The best description of the cyber threat to a central bank implementing strict risk mitigations for the hardware supply chain, including an allow list for specific countries of origin, is the risk of physical implants and tampering. Here’s why:
Supply Chain Security: The supply chain is a critical vector for hardware tampering and physical implants, which can compromise the integrity and security of hardware components before they reach the organization.
Targeted Attacks: Banks and financial institutions are high-value targets, making them susceptible to sophisticated attacks, including those involving physical implants that can be introduced during manufacturing or shipping processes.
Strict Mitigations: Implementing an allow list for specific countries aims to mitigate the risk of supply chain attacks by limiting the sources of hardware. However, the primary concern remains the introduction of malicious components through tampering.
[References:, CompTIA Security+ SY0-601 Study Guide by Mike Chapple and David Seidl, NIST Special Publication 800-161: Supply Chain Risk Management Practices for Federal Information Systems and Organizations, ISO/IEC 20243:2018 - Information Technology - Open Trusted Technology Provider Standard, , , , , , ]
Submit