Title:
Supply Chain Cybersecurity as an Emergent System Property in Critical Infrastructure

Authors:
Dr. Robb Shawe, Dr. Gilbert B. Mengnjo, USA

Abstract:

Supply chain cybersecurity in critical infrastructure is commonly framed as a third-party risk management problem addressed through vendor assessments, contractual controls, and compliance checklists. While these mechanisms provide necessary baseline assurance, they are insufficient to detect and mitigate systemic cyber risk in highly interdependent infrastructure ecosystems. In sectors such as healthcare and energy, cybersecurity risk increasingly emerges from the structure of interdependencies among internal organizational units, shared digital services, and tightly coupled supplier relationships rather than from isolated vendor weaknesses. This conceptual article reframes supply chain cybersecurity as an emergent system property shaped by dependency topology, coupling strength, and governance alignment. Drawing on systems theory, interdependence, and cascading failure concepts, the paper explains why transactional, vendor-centric approaches routinely underestimate exposure and fail to anticipate propagation pathways. A systems-informed governance perspective is proposed to support executive oversight, resilience planning, and policy development in critical infrastructure supply chains. The contribution advances theoretical understanding while offering a practical governance lens for leaders seeking to reduce cascading cyber risk across complex socio-technical ecosystems.

DOI: http://dx.doi.org/10.51505/ijaemr.2026.11209