According to the GAO-18-667T, reliance on a global supply chain introduces multiple risks to federal information systems. Supply chain threats are present during the various phases of an information system’s development life cycle and could create an unacceptable risk to federal agencies.
Malicious actors could exploit supply chain vulnerabilities, leading to the loss of the confidentiality, integrity, or availability of federal systems and the information they contain.
When attacking the supply chain, it is typically the hardware (but not limited to) especially when some hardware components include built in firmware that is tampered with. Devices can be compromised at any point throughout the supply chain and Rogue Devices can be delivered by a supplier to the end user.
Learn more about supply chain vulnerabilities in the white paper below.