In a growing interdependent cybersecurity market place, it is nearly impossible to develop every part or component in house. Traditional supply chain risk management only deals with a supplier’s ability to deliver a product on time and within budget, and separately cyber focuses on the trustworthiness of the product that was delivered. However, electronics are nearly entirely manufactured offshore and concerns have risen about their trust worthiness, given that may contain potentially malicious functionality. To complicate matters further, vendors themselves are procuring products, such as test systems or subtractive or additive manufacturing, and both end users and vendors now need to be concerned that the products they are using and producing are affected by Cyber Supply Chain Risk Management (C-SCRM).
- An overview of recent cyber supply chain attacks.
- Observations from the industry on NISTIR 8276 key practices in C-SCRM.
- An overview of NIST SP 800-161 Supply Chain Risk Management Practices for Federal Information Systems and Organizations.
- Understanding how does this impacts IT/OT.