Cybersecurity and Supply Chain Risk Management Are Not Simply Additive Implications for Directions in Risk Assessment, Risk Mitigation, and Research to Secure the Supply of Defense Industrial Products / Victoria A. Greenfield, Jonathan W. Welburn, Karen Schwindt, Daniel Ish, Andrew J. Lohn, Gavin S. Hartnett.

Format:

Book

Author/Creator:

Greenfield, Victoria A., 1964-

Contributor:

Welburn, Jonathan William

Schwindt, Karen

Ish, Daniel

Lohn, Andrew J.

Hartnett, Gavin S.

Project Air Force (U.S.)

Rand Corporation.

United States. Department of the Air Force.

Series:

Research report (Rand Corporation) ; A532-1.

Report ; A532-1

Language:

English

Subjects (All):

United States. Air Force--Procurement.

United States.

United States. Air Force--Supplies and stores.

Computer security--Risk management.

Computer security.

Business logistics--Risk management.

Business logistics.

United States--Armed Forces--Procurement.

United States--Armed Forces--Supplies and stores.

Cybersecurity.

Game Theory.

Military Acquisition and Procurement.

Military Information Technology Systems.

Network Analysis.

Supply Chain Management.

Terrorism Risk Insurance.

Terrorism Risk Management.

Terrorism Threat Assessment.

Local Subjects:

Cybersecurity.

Game Theory.

Military Acquisition and Procurement.

Military Information Technology Systems.

Network Analysis.

Supply Chain Management.

Terrorism Risk Insurance.

Terrorism Risk Management.

Terrorism Threat Assessment.

Physical Description:

ix, 101 pages : illustrations ; 28 cm

Place of Publication:

Santa Monica, CA : RAND, 2023

Summary:

The Air Force Research Laboratory (AFRL) asked RAND Project AIR FORCE (PAF) for assistance understanding how cyber-related risks compare with other risks to its defense-industrial supply chains--a scope that included supply chains for hardware, not supply chains for software--and exploring implications for directions in risk assessment and mitigation and for research. AFRL was interested in how attackers might use supply chains to wage attacks, such as through malicious code, and how supply chains might, themselves, be targets of attack, such as through disruption. To conduct the analysis, PAF drew insights from the literatures on cybersecurity, supply chain risk management (SCRM), game theory, and network analysis and worked with sets of stylized supply chains and fundamental principles of risk management. The report uses the phrase cyber SCRM broadly to refer to the cybersecurity of supply chains, including attacks through supply chains to reach a target and attacks on supply chains in which the target of the attack is the supply chain itself.

Contents:

Chapter One: Introduction

Chapter Two: Lines of Effort

Chapter Three: The Particular Challenges of Cyber SCRM

Chapter Four: The Implications of Intentionality for Cyber SCRM

Chapter Five: Interactions Between Cyber-Related Risks and Supply Chains

Chapter Six: Conclusions

Appendix A: Definitions

Appendix B: Opportunities for Research on Cyber SCRM

Appendix C: Game-Theoretic Foundations

Appendix D: Insights from Network Analysis

Appendix E: Risk Management Methods.

Notes:

Title from PDF document (title page; viewed December 18, 2023)

"RAND PROJECT AIR FORCE"

"Prepared for the Department of the Air Force"

Includes bibliographical references (pages 92-101)

Description from electronic resource

ISBN:

1977412734

9781977412737

OCLC:

1415955340