Masaki Iwasaki , ''Fortifying the weakest link: cybersecurity coordination in supply chains and competition rules'', International Cybersecurity Law Review(2023).
<Abstract>
In recent years, companies in supply chains have faced increased cy-berattacks, exploiting both their interdependencies with other firms and disparities in their cybersecurity measures. The strategies of attacks vary, with some targeting small and medium-sized suppliers to halt essential product deliveries to lead firms, and others leveraging these suppliers to penetrate the systems of major corporations. To enhance the cybersecurity of supply chains, coordination between companies under the guidance of lead firms is crucial. However, actions by lead companies, such as imposing cybersecurity-related costs on trading partners without their consent, could be deemed an abuse of a superior bargaining position or economic dependency, which is prohibited under the competition laws of many countries. Using the guidelines of the Japan Fair Trade Commission as a case study, this paper elucidates how to address coordination issues related to cybersecurity in supply chains while maintaining compliance under competition law. Moreover, by introducing recent cyberattack incidents on supply chains in Japan that caused significant damages, this paper underscores the importance of collaborative defense.
<Keywords>
Value chain , Cyberattack , Interdependent security , Ransomware, Abuse of a superior bargaining position
Masaki Iwasaki , ''Fortifying the weakest link: cybersecurity coordination in supply chains and competition rules'', International Cybersecurity Law Review(2023).
<Abstract>
In recent years, companies in supply chains have faced increased cy-berattacks, exploiting both their interdependencies with other firms and disparities in their cybersecurity measures. The strategies of attacks vary, with some targeting small and medium-sized suppliers to halt essential product deliveries to lead firms, and others leveraging these suppliers to penetrate the systems of major corporations. To enhance the cybersecurity of supply chains, coordination between companies under the guidance of lead firms is crucial. However, actions by lead companies, such as imposing cybersecurity-related costs on trading partners without their consent, could be deemed an abuse of a superior bargaining position or economic dependency, which is prohibited under the competition laws of many countries. Using the guidelines of the Japan Fair Trade Commission as a case study, this paper elucidates how to address coordination issues related to cybersecurity in supply chains while maintaining compliance under competition law. Moreover, by introducing recent cyberattack incidents on supply chains in Japan that caused significant damages, this paper underscores the importance of collaborative defense.
<Keywords>
Value chain , Cyberattack , Interdependent security , Ransomware, Abuse of a superior bargaining position