Identify supply chains
Supply chains include the people, processes, and technologies used to move a product or service from a supplier to a consumer. Understanding supply chains may provide an adversary with opportunities to exploit the technology or interconnections that are part of the supply chain.   
Similar Techniques by Tactic
|Organizational Information Gathering||Identify supply chains|
|People Information Gathering||Identify supply chains|
Detectable by Common Defenses (Yes/No/Partial): No
Explanation: Difficult, if not impossible to detect, because the adversary may collect this information from external sources that cannot be monitored by a defender.
Difficulty for the Adversary
Easy for the Adversary (Yes/No): No
Explanation: Supply chain diversity of sourcing increases adversary difficulty with accurate mapping. Industry practice has moved towards agile sourcing.
- Drew Smith. (2015). Is your supply chain safe from cyberattacks?. Retrieved March 5, 2017.
- CERT-UK. (2016, October 01). Cyber-security risks in the supply chain. Retrieved March 5, 2017.
- RSA Research. (2017, February). KINGSLAYER – A SUPPLY CHAIN ATTACK. Retrieved May 9, 2017.