Cybersecurity and Supply Chain Risk Management Are Not Simply Additive Research Summary

Abstract

Our analysis in this report and such events as a 2017 cyberattack that impaired commercial distribution globally and the 2020 SolarWinds breach lend credence to the view that costly cyberattacks have become an eventuality for many organizations. Against that backdrop, the Air Force Research Laboratory (AFRL) asked RAND Project AIR FORCE (PAF) for assistance understanding how cyber-related risks compare with other risks to its defense industrial supply chainsa scope that included supply chains for hardware, not supply chains for software and exploring implications for directions in risk assessment and mitigation and for research. AFRL was interested in how attackers might use supply chains to wage attacks, such as through malicious code, and how supply chains might, themselves, be targets of attack, such as through disruption.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Dec 01, 2020
Accession Number
AD1217098

Entities

People

  • Andrew J. Lohn
  • Daniel Ish
  • Gavin S. Hartnett
  • Jonathan W. Welburn
  • Karen Schwindt
  • Victoria A. Greenfield

Organizations

  • RAND Corporation

Tags

DTIC Thesaurus Topics

  • Air Force
  • Air Force Research Laboratories
  • Business Administration
  • Combat Readiness
  • Cyberattacks
  • Cybersecurity
  • Game Theory
  • Information Security
  • National Security
  • Risk
  • Risk Analysis
  • Risk Management
  • Risk Reduction
  • Security
  • Space Force
  • Supply Chain
  • United States

Readers

  • Aerospace logistics and air mobility.
  • Cybersecurity.
  • Systems Analysis and Design

Technology Areas

  • Cyber