TECHNIQUES
- Home
- Techniques
- PRE-ATT&CK
- Identify supply chains
Identify supply chains
Supply chains include the people, processes, and technologies used to move a product or service from a supplier to a consumer. Understanding supply chains may provide an adversary with opportunities to exploit the technology or interconnections that are part of the supply chain. [1] [2] [3]
ID: T1246
Sub-techniques:
No sub-techniques
Tactic:
Technical Information Gathering
Version: 1.0
Created: 14 December 2017
Last Modified: 17 October 2018
Similar Techniques by Tactic
Tactic | Technique |
---|---|
Organizational Information Gathering | Identify supply chains |
People Information Gathering | Identify supply chains |
Detection
Detectable by Common Defenses (Yes/No/Partial): No
Explanation: Difficult, if not impossible to detect, because the adversary may collect this information from external sources that cannot be monitored by a defender.
Difficulty for the Adversary
Easy for the Adversary (Yes/No): No
Explanation: Supply chain diversity of sourcing increases adversary difficulty with accurate mapping. Industry practice has moved towards agile sourcing.
References
- Drew Smith. (2015). Is your supply chain safe from cyberattacks?. Retrieved March 5, 2017.
- CERT-UK. (2016, October 01). Cyber-security risks in the supply chain. Retrieved March 5, 2017.
- RSA Research. (2017, February). KINGSLAYER – A SUPPLY CHAIN ATTACK. Retrieved May 9, 2017.
×