This paper details a study that addresses supply chain attacks relevant to Department of Defense acquisition program planning. MITRE compiled sets of data sources previously unavailable and generated a list of attack patterns related to supply chain risk.
Supply Chain Attack Framework and Attack Patterns
Download Resources
PDF Accessibility
One or more of the PDF files on this page fall under E202.2 Legacy Exceptions and may not be completely accessible. You may request an accessible version of a PDF using the form on the Contact Us page.
During FY13, MITRE conducted an effort on behalf of the Office of the Assistant Secretary of Defense for Systems Engineering to address supply chain attacks relevant to Department of Defense acquisition program protection planning. The objectives of this work were to twofold.
First, we pulled together a comprehensive set of data sources to provide a holistic view of supply chain attacks of malicious insertion that, to date, has not been available.
Second, we generated a catalog of attack patterns that provides a structure for maturing the supply chain risk management aspects of system security engineering, together with potential application approaches for assessing malicious insertion in critical components of DoD systems being acquired or sustained.