1 Fundamentals
This chapter covers
- Learning what supply chain is and isn’t
- Understanding the impacts of supply chain incidents
- Comprehending the primary goals and challenges of supply chain security
- Developing the high level concepts needed to help achieve the goals of supply chain security
A QA-only version of an application is deployed. A build system is hijacked to include bad code. Rogue open-source developers have written malicious code. Servers with unknown hardware installed on them are racked in a data center. These are examples of real supply chain vulnerabilities and attacks.
These attacks and vulnerabilities don’t just affect a single system, they affect multiple systems, in some cases these attacks can affect the entire Information Technology (IT) environment of an organization. They are also becoming increasingly frequent.
In 2021 there were over 12,000 supply chain security attacks recorded which was a 650% increase from the previous year.[1] Over half of organizations in a 2022 survey have been impacted by supply chain attacks.[2]