Accession Number:
AD1147505
Title:
Deliver Uncompromised: Securing Critical Software Supply Chains Proposal to Established an End-to-End Framework for Software Supply Chain Integrity
Descriptive Note:
[Technical Report, Study/Analysis]
Corporate Author:
MITRE CORP MCLEAN VA
Personal Author(s):
Report Date:
2021-01-01
Pagination or Media Count:
29
Abstract:
In 2017, the United States U.S. Office of the Director of National Intelligence ODNI released a short paper depicting the vast threat from software supply chain attacks.7 A software supply chain attack is defined as the compromise of software code through cyberattacks, insider threats, or other close access activities at any phase of the supply chain to infect an unsuspecting customer. 8 ODNI recognized that Hackers are circumventing traditional cyber defenses to compromise software and delivery processes to enable successful, rewarding and stealthy methods to subvert large numbers of computers through a single attack. Cyber experts predicted the use of this attack vector because 1 many software development and distribution channels lack proper cyber and process protections, and2 other cyberattack paths become less optimal as system owners improve the overall cybersecurity posture of their networks, components and computers. Adversaries can use these generalized attacks to target specific victims to conduct extortion campaigns or exfiltrate, manipulate or destroy data for some targeted, deliberate purpose.9
Descriptors:
- computers
- information systems
- intelligence community (united states)
- computer programming
- computer programs
- cybersecurity
- operating systems
- supply chain integrity
- computer access control
- cyberattacks
- network protocols
- systems engineering
- application software
- internet of things
- malware
- software development
- cryptography
- department of homeland security
- failure mode and effect analysis
- homeland security
Subject Categories:
- Computer Programming and Software
- Computer Systems Management and Standards