1-11

Question 1

Who are the 4 participants in the supply chain?

Answer 1

Suppliers, Distributors, Manufacturers, and Retailers

Question 2

How are supply chains infiltrated?

Answer 2

Software: compromise development, malicious code injection, update tampering. Hardware: Tampering with manufacturing, inserting malicious components, counterfeits.

Question 3

What are some ways to mitigate Supply Chain Risks?

Answer 3

Diversify suppliers, develop contingency plans, collaborate with key stakeholders across the supply chain

Question 4

What is SCRM?

Answer 4

Supply chain risk management - implementation of strategies to manage uncertainty, identify vulnerabilities, mitigate risks, and ensure continuity.

Question 5

What are some SCRM endevours?

Answer 5

• Strategic alignment with enterprise risk management program.
  
  • Supply chain due diligence. Investigating as many layers in supply chain as much as possible
  • Dual or multi sourcing whenever possible.
  • Supply chain security mechanisms.
    Contracts and agreements.

Question 6

What is a Silicon Root of Trust?

Answer 6

Cryptographic hardware security module. Device integrity, secure boot, attestation, authentication, and lifecycle security

Question 7

What is a PUF?

Answer 7

Physically Unclonable Function - Unique and hard to replicate hardware identifier

Question 8

What is an SBOM?

Answer 8

Software Bill of Materials: Very detailed list of components, libraries, cryptographic signatures, and metadata used in software development of a software application.