write a research-based report on Cyber and IT supply chain risks which the client company, Sifers-Grayson must be aware of. This report will be presented
The post Supply Chain Risk Analysis first appeared on COMPLIANT PAPERS.
write a research-based report on Cyber and IT supply chain risks which the client company, Sifers-Grayson must be aware of. This report will be presented to the company’s executive leadership to help them understand the overall problem of Cyber and IT supply chain risk. This problem has been raised to the attention of the company’s executive leadership by two influential customers — the US Department of Defense and US Department of Homeland Security. These two customers have raised concerns about the company’s preparedness to address and mitigate cybersecurity risks which could result from supply chain attacks. In their letter to Sifers-Grayson, these customers asked the company “what are you doing to prevent supply chain attacks?”
Background
Nofsinger consultants met with the government officials and learned that they were concerned about managing the risks from attacks such as the 2020 Solar Winds attacks and longstanding trojans/backdoor attacks in network hardware (e.g. Huawei routers) and computer system components. The Solar Winds attack compromised the software update mechanisms for a widely used set of network management tools (Korolov, 2021). Supply chain attacks which compromise hardware components purchased from non US sources are also of concern.
Nofsinger consultants also analyzed the internal business processes involved in the engineering supply chain for client Sifers-Grayson. They have learned that, when a Sifers-Grayson engineer needs parts to build a robot or drone, the engineer will place an internal order from the company’s parts stockroom. If the stockroom does not have the part immediately available, an employee will place an order with an approved vendor. These vendors are equipment resellers who purchase components from a number of manufacturers and suppliers. The company also makes purchases of components for some systems via e-Commerce websites and has encountered supply chain issues as a result of using these systems to purchase common components such as CPU chips, memory chips, programmable control chips, power supplies, graphics cards, network interface cards, and mass storage devices. Some may be brand-name components while other, less expensive products, are made by companies who are less well known. They also learned that Sifers-Grayson does not have a controlled process for testing software updates prior to the updates being installed on computer systems in the company’s R&D labs.
Finally, the consultants learned through interviews that, at times, there are supply chain shortages which may result in a reseller substituting generic products for brand name products. The consultants informed Sifers-Grayson that such substitutions can increase risks associated with purchasing products from third parties whose reputations are unknown or less well established. The company responded that it has a quality assurance process which checks purchased parts for physical damage or lack of functionality. The consultants believe that this process can be improved to reduce the likelihood of an undetected supply chain attack (e.g. malware loaded onto a USB or SSID mass storage device, programmable control chip, etc.).
Your Task
Your task is to build upon the business analysis previously conducted by the Nofsinger consultants (see overview section in this file). You must research the problems of hardware and software supply chain attacks and then write a research-based report for Sifers-Grayson executives which will provide them with information they can use to evaluate proposed solutions for addressing the identified supply chain risks. Use the authoritative sources provided below (under “Research”) to start your investigation into the issues. Then, follow the required outline (See “Write” in this file) to organize and write your report. You must paraphrase information from your authoritative
The post Supply Chain Risk Analysis first appeared on COMPLIANT PAPERS.
