Supply Chain Attacks and Resiliency Mitigations

May 2018
Topics: Cybersecurity, Resiliency, Information Security Architecture
William J. Heinbockel, The MITRE Corporation
Ellen Laderman, The MITRE Corporation
Gloria J. Serrao, The MITRE Corporation
Download PDF (1.63 MB)

Cyber Resiliency Engineering can be applied to systems, missions, business functions, organizations or a cross-organizational mission. In this paper, cyber resiliency is applied to the problem of mitigating supply chain attacks. The adversary’s goals for attacking a supply chain are described using the cyber-attack lifecycle framework and the Department of Defense (DoD) Acquisition lifecycle. Resiliency techniques are recommended considering adversary goals and best options to defend against the attacks. The analysis in this document found that the most effective point to apply cyber resiliency mitigations is the Production and Deployment phase because this reduces the number of attacks overall. The best place to gain information about adversary targets and activities are both the Engineering and Manufacturing Development phase and the Production and Deployment phase. An example of how to apply these resiliency techniques is provided based on the Commercial Solutions for Classified capability package for a Wireless Local Area Network (WLAN).


Publication Search