Section 10.91 Supply Chain Attacks Flashcards
Objectives 2.2 Explain common threat vectors and attack surfaces. Objectives 2.3 Explain various types of vulnerabilities. Objectives 5.3 Explain the processes associated with third-party risk assessment and management.
1
Q
Supply Chain Attacks
A
An attack that targets a weaker link in the supply chain to gain access to a primary target
Exploit vulnerabilities in suppliers or service providers to access more secure systems
2
Q
CHIPS Act of 2022
A
U.S. federal statute providing funding to boost semiconductor research and manufacturing in the U.S.
■ Aims to reduce reliance on foreign-made semiconductors, strengthen the domestic supply chain, and enhance security
■ Semiconductors: Essential components in a wide range of products, from smartphones and cars to medical devices and defense systems
This act was to strengthen the semiconductor supply chain to make it more resillent
3
Q
4 main things
Safeguarding Against Supply Chain Attacks
A
- Vendor Due Diligence: Rigorous evaluation of vendor cybersecurity and supply chain practices
- Regular Monitoring & Audits: Continuous monitoring and periodic audits of supply chains to detect suspicious activities
- Education and Collaboration:
● Sharing threat information and best practices within the industry
● Collaborating with organisations and industry groups for joint defense - Incorporating Contractual Safeguards:
● Embedding cybersecurity clauses in contracts with suppliers or service providers
● Ensuring adherence to security standards with legal repercussions for non-compliance
