https://community.isc2.org/t5/Tech-Talk/Supply-chain-a-large-opportunity-for-attacks/m-p/51013#M3490 <P>The linked article, leading back to the actual original work cited, is a good example of the challenges of supply chain risk management (SCRM) in the cyber world. As background, I worked on the original, nascent &nbsp;US Defense Department SCRM program when it was still classified as <EM><A href="https://sgp.fas.org/crs/natsec/R40427.pdf" target="_blank" rel="noopener">Comprehensive National Cybersecurity Initiative</A> #11</EM>. At that time we made the observation, and tried to spread it widely, that in the traditional logistics community supply chain risk is all about risks <STRONG>TO</STRONG> the supply chain, such as damage, theft, delivery delays, transportation issues, intermediate warehouse problems, etc. Markedly different is supply chain risk in the cyber world, where we are concerned with risks <STRONG>THROUGH</STRONG> the supply chain. For our world, the focus is on the reality that the supply chain can become a very effective attack vector against most any operational activity.&nbsp;</P><P>&nbsp;</P><P>The article John linked to, without listing any of the 'important questions" he alluded to, is a good start on becoming aware of how cyber SCRM has become so complex in the past decade.</P><P>&nbsp;</P> Tue, 17 May 2022 11:42:16 GMT CraginS 2022-05-17T11:42:16Z https://community.isc2.org/t5/Tech-Talk/Supply-chain-a-large-opportunity-for-attacks/m-p/50999#M3488 <P>Hi All</P><P>&nbsp;</P><P>Black Asia raises some important questions about supply chain security.</P><P>&nbsp;</P><P><A href="https://www.darkreading.com/risk/black-hat-asia-firmware-supply-chain-woes-plague-device-security" target="_blank">https://www.darkreading.com/risk/black-hat-asia-firmware-supply-chain-woes-plague-device-security</A></P><P>&nbsp;</P><P>Regards</P><P>&nbsp;</P><P>Caute_Cautim</P> Mon, 09 Oct 2023 10:11:14 GMT https://community.isc2.org/t5/Tech-Talk/Supply-chain-a-large-opportunity-for-attacks/m-p/50999#M3488 Caute_cautim 2023-10-09T10:11:14Z https://community.isc2.org/t5/Tech-Talk/Supply-chain-a-large-opportunity-for-attacks/m-p/51013#M3490 <P>The linked article, leading back to the actual original work cited, is a good example of the challenges of supply chain risk management (SCRM) in the cyber world. As background, I worked on the original, nascent &nbsp;US Defense Department SCRM program when it was still classified as <EM><A href="https://sgp.fas.org/crs/natsec/R40427.pdf" target="_blank" rel="noopener">Comprehensive National Cybersecurity Initiative</A> #11</EM>. At that time we made the observation, and tried to spread it widely, that in the traditional logistics community supply chain risk is all about risks <STRONG>TO</STRONG> the supply chain, such as damage, theft, delivery delays, transportation issues, intermediate warehouse problems, etc. Markedly different is supply chain risk in the cyber world, where we are concerned with risks <STRONG>THROUGH</STRONG> the supply chain. For our world, the focus is on the reality that the supply chain can become a very effective attack vector against most any operational activity.&nbsp;</P><P>&nbsp;</P><P>The article John linked to, without listing any of the 'important questions" he alluded to, is a good start on becoming aware of how cyber SCRM has become so complex in the past decade.</P><P>&nbsp;</P> Tue, 17 May 2022 11:42:16 GMT https://community.isc2.org/t5/Tech-Talk/Supply-chain-a-large-opportunity-for-attacks/m-p/51013#M3490 CraginS 2022-05-17T11:42:16Z