ANALYSIS: TRUE. The Supply Chain is the Perfect Asymmetric Target.

Two factors have brought the otherwise dry subject of supply chain security to the top of the political risk table. One has been the pandemic, in which we have become painfully aware of the fragility of supply chains and the over-dependence of Western countries on external providers, particularly in China. We have also realised how little we actually understand about our supply chains: which companies are in them, who owns them, who controls them and how they can be disrupted.

The other factor has been the SolarWinds attack, almost exactly a year ago. The sophistication of this compromise of the software supply chain, which had probably been active for at least a year before it was discovered, captured headlines around the world. This was partly because SolarWinds Orion was in use by a whole range of government agencies and major companies. More acutely than many other earlier third-party compromises, it illustrated why supply chain companies are such attractive targets: their security is often poor and they represent a softer way into a vast range of customers, including many companies that would in themselves be a hard target. The supply chain is the perfect asymmetric attack.

Read the whole thing.