Identify supply chains

Supply chains include the people, processes, and technologies used to move a product or service from a supplier to a consumer. Understanding supply chains may provide an adversary with opportunities to exploit the technology or interconnections that are part of the supply chain. [1] [2] [3]

ID: T1246
Sub-techniques:  No sub-techniques
Tactic: Technical Information Gathering
Version: 1.0
Created: 14 December 2017
Last Modified: 17 October 2018

Similar Techniques by Tactic

Tactic Technique
Organizational Information Gathering Identify supply chains
People Information Gathering Identify supply chains

Detection

Detectable by Common Defenses (Yes/No/Partial): No

Explanation: Difficult, if not impossible to detect, because the adversary may collect this information from external sources that cannot be monitored by a defender.

Difficulty for the Adversary

Easy for the Adversary (Yes/No): No

Explanation: Supply chain diversity of sourcing increases adversary difficulty with accurate mapping. Industry practice has moved towards agile sourcing.

References

  1. Drew Smith. (2015). Is your supply chain safe from cyberattacks?. Retrieved March 5, 2017.
  2. CERT-UK. (2016, October 01). Cyber-security risks in the supply chain. Retrieved March 5, 2017.
  1. RSA Research. (2017, February). KINGSLAYER – A SUPPLY CHAIN ATTACK. Retrieved May 9, 2017.