Identify supply chains
Supply chains include the people, processes, and technologies used to move a product or service from a supplier to a consumer. Understanding supply chains may provide an adversary with opportunities to exploit the people, their positions, and relationships, that are part of the supply chain.  
Similar Techniques by Tactic
|Technical Information Gathering||Identify supply chains|
|Organizational Information Gathering||Identify supply chains|
DetectionDetectable by Common Defenses (Yes/No/Partial): No
Explanation: Searching publicly available sources that cannot be monitored by a defender.
Difficulty for the AdversaryEasy for the Adversary (Yes/No): No
Explanation: Requires an intensive process to obtain the full picture. It is possible to obtain basic information/some aspects via OSINT. May be easier in certain industries where there are a limited number of suppliers (e.g., SCADA).
- Drew Smith. (2015). Is your supply chain safe from cyberattacks?. Retrieved March 5, 2017.
- CERT-UK. (2016, October 01). Cyber-security risks in the supply chain. Retrieved March 5, 2017.