abstract:A supply chain attack is a cryptographic attack where a product, typically a device that performs encryption or secure transactions, is tampered with during manufacture or while it is still in the supply chain by persons with physical access. The tampering may, for example, install a rootkit or hardware-based spying components.
It is as true now as it ever was that the weakest part of a chain is where you should attack, and the supply chains in our modern global, hyper-connected economy are highly extended and, for larger international corporations, you can have upwards of 5, 000 to 10, 000 smaller suppliers inputting to your end products and services.