Guiding Supply Chain Security in Aeronautic Development
redundant flight systems on the Space Shuttle to fail . 7 Mandiant released a report showing a breakdown of an attack targeting a software supply chain , providing in-depth analysis on how a threat actor executed a supply chain compromise by using a prior network / system compromise and then laterally moving to the company ’ s legitimate software development environments and thus eventually affecting unaware consumers . 8 Without a framework to evaluate companies and their products , the industry will continue to lack critical information and resiliency within the supply chain .
System of Trustâ„¢ identifies the standard frameset for supply chain security risk . Industry and government partners all have the responsibility to implement or audit their supply chains . No single locus within this interconnected web can fully address supply chain security alone .
2 SIMILARITIES WITH SUPPLY CHAIN SECURITY ( SCS ) ISSUES IN OTHER DOMAINS
Every type of supply chain has suppliers , items of supply and services , and involves the assembly and movement of the item being passed along to either a consumer / user or another supply chain link . Most supply chains also include a disposal phase which may include the reuse or recycling of an item no longer needed as shown in Figure 2-1 . If the application of the re-furbished or recycled component is in the same grade application ( as opposed to a lower grade application which may also not be in aerospace or aviation ), then the visibility and security of the refurbishing or recycling process must also be part of the supply chain security .
Figure 2-1 : Supply chain flow example .
One reason supply chains are a focus of attention is the capacity to ship or move goods cheaply across the United States or the world , as shown in Figure 2-2 . This means that most supply chains can include items and actors from anywhere .
7 https :// web . archive . org / web / 20200115234428 / https :// apps . dtic . mil / dtic / tr / fulltext / u2 / 679158 . pdf
8 https :// cloud . google . com / blog / topics / threat-intelligence / 3cx-software-supply-chain-compromise / 6
August 2024