Supply Chain Security

Extracted Attributes

• Scope

  Encompasses both digital and physical security aspects of software, services, and products, focusing on risk management of external suppliers, vendors, logistics, and transportation.

• Definition

  Activities designed to enhance the security of the supply chain or value chain, which includes transport and logistics systems for global cargo.

• Importance

  Critical for organizational performance and business continuity, as vulnerabilities can emerge at any stage and lead to catastrophic consequences.

• Related Concepts

  Supply chain management, risk management, cybersecurity, global trade, geopolitical rivalry, economic policies, state-sponsored corporatism.

• Primary Objective

  To facilitate legitimate trade by combining traditional supply chain management with security requirements driven by threats such as terrorism, piracy, theft, and cyberattacks.

• Threats Addressed

  Terrorism, piracy, theft, cyberattacks (e.g., ransomware, data breaches like MOVEit and SolarWinds), counterfeit products, human error, and unpatched software vulnerabilities.

• Typical Activities

  Credentialing of participants, screening and validating cargo contents, advance notification to destination countries, securing cargo in transit (e.g., locks, tamper-proof seals), and inspecting cargo on entry.

• Recommended Frameworks

  NIST Cybersecurity Framework (CSF) 2.0 for managing cyber risks.

Timeline

• The SolarWinds attack occurred, highlighting significant cybersecurity vulnerabilities within the supply chain. (Source: Web Search)

  2020-00-00

• The MOVEit hack demonstrated ongoing risks of third-party software vulnerabilities in supply chains, and ransomware attacks increased by over 70% in this year. (Source: Web Search)

  2023-00-00

Supply chain security

Supply chain security (also "supply-chain security") activities aim to enhance the security of the supply chain or value chain, the transport and logistics systems for the world's cargo and to "facilitate legitimate trade". Their objective is to combine traditional practices of supply-chain management with the security requirements driven by threats such as terrorism, piracy, and theft. A healthy and robust supply chain absent from security threats requires safeguarding against disturbances at all levels such as facilities, information flow, transportation of goods, and so on. A secure supply chain is critical for organizational performance. Typical supply-chain security activities include: Credentialing of participants in the supply chain Screening and validating of the contents of cargo being shipped Advance notification of the contents to the destination country Ensuring the security of cargo while in transit, for example through the use of locks and tamper-proof seals Inspecting cargo on entry

Web Search Results

• What is Supply Chain Security? | Glossary | HPE

  Supply chain security is management of the supply chain that focuses on risk management of external suppliers, vendors, logistics, and transportation . It identifies, analyzes, and mitigates risks associated with working with outside organizations as part of your supply chain.

• Supply Chain Security: Why It's Important & 7 Best Practices

  The objective of supply chain security is to identify, evaluate, and mitigate risks that arise when working with third parties in the supply chain. It includes both digital and physical security aspects of software, services, and products. [...] A supply chain is the entirety of physical and software components involved in creating a product. Supply chain security is an aspect of supply chain management focusing on identifying and managing the security risks associated with external vendors, suppliers, transportation, and logistics. [...] The large scale of a modern supply chain increases the potential for security vulnerabilities to emerge at some stage of it, resulting in attack vectors across a large attack surface. Security management is more important than ever, given that a single security incident affecting a third-party vendor can have catastrophic consequences for other organizations further down the supply chain.

• [PDF] Best Practices in Cyber Supply Chain Risk Management

  to be less about a technology failure and more about human error. IT security systems won’t secure critical information and intellectual property unless employees throughout the supply chain use secure cybersecurity practices. 3. Security is Security. There should be no gap between physical and cybersecurity. Sometimes the bad guys exploit lapses in physical security in order to launch a cyber attack. By the same token, an attacker looking for ways into a physical location might exploit cyber [...] adopted a variety of practices that help them manage their cyber supply chain risks. These practices include: • Security requirements are included in every RFP and contract. • Once a vendor is accepted in the formal supply chain, a security team works with them on-­‐site to address any vulnerabilities and security gaps. • “One strike and you’re out” policies with respect to vendor products that are either counterfeit or do not match specification. • Component purchases are tightly controlled; [...] Page 1 National Institute of Standards and Technology Best Practices in Cyber Supply Chain Risk Management Conference Materials Cyber Supply Chain Best Practices In a Nutshell: Cybersecurity in the supply chain cannot be viewed as an IT problem only. Cyber supply chain risks touch sourcing, vendor management, supply chain continuity and quality, transportation security and many other functions across the enterprise and require a coordinated effort to address. Cyber Supply Chain Security

• Best practices for a secure software supply chain | Microsoft Learn

  To ensure a secure supply chain of dependencies, you will want to ensure that all of your dependencies & tooling are regularly updated to the latest stable version as they will often include the latest functionality and security patches to known vulnerabilities. Your dependencies can include code you depend on, binaries you consume, tooling you use, and other components. This may include: Visual Studio .NET SDK & Runtime NuGet NuGet packages ## Manage your dependencies [...] There are many methods to attack a supply chain, from directly inserting malicious code as a new contributor, to taking over a contributor’s account without others noticing, or even compromising a signing key to distribute software that is not officially part of the dependency. [...] The use of open source today is significant and is not expected to slow down anytime soon. Given that we are not going to stop using open-source software, the threat to supply chain security is unpatched software. Knowing that, how can you address the risk that a dependency of your project has a vulnerability?

• Top 10 Supply Chain Threats and How to Mitigate Them

  Understanding and mitigating supply chain threats will keep the supply chain running smoothly and business continuity. By being proactive with strategies like agile procurement, predictive analytics and robust cybersecurity businesses can build supply chains that can withstand many challenges. [...] Cybersecurity threats are on the rise with the growth of cloud connected supply chains and IoT networks. Ransomware attacks have increased by over 70% in 2023, and are on the road to be higher. High profile incidents like the MOVEit hack in 2023 and the SolarWinds attack in 2020 are a wake up call to the supply chain. To address these threats you need to invest in robust cybersecurity measures which include: [...] Having a strong framework (third party or vendor risk management framework in this case) like the NIST Cybersecurity Framework (CSF) 2.0 is critical for managing cyber risks in the supply chain. Implementing these forward thinking measures including third party risk assessments will protect your supply chain from potential cyber threats. ### Operational Inefficiencies