Visible to the public Biblio

Filters: Keyword is cyber threats  [Clear All Filters]
2021-10-26
Kay Mereish, Andrew Alvarado-Seig, Hubert Bowditch, Jenifer Clark, Michelle Danks, George Guttman, Andrew K., Monique Mansoura, Nathan L., Kay M. et al..  2018.  Threats to Pharmaceutical Supply Chains. :1-18.

In the digital age, drug makers have never been more exposed to cyber threats, from a wide range of actors pursuing very different motivations. These threats can have unpredictable consequences for the reliability and integrity of the pharmaceutical supply chain. Cyber threats do not have to target drug makers directly; a recent wargame by the Atlantic Council highlighted how malware affecting one entity can degrade equipment and systems functions using the same software. The NotPetya ransomware campaign in mid-2017 was not specifically interested in affecting the pharmaceutical industry, but nevertheless disrupted Merck’s HPV vaccine production line. Merck lost 310 million dollars in revenue subsequent quarter, as a result of lost productivity and a halt in production for almost a week.

[Anonymous].  2019.  NCSC SCRM Best Practices.

Supply chain exploitation, especially when executed in concert with cyber intrusions, malicious insiders, and economic espionage, threatens the integrity of key U.S. economic, critical infrastructure, and research/development sectors.

[Anonymous].  2021.  Manufacturing and Production Sector.

The manufacturing and production industry must address physical, human, and cyber threats in order to secure their supply chains. Physical threats include climate change/natural disasters that may reduce the supply of raw materials and disrupt production of final products. Facility flaws – “guards and gates” – also present a physical threat that may allow penetration points at manufacturing sites. Malicious human actions (e.g., crime, sabotage, and terrorism) and non-malicious human actions (e.g., accidents and negligence) also threaten “just in time” manufacturing schedules. Finally, cyber threats including ransomware attacks, software supply chain exploits a means by which threat actors may compromise industrial control systems as well as corporate networks and information systems bringing production to a standstill.

2021-10-22
[Anonymous].  2021.  Defending Against Software Supply Chain Attacks . Cybersecurity and Infrastructure Security Agency. :1-16.

A software supply chain attack occurs when a cyber threat actor infiltrates a software vendor’s network and employs malicious code to compromise the software before the vendor sends it to their customers. The compromised software then compromises the customer’s data or system. Newly acquired software may be compromised from the outset, or a compromise may occur through other means like a patch or hotfix. In these cases, the compromise still occurs prior to the patch or hotfix entering the customer’s network. These types of attacks affect all users of the compromised software and can have widespread consequences for government, critical infrastructure, and private sector software customers. This document provides an overview of software supply chain risks and recommendations on how software customers and vendors can use the National Institute of Standards and Technology (NIST) Cyber Supply Chain Risk Management (C-SCRM) framework and the Secure Software Development Framework (SSDF) to identify, assess, and mitigate risks.