Identify supply chains

Supply chains include the people, processes, and technologies used to move a product or service from a supplier to a consumer. Understanding supply chains may provide an adversary with opportunities to exploit the technology or interconnections that are part of the supply chain. [1] [2] [3]

ID: T1246

Tactic: Technical Information Gathering

Version: 1.0

Similar Techniques by Tactic

TacticTechnique
Organizational Information GatheringIdentify supply chains
People Information GatheringIdentify supply chains

Detection

Detectable by Common Defenses (Yes/No/Partial): No

Explanation: Difficult, if not impossible to detect, because the adversary may collect this information from external sources that cannot be monitored by a defender.

Difficulty for the Adversary

Easy for the Adversary (Yes/No): No

Explanation: Supply chain diversity of sourcing increases adversary difficulty with accurate mapping. Industry practice has moved towards agile sourcing.

References

  1. Drew Smith. (2015). Is your supply chain safe from cyberattacks?. Retrieved March 5, 2017.
  2. CERT-UK. (2016, October 01). Cyber-security risks in the supply chain. Retrieved March 5, 2017.
  1. RSA Research. (2017, February). KINGSLAYER – A SUPPLY CHAIN ATTACK. Retrieved May 9, 2017.