Skip to main content Skip to navigation

De-risking data sharing in the supply chain

-- Success Story --

De-risking data sharing in the supply chain

Connected machinery and smart factories are becoming more widespread in industry. Sharing information and sensory data up and down supply chains has the potential to offer a step-change in productivity. But the associated cyber security risks put many companies off adopting these practices.


The Secure IoT-enabled Data across the Supply Chain (SIDS) project, funded by WMG Centre High Value Manufacturing (HVM) Catapult, aimed to develop a set of principles of cyber secure data sharing in a networking infrastructure, such as a manufacturing supply chain. By demonstrating these principles, our research team, led by Professor Carsten Maple, hoped to allow businesses to take a risk-based approach to data sharing, encouraging industries to be more connected.

Professor Maple explains: “The SIDS project is an integral component of our work in designing secure and resilient supply chains, building upon our Innovate UK-funded Protecting Data in Industry project and continued through projects such as the EPSRC-funded RAMONA project. Within a smart factory, you are in control of your own data. But if you start to add other parties into that, you need to understand what the risks are and how to mitigate them. For example, if you can turn your production system on via a mobile phone, you need to know the cyber security credentials of the network provider, the phone manufacturer, the app developer and so on.”


Professor Maple and his team have a long-standing research partnership with smart infrastructure solutions company Costain, to explore and apply the principles of secure data sharing.

Kevin Reeves, Director of IoT & Digital Twin at Costain, is an Honorary Research Fellow at WMG and he has been working with us to understand how digital manufacturing and production-based approaches can be applied to design and build activities in infrastructure projects as part of a digital transformation programme at Costain.

Kevin explains: “In production, it is all about repeatability. At Costain, we wanted to introduce a greater degree of standardisation into infrastructure projects. This will mean quicker mobilisation, fewer training costs, standard digital tools and services across the business. Doing this means integrating systems with suppliers and clients, which brings new challenges and the need for tighter security.”

Using the principles of secure data sharing developed in the SIDS project, Kevin worked with our Cyber Security research team to create a digital blueprint of their enterprise system, so that they could assess their vulnerability to cyber-attacks, and shore-up their system, giving assurance to the entire supply chain.


This partnership between Kevin and WMG has supported Costain in achieving the Cyber Essential Plus Scheme accreditation via the National Cyber Security Centre (NCSC), as well as the globally recognised cyber security international standard, ISO 27001. Costain have now created a specialist cyber security team to continue learning about new cyber threats as they emerge.

This is a big boost to their business. Kevin comments: “Our clients increasingly require cyber security credentials before being willing to integrate their systems with ours. While this is a huge opportunity, data sharing and privacy is a massive challenge for industry, and it’s been exacerbated by the increase in remote working due to Covid-19.”

Professor Maple and his team believe one of the challenges for the future will be ensuring the right skills to support integration of supply chains in the future. While these practices offer huge opportunities for businesses to grow and increase competitiveness in the global market, the challenges are increasing in line. The threat landscape is always evolving, with remote working and increasing digitisation of infrastructure all becoming targets for hackers.

--take the next step--

Find out how to start your own success story

-- You might also be interested in --