Threat Category: Supply Chain
ID: SPC-2
Threat Description: Adversarial supply chain distribution channel personnel (e.g., packaging, shipping, receiving, or transfer) can intercept and replace legitimate critical hardware components with malicious ones.1
Threat Origin
Supply Chain Attack Framework and Attack Patterns 1
Exploit Examples
Not Applicable
CVE Examples
Not Applicable
Possible Countermeasures
Perform background checks on supply chain personnel as appropriate to the level of sensitivity of the component being distributed to detect placement or the potential for or actual manipulation by an adversary
References