Supply Chain Attack Framework and Attack PatternsFebruary 2014
Topics: Critical Infrastructure Protection, Government Acquisition, Acquisition Management
During FY13, MITRE conducted an effort on behalf of the Office of the Assistant Secretary of Defense for Systems Engineering to address supply chain attacks relevant to Department of Defense acquisition program protection planning. The objectives of this work were to twofold.
First, we pulled together a comprehensive set of data sources to provide a holistic view of supply chain attacks of malicious insertion that, to date, has not been available.
Second, we generated a catalog of attack patterns that provides a structure for maturing the supply chain risk management aspects of system security engineering, together with potential application approaches for assessing malicious insertion in critical components of DoD systems being acquired or sustained.