Week 3: Understanding Supply Chain Threats
During the third week of National Supply Chain Integrity Month, CISA is emphasizing the importance of understanding supply chain threats. As technology evolves, so does the threat environment. Of particular importance is securing information and communications technology (ICT) supply chains. With ICT serving as the bedrock for the nation’s critical infrastructure, their supply chains are valuable targets for adversaries seeking to steal, compromise, alter, or destroy sensitive information being stored in and communicated through ICT.
Recent software compromises and other security incidents have revealed how new and inherent vulnerabilities in global supply chains can have cascading impacts that affect all users of ICT within and across organizations, sectors, and the National Critical Functions. To help organizations understand these threats and how to mitigate them, CISA’s ICT Supply Chain Risk Management (SCRM) Task Force developed the Threat Scenarios Report that provides acquisition and procurement personnel and others with practical, example-based guidance on supplier SCRM threat analysis and evaluation.
Using feedback from end users and stakeholders, the Task Force catalogued the universe of supply chain threats to develop a lexicon compartmentalized into nine categories (i.e., counterfeit parts, economic risks, external end-to-end supply chain risks, etc.). Additionally, they developed sample scenarios with mitigation controls intended to help an organization strengthen its security posture.
Download and share the ICT SCRM Task Force Threat Scenarios Report.
To learn more about how CISA enhances supply chain resiliency and to view online resources, visit www.cisa.gov/supply-chain-integrity-month.