[1]Supply-Chain Attacks: Why the U.S. Should Worry:

     There are different types of supply-chain attacks: generic attacks,
     which attempt to sabotage all devices; and targeted attacks, which
     take advantage of knowing the end customer for a device.
     Additionally, supply-chain attacks on the software component can
     take place not only when a device is shipped but also whenever the
     software receives an update. There are also information-gathering
     supply-chain attacks in which a cloud service provider reveals data.

     …

     The U.S. government needs to take supply-chain attacks much more
     seriously and refine government purchasing in ways that resist these
     attacks. Some attacks-such as bulk sabotage of consumer chips or
     devices-are probably unavoidable. But wide-ranging attacks like
     these can cause only limited amounts of damage, because, unless they
     are particularly subtle, they are more likely to be detected.

   (Via [2]Lawfare - Hard National Security Choices)

   Why supply chain isn't a bigger discussion when discussing security
   boggles my mind. Every company and organization - and individual - is
   vulnerable.
   Also on:

   [3]Twitter
     __________________________________________________________________

   My original entry is here: [4]Supply-Chain Attacks: Why the U.S. Should
   Worry. It posted Wed, 27 Jun 2018 10:28:48 +0000.
   Filed under: business,

References

   1. https://www.lawfareblog.com/supply-chain-attacks-why-us-should-worry
   2. https://www.lawfareblog.com/recent
   3. https://twitter.com/TokyoGringo/status/1011920774196801542
   4. https://www.prjorgensen.com/?p=1236