Over the past decade, cyber-enabled supply chain attacks have emerged as a key feature of hybrid warfare. The rapid weaponization of the supply chain has changed the nature of those attacks, morphing the intended outcome from intelligence and intellectual property collection to destabilization. As access to cyber capabilities continues to flatten the adversarial landscape, the risk of cyber-enabled supply chain attacks will increase. They will destabilize nation-states through the erosion of trust and general chaos, hunting a combination of digital and physical targets. Moreover, attacks serve to distract while other activity is pursued. To stand against it, the government, critical infrastructure community, and private sector must rethink how partnerships are managed. Trust must be continuously proven and never absolute, and efforts to improve supply chain risk management practices must be expanded.
An ideal tool of hybrid warfare
Starting with Stuxnet in 2010, and manifesting most recently in the SolarWinds incident late last year, the explosion of cyber-enabled supply chain attacks is evidence that an era of…
