{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,28]],"date-time":"2026-05-28T04:24:19Z","timestamp":1779942259442,"version":"3.53.1"},"reference-count":58,"publisher":"MDPI AG","issue":"2","license":[{"start":{"date-parts":[[2026,1,27]],"date-time":"2026-01-27T00:00:00Z","timestamp":1769472000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Systems"],"abstract":"<jats:p>In this article, we employed a systematic approach to risk assessment and the adaptation of security measures to explore possibilities for more effective cybersecurity in the supply chains of the armed forces. Our focus was on developing a model with quantified indicators that, on one hand, enable dynamic monitoring of the security status and timely threat detection, while, on the other hand, enhance the resilience of supply chains against cyber threats. Our findings indicate that applying this model enables a comprehensive security risk assessment, the adaptation of protective measures to operational requirements, and the optimization of resources to ensure the uninterrupted functioning of the armed forces. Future research will focus on validating the model in real-world scenarios and adapting it to the specific needs of different organizations.<\/jats:p>","DOI":"10.3390\/systems14020132","type":"journal-article","created":{"date-parts":[[2026,1,27]],"date-time":"2026-01-27T15:41:56Z","timestamp":1769528516000},"page":"132","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["Developing DEFCHAIN: A Dynamic Framework for Cybersecurity Risk Assessment in Military Supply Chains"],"prefix":"10.3390","volume":"14","author":[{"ORCID":"https:\/\/orcid.org\/0009-0003-0166-0801","authenticated-orcid":false,"given":"Mihael","family":"Plevnik","sequence":"first","affiliation":[{"name":"Ministry of Defence, Slovenian Armed Forces, SI-1000 Ljubljana, Slovenia"},{"name":"Faculty of Logistics, University of Maribor, SI-3000 Celje, Slovenia"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Bojan","family":"Rupnik","sequence":"additional","affiliation":[{"name":"Faculty of Logistics, University of Maribor, SI-3000 Celje, Slovenia"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"1968","published-online":{"date-parts":[[2026,1,27]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","unstructured":"Rahayu, S.B., Jusoh, N., Halip, M.H.M., Taib, S.M., and Lee, M.G. (2021, January 13\u201315). A conceptual model of military blockchain for repair parts supply chain management. Proceedings of the 2021 International Conference on Computer & Information Sciences (ICCOINS), Virtual.","DOI":"10.1109\/ICCOINS49721.2021.9497227"},{"key":"ref_2","doi-asserted-by":"crossref","unstructured":"Zhang, H., Nakamura, T., and Sakurai, K. (2019, January 5\u20138). Security and Trust Issues on Digital Supply Chain. Proceedings of the 2019 IEEE International Conference on Dependable, Autonomic and Secure Computing, Pervasive Intelligence and Computing, Cloud and Big Data Computing, and Cyber Science and Technology Congress, Fukuoka, Japan.","DOI":"10.1109\/DASC\/PiCom\/CBDCom\/CyberSciTech.2019.00069"},{"key":"ref_3","first-page":"5678","article-title":"Analyzing and fixing cyber security threats for supply chain management","volume":"4","author":"Lamba","year":"2017","journal-title":"Int. J. Technol. Res. Eng."},{"key":"ref_4","first-page":"1","article-title":"Approach to handling cyber security risks in supply chain of defence sector","volume":"12","author":"Reuben","year":"2019","journal-title":"Ind. Eng. J."},{"key":"ref_5","unstructured":"Herr, T., Lee, J., Loomis, W., and Scott, S. (2025, May 01). Breaking Trust: Shades of Crisis Across an Insecure Software Supply Chain. Available online: https:\/\/www.atlanticcouncil.org\/in-depth-research-reports\/report\/breaking-trust-shades-of-crisis-across-an-insecure-software-supply-chain\/."},{"key":"ref_6","unstructured":"Cybersecurity and Infrastructure Security Agency (CISA) (2021). Defending Against Software Supply Chain Attacks."},{"key":"ref_7","unstructured":"(2022). Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations (Standard No. NIST SP 800-161 Rev)."},{"key":"ref_8","unstructured":"Bartol, N. (2015). Utilities Telecom Council Cyber Supply Chain Risk Management for Utilities\u2013Roadmap for Implementation, Utilities Telecom Council."