A Proposed Framework for Mitigating Software Supply Chain Attacks in Defense Organizations

Abstract

A software supply chain attack is a cyber-attack where the attack targets the supply chain to damage the security of the software and the target environment. Therefore, this research addresses the critical issue of software supply chain attacks, which exploit vulnerabilities in third-party vendors, leading to third-party compromise and software dependencies posing significant risks to national security, operational capabilities, and organizational trust in Defense organizations. The key importance of this research lies in proposing a framework to mitigate software supply chain attacks for the Defense organization, a high-value entity in the defense sector. ​​The research employs a literature review, later conducting qualitative methodology through semi-structured interviews, and thematic analysis. Data collection will involve engaging participants from academia, industry, and military personnel in cybersecurity domains. The security framework is constructed by integrating insights from military-specific policies, global frameworks, and legal aspects in a few countries, followed by participant opinion and expert validation to ensure its comprehensiveness and relevance. The expected findings include identifying key components and vulnerabilities influencing software supply chain attacks, proposing a tailored framework for the Defense organization, and evaluating the proposed framework. The originality of this research lies in its focus on the Defense organization, adapting and integrating elements from global frameworks and military-specific policies to address unique challenges in a defense context. The practical significance of this research extends to scholars, industry professionals, and Defense organizations. The proposed framework will serve as a strategic tool for the Defense organization to enhance cybersecurity resilience, streamline decision-making processes, and foster trust in third-party engagements.