Impact of Supply-Chain Compromise on Cyber-Physical Systems: A Risk-Based Framework for Nigeria’s Critical Information Infrastructure

Authors

  • Rilwanu Saidu Center for Cybersecurity Studies, Nasarawa State University, Keffi Author
  • Asmau Rabiu Abdullahi Center for Cybersecurity Studies, Nasarawa State University, Keffi Author
  • Emmanuel Danjuma Onoja Center for Cybersecurity Studies, Nasarawa State University, Keffi, Nigeria Author
  • Dr. Victor Emmanuel Kulugh Department of cybersecurity, Bingham University, Karu, Nigeria Author

Keywords:

Supply Chain Security, Cyber-Physical Systems, Nigeria Telecommunications Infrastructure, Critical Infrastructure Protection, Risk Management Frameworks

Abstract

Supply-chain compromise has become a major source of systemic cyber risk because trusted vendors, 
firmware updates, managed service providers and third-party components can transmit vulnerabilities 
across organisational boundaries and into cyber-physical systems. This study develops a Unified Risk 
Management Framework (URMF) for assessing and mitigating supply-chain-to-cyber-physical
system risks in Nigeria’s telecommunications sector. The study adopts a qualitative design-science 
methodology combining documentary analysis, global case-study synthesis, dependency mapping, 
semi-structured expert interviews and scenario-based tabletop validation. Evidence was drawn from 
regulatory documents, vendor-related materials, international standards, open-source infrastructure 
information and interviews with stakeholders from regulatory, operational, vendor and cybersecurity
practitioner communities. Global incidents, including SolarWinds, NotPetya and Stuxnet, were 
analysed to identify transferable compromise pathways relevant to Nigeria’s telecommunications 
environment. The analysis shows that Nigeria’s telecommunications sector is exposed to supply-chain 
risks arising from foreign vendor dependence, limited public disclosure of procurement specifications, 
multi-vendor network complexity, constrained forensic capability, weak visibility into firmware 
provenance and uneven incident-escalation procedures. The tabletop exercises confirmed the practical 
value of the URMF while identifying persistent gaps in vendor access logging, patch-verification 
speed, escalation clarity and evidence-preservation capacity. The paper contributes by reframing 
supply-chain compromise as a cyber-physical resilience problem in an African telecommunications 
context; by showing how global supply-chain incidents can be translated cautiously into locally 
relevant risk scenarios; and by proposing a phased, stakeholder-informed URMF that integrates 
governance, technical assurance, vendor accountability, firmware integrity, SBOM adoption and 
incident-response coordination.

Author Biographies

  • Asmau Rabiu Abdullahi, Center for Cybersecurity Studies, Nasarawa State University, Keffi

    Department of Computer Science, Nasarawa State University, Keffi

  • Dr. Victor Emmanuel Kulugh, Department of cybersecurity, Bingham University, Karu, Nigeria

    Department of Cybersecurity, Bingham University, Karu, Nigeria
    Lecturer 1

Downloads

Published

2026-06-03

Issue

Vol. 1 No. 1 (2026)

Section

Articles