},{"key":"ref_9","doi-asserted-by":"crossref","first-page":"109338","DOI":"10.1016\/j.ijpe.2024.109338","article-title":"Integrated model to optimize supplier selection and investments for cyber resilience in digital supply chains","volume":"275","author":"Kaur","year":"2024","journal-title":"Int. J. Prod. Econ."},{"key":"ref_10","unstructured":"Hou, Y., Such, J., and Rashid, A. (2024). Understanding Security Requirements for Industrial Control System Supply Chains, Security Lancaster Institute, Lancaster University."},{"key":"ref_11","doi-asserted-by":"crossref","first-page":"19","DOI":"10.22215\/timreview\/887","article-title":"Building cyber-resilience into supply chains","volume":"5","author":"Davis","year":"2015","journal-title":"Technol. Innov. Manag. Rev."},{"key":"ref_12","doi-asserted-by":"crossref","first-page":"28","DOI":"10.22215\/timreview\/888","article-title":"Cybersecurity and cyber-resilient supply chains","volume":"5","author":"Boyes","year":"2015","journal-title":"Technol. Innov. Manag. Rev."},{"key":"ref_13","doi-asserted-by":"crossref","unstructured":"do Amaral, T.M.S., and Gondim, J.J.C. (2021, January 18\u201319). Integrating Zero Trust in the cyber supply chain security. Proceedings of the 6th Workshop on Communication Networks and Power Systems (WCNPS), Brasilia, Brazil.","DOI":"10.1109\/WCNPS53648.2021.9626299"},{"key":"ref_14","first-page":"103","article-title":"Cyber security risks in globalized supply chains: Conceptual framework","volume":"13","author":"Pandey","year":"2020","journal-title":"J. Glob. Oper. Strateg. Sourc."},{"key":"ref_15","doi-asserted-by":"crossref","unstructured":"Yeboah-Ofori, A., and Islam, S. (2019). Cyber security threat modeling for supply chain organizational environments. Future Internet, 11.","DOI":"10.3390\/fi11030063"},{"key":"ref_16","doi-asserted-by":"crossref","unstructured":"Yeboah-Ofori, A., Islam, S., and Yeboah-Boateng, E. (2019, January 29\u201331). Cyber threat intelligence for improving cyber supply chain security. Proceedings of the International Conference on Cyber Security and Internet of Things (ICSIoT), Accra, Ghana.","DOI":"10.1109\/ICSIoT47925.2019.00012"},{"key":"ref_17","unstructured":"Cantrell, B. (2025, May 01). Regulations are Forcing Organizations to Address Software Supply Chain Security. Available online: https:\/\/www.scmr.com\/article\/regulations-are-forcing-organizations-to-address-software-supply-chain-security."},{"key":"ref_18","unstructured":"(2025, June 01). Prevalent The Third-Party Risk Management Compliance Handbook\u2014Part II: Industry Standards & Guidelines. Available online: https:\/\/info.mitratech.com\/hubfs\/Other\/M-and-A\/Prevalent\/documents\/resources\/Prevalent-TPRM-Compliance-Handbook-PartII-0721.pdf."},{"key":"ref_19","unstructured":"Centre for Cyber Security DA for DGovernment (2023). Cyber Security in Supplier Relationships: Protect Your Organization When Outsourcing IT Operations in the Entire Process\u2014From Start to Finish, Centre for Cyber Security DA for DGovernment. [2nd ed.]."},{"key":"ref_20","unstructured":"Cabinet Office (2018). Supplier Assurance Framework: Good Practice Guide."},{"key":"ref_21","doi-asserted-by":"crossref","first-page":"30","DOI":"10.1108\/SCM-02-2020-0073","article-title":"Who cares? Supply chain managers\u2019 perceptions regarding cyber supply chain risk management in the digital transformation era","volume":"27","author":"Creazza","year":"2022","journal-title":"Supply Chain Manag. Int. J."},{"key":"ref_22","unstructured":"Lewis, R., Louvieris, P., Abbott, P., Clewley, N., and Jones, K. (2014, January 9\u201311). Cybersecurity information sharing: A framework for information security management in UK SME supply chains. Proceedings of the Twenty Second European Conference on Information Systems, Tel Aviv, Israel."},{"key":"ref_23","first-page":"18","article-title":"Impacts of Cyber Security and Supply Chain Risk on Digital Operations","volume":"2","year":"2022","journal-title":"Int. J. Technol. Innov. Manag."},{"key":"ref_24","doi-asserted-by":"crossref","first-page":"49","DOI":"10.17270\/J.LOG.2021555","article-title":"Cyber security in supply chain management: A systematic review","volume":"17","author":"Latif","year":"2020","journal-title":"LogForum"},{"key":"ref_25","unstructured":"Yeboah-Ofori, A., Addo-Quaye, R., Oseni, W., Amorin, P., and Agangmikre, C. (2021, January 15\u201317). Cyber supply chain security: A cost-benefit analysis using net present value. Proceedings of the 2021 International Conference on Cyber Security and Internet of Things (ICSIoT), Virtual."