Supply Chain Attacks and Resiliency Mitigations: Guidance for System Security Engineers
Abstract
Cyber Resiliency Engineering can be applied to systems, missions, business functions, organizations or a cross-organizational mission. In this paper, cyber resiliency is applied to the problem of mitigating supply chain attacks. The adversary's goals for attacking a supply chain are described using the cyber-attack lifecycle framework and the Department of Defense (DoD) Acquisition lifecycle. Resiliency techniques are recommended considering adversary goals and best options to defend against the attacks. The analysis in this document found that the most effective point to apply cyber resiliency mitigations is the Production and Deployment phase because this reduces the number of attacks overall. The best place to gain information about adversary targets and activities are both the Engineering and Manufacturing Development phase and the Production and Deployment phase. An example of how to apply these resiliency techniques is provided based on the Commercial Solutions for Classified capability package for a Wireless Local Area Network (WLAN).
Document Details
- Document Type
- Technical Report
- Publication Date
- Oct 19, 2017
- Accession Number
- AD1108057
Entities
People
- Ellen R. Laderman
- Gloria J. Serrao
- William J. Heinbockel
Organizations
- MITRE Corporation