There is an outright conflict between cybersecurity and supply chain risk management (SCRM), and simply adding those together can lead to an increase in cyberattacks, a new report finds.
Researchers found that cybersecurity and supply chain risk management are in many instances at odds with each other. There are trade-offs, and understanding what those trade-offs look like will allow the Defense Department to better secure its defense industrial products supply, according to the authors of the new RAND Corp. report.
Against the backdrop of high-profile cyber attacks on the supply chains, the Air Force Research Laboratory asked the federally-funded think tank to help them understand how cyber risks compare to other risks in the defense-industrial supply chains and provide recommendations on how to have a comprehensive approach when addressing their needs together.
“In conventional SCRM…you would think, ‘Alright, I’m going to make my supply chain less risky by adding more potential suppliers, bringing more businesses and expanding my rolodex,’” Victoria Greenfield, a…