},{"key":"ref_26","unstructured":"Bradshaw, S. (2017). Combatting Cyber Threats: CSIRTs and Fostering International Cooperation on Cybersecurity, Centre for International Governance Innovation."},{"key":"ref_27","doi-asserted-by":"crossref","first-page":"13","DOI":"10.22215\/timreview\/886","article-title":"Cyber-resilience: A strategic approach for supply chain management","volume":"5","author":"Urciuoli","year":"2015","journal-title":"Technol. Innov. Manag. Rev."},{"key":"ref_28","unstructured":"Pellathy, D., and Burnette, M. (2020). Managing Cyber Risks in Global Supply Chains: The Four Fundamentals, The University of Tennessee."},{"key":"ref_29","unstructured":"Levite, A.E. (2019). ICT Supply Chain Integrity: Principles for Governmental and Corporate Policies, Carnegie Endowment for International Peace."},{"key":"ref_30","doi-asserted-by":"crossref","first-page":"65","DOI":"10.1016\/j.procs.2019.01.108","article-title":"Information systems for supply chain management: Uncertainties, risks and cyber security","volume":"149","author":"Boiko","year":"2019","journal-title":"Procedia Comput. Sci."},{"key":"ref_31","doi-asserted-by":"crossref","first-page":"26","DOI":"10.53346\/wjast.2024.5.1.0030","article-title":"Securing the Digital Supply Chain: Cybersecurity Best Practices for Logistics and Shipping Companies","volume":"5","author":"Odimarha","year":"2024","journal-title":"World J. Adv. Sci. Technol."},{"key":"ref_32","first-page":"73","article-title":"A review of potential threats in supply chain cyber security","volume":"7","author":"Sarumi","year":"2021","journal-title":"J. Behav. Inform. Digit. Humanit. Dev. Res."},{"key":"ref_33","unstructured":"Herr, T., Loomis, W., Schroeder, E., Scott, S., Handler, S., and Zuo, T. (2021). Broken Trust: Lessons from Sunburst, Atlantic Council."},{"key":"ref_34","first-page":"537","article-title":"Software supply chain attacks, a threat to global cybersecurity: SolarWinds\u2019 case study","volume":"11","year":"2021","journal-title":"Int. J. Saf. Secur. Eng."},{"key":"ref_35","unstructured":"Department of the Environment, Climate, Communications (2021). Electronic Communications Security Measures 009\u2014Supply Chain Security v1."},{"key":"ref_36","doi-asserted-by":"crossref","first-page":"316","DOI":"10.1145\/3588999","article-title":"Security threats, countermeasures, and challenges of digital supply chains","volume":"55","author":"Hammi","year":"2023","journal-title":"ACM Comput. Surv."},{"key":"ref_37","doi-asserted-by":"crossref","first-page":"1598","DOI":"10.51594\/ijmer.v6i5.1125","article-title":"Strategies for protecting IT supply chains against cybersecurity threats","volume":"6","author":"Adenekan","year":"2024","journal-title":"Int. J. Manag. Entrep. Res."},{"key":"ref_38","doi-asserted-by":"crossref","first-page":"47322","DOI":"10.1109\/ACCESS.2020.2978815","article-title":"Additive Manufacturing Cyber-Physical System: Supply Chain Cybersecurity and Risks","volume":"8","author":"Gupta","year":"2020","journal-title":"IEEE Access"},{"key":"ref_39","doi-asserted-by":"crossref","unstructured":"Sobb, T., Turnbull, B., and Moustafa, N. (2020). Supply Chain 4. 0: A Survey of Cyber Security Challenges, Solutions and Future Directions. Electronics, 9.","DOI":"10.3390\/electronics9111864"},{"key":"ref_40","doi-asserted-by":"crossref","unstructured":"Leligou, H.C., Lakka, A., Karkazis, P.A., Costa, J.P., Tordera, E.M., Santos, H.M.D., and Romero, A.A. (2024). Cybersecurity in supply chain systems: The farm-to-fork use case. Electronics, 13.","DOI":"10.3390\/electronics13010215"},{"key":"ref_41","unstructured":"MITRE Corporation (2021). System of Trust: A Framework for Supply Chain Security, MITRE Corporation."},{"key":"ref_42","doi-asserted-by":"crossref","unstructured":"Masip-Bruin, X., Mar\u00edn-Tordera, E., Ruiz, J., Jukan, A., Trakadas, P., Cernivec, A., Lioy, A., L\u00f3pez, D., Santos, H., and Gonos, A. (2021). Cybersecurity in ICT supply chains: Key challenges and a relevant architecture. Sensors, 21.","DOI":"10.3390\/s21186057"},{"key":"ref_43","first-page":"79","article-title":"Enabling the Development and Deployment of NATO Cyber Operations: An Analysis of Modern Cyber Warfare Operations and Thresholds of Global Conflict","volume":"16","author":"Hammock","year":"2017","journal-title":"J. Inf. Warf."