The growing level of interconnectedness of digital services and infrastructures creates tight and recursive security inter-dependencies between their providers, which are challenging to address due to the fragmentation of cybersecurity operations. Secure and reliable operation of the whole chain requires each provider to improve the security posture of its suppliers. However, the existing practice is largely based on human interaction for disclosing vulnerabilities, reporting alerts, and suggesting remediation, which demonstrates to be largely ineffective and risky.

The existing fragmentation of cyber-security operations prevents a common and coherent strategy for the entire chain and leaves many open issues

Multi-ownership, which hinders mitigation and response to attacks originated in other domains in the absence of collaboration from the owner

Dynamic, partially unknown, and opaque topologies, which hinder a complete and holistic assessment of vulnerabilities, the prediction of  the impact of changes, the localization and tracking of  data

Scarce or not at all visibility and control over services and infrastructures operated by third parties

Lateral movements between services, which exploit weak security controls due to business relationships in place

Broad attack surface, due to weak links in the chain that miss strong security policies