Supply Chain Attack Framework and Attack Patterns.

摘要

During FY13, MITRE conducted an effort on behalf of the Office of the Assistant Secretary of Defense for Systems Engineering (DASD SE) to address supply chain attacks relevant to Department of Defense (DoD) acquisition program protection planning. The objectives of this work were to: * Pull together a comprehensive set of data sources to provide a holistic view of supply chain attacks of malicious insertion that, to date, has not been available. * Generate a catalog of attack patterns that provides a structure for maturing the supply chain risk management (SCRM) aspects of system security engineering (SSE), together with potential application approaches for assessing malicious insertion in critical components of DoD systems being acquired or sustained.