This exposes several possible risks:
- the possibility of interrupted operations
- the intercepting and collection of information
- and the possible tampering or corruption of information
Because of these risks this is why Enterprises should consider having a Supply Chain Risk Management (SCRM) process. Obviously enterprises that are responsible for Critical Infrastructure, Financial Institutions, Medical and Media have a higher bar to cross and should consider a broader scope for their SCRM process.
Some basic measures that are considered in any SCRM process include:
- Supplier Selection
- e.g. how they procure subcomponents and assemble these components
- Protection of supply chain
- e.g. physical and logical tamper protection
- e.g. auditing of new hardware to protect against embedded malicious code, eavesdropping potential, traffic redirection, etc.
- And Third party testing of acquired hardware to list a few
In Part 2, managing and dealing with your supply chain and reducing your organizations exposure to risk will be discussed.