Supply Chain Attacks and Resiliency Mitigations

Cyber Resiliency Engineering can be applied to systems, missions, business functions, organizations or a cross-organizational mission. In this paper, cyber resiliency is applied to the problem of mitigating supply chain attacks. The adversary’s goals for attacking a supply chain are described using the cyber-attack lifecycle framework and the Department of Defense (DoD) Acquisition lifecycle. Resiliency techniques are recommended considering adversary goals and best options to defend against the attacks. The analysis in this document found that the most effective point to apply cyber resiliency mitigations is the Production and Deployment phase because this reduces the number of attacks overall. The best place to gain information about adversary targets and activities are both the Engineering and Manufacturing Development phase and the Production and Deployment phase. An example of how to apply these resiliency techniques is provided based on the Commercial Solutions for Classified capability package for a Wireless Local Area Network (WLAN).