},{"key":"ref_44","unstructured":"Kramer, F.D., and Teplinsky, M.J. (2013). Cybersecurity and Tailored Deterrence, Atlantic Council of the United States."},{"key":"ref_45","unstructured":"Falk, C.D. (2022). Cyber Supply Chain Security and the Swedish Security Protected Procurement with Security Protective Agreement. [Master\u2019s Thesis, Department of Computer and Systems Sciences, Stockholm University]."},{"key":"ref_46","unstructured":"Reinsch, W.A., Benson, E., and Arasasingham, A. (2025, May 01). Securing Semiconductor Supply Chains: An Affirmative Agenda for International Cooperation. Available online: https:\/\/www.hinrichfoundation.com\/research\/how-to-use-it\/securing-semiconductor-supply-chains."},{"key":"ref_47","first-page":"15","article-title":"Hackers putting global supply chain at risk","volume":"105","author":"Carter","year":"2020","journal-title":"Natl. Def."},{"key":"ref_48","unstructured":"Rosenzweig, P., and Waldron, K. (2019). Broadening the Lens on Supply Chain Security in the Cyber Domain, R Street Institute."},{"key":"ref_49","first-page":"15","article-title":"New Cyber Rules to Safeguard Supply Chain","volume":"101","author":"Sanchez","year":"2017","journal-title":"Natl. Def."},{"key":"ref_50","doi-asserted-by":"crossref","unstructured":"Coufal\u00edkov\u00e1, A., Klaban, I., and \u0160lajs, T. (2021, January 8\u201311). Complex strategy against supply chain attacks. Proceedings of the 2021 International Conference on Military Technologies (ICMT), Brno, Czech Republic.","DOI":"10.1109\/ICMT52455.2021.9502768"},{"key":"ref_51","unstructured":"Burnson, P. (2025, May 01). New Deloitte Study Identifies Cyber Vulnerabilities in Manufacturing Supply Chains. Available online: https:\/\/www.scmr.com\/article\/new_deloitte_study_identifies_cyber_vulnerabilities_in_manufacturing_supply."},{"key":"ref_52","unstructured":"Warrick, T., Durkovich, C., and Massa, M. (2020). DHS\u2019s Public-Private Partnerships Are Unique and Should Be Modernized to Effectively Counter the Threats of the 2020s. Future of DHS Project: Key Findings and Recommendations, Atlantic Council."},{"key":"ref_53","doi-asserted-by":"crossref","first-page":"354","DOI":"10.1016\/j.technovation.2014.01.005","article-title":"Cyber supply chain security practices DNA\u2014Filling in the puzzle using a diverse set of disciplines","volume":"34","author":"Bartol","year":"2014","journal-title":"Technovation"},{"key":"ref_54","doi-asserted-by":"crossref","unstructured":"Wallis, T., and Dorey, P. (2023). Implementing Partnerships in Energy Supply Chain Cybersecurity Resilience. Energies, 16.","DOI":"10.3390\/en16041868"},{"key":"ref_55","first-page":"36","article-title":"Interorganizational cooperation in supply chain cybersecurity: A cross-industry study of the effectiveness of the UK implementation of the NIS directive","volume":"48","author":"Wallis","year":"2021","journal-title":"Inf. Secur. Int. J."},{"key":"ref_56","unstructured":"United Kingdom Ministry of Defence (2025, April 01). Joint Concept Note 1\/20: Multi-Domain Integration, Available online: https:\/\/assets.publishing.service.gov.uk\/media\/6579c11a254aaa000d050c6e\/20201112-ARCHIVE_JCN_1_20_MDI_Official.pdf."},{"key":"ref_57","doi-asserted-by":"crossref","unstructured":"(2022). Information Security, Cybersecurity and Privacy Protection (Standard No. ISO\/IEC 27001:2022).","DOI":"10.2307\/j.ctv30qq13d"},{"key":"ref_58","unstructured":"(2020). Zero Trust Architecture (Standard No. NIST SP 800-207)."}],"container-title":["Systems"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2079-8954\/14\/2\/132\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,2,12]],"date-time":"2026-02-12T05:14:23Z","timestamp":1770873263000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2079-8954\/14\/2\/132"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,1,27]]},"references-count":58,"journal-issue":{"issue":"2","published-online":{"date-parts":[[2026,2]]}},"alternative-id":["systems14020132"],"URL":"https:\/\/doi.org\/10.3390\/systems14020132","relation":{},"ISSN":["2079-8954"],"issn-type":[{"value":"2079-8954","type":"electronic"}],"subject":[],"published":{"date-parts":[[2026,1,27]]}}}