表面图提供了一个仪表板，安全从业人员和研究人员可以使用该仪表板来识别当前网络供应链实践中的差距，并开发新的风险通知、网络供应链工具和流程。