Which of the following best describes the cyberthreat to the bank?

A central bank implements strict risk mitigations for the hardware supply chain, including an allow list for specific countries of origin .

Which of the following best describes the cyberthreat to the bank?
A . Ability to obtain components during wartime
B . Fragility and other availability attacks
C . Physical Implants and tampering
D . Non-conformance to accepted manufacturing standards

View Answer

Answer: C

Explanation:

The best description of the cyber threat to a central bank implementing strict risk mitigations for the hardware supply chain, including an allow list for specific countries of origin, is the risk of physical implants and tampering.

Here’s why:

Supply Chain Security: The supply chain is a critical vector for hardware tampering and physical implants, which can compromise the integrity and security of hardware components before they reach the organization.

Targeted Attacks: Banks and financial institutions are high-value targets, making them susceptible to sophisticated attacks, including those involving physical implants that can be introduced during manufacturing or shipping processes.

Strict Mitigations: Implementing an allow list for specific countries aims to mitigate the risk of supply chain attacks by limiting the sources of hardware. However, the primary concern remains the introduction of malicious components through tampering.

References:

CompTIA Security+ SY0-601 Study Guide by Mike Chapple and David Seidl

NIST Special Publication 800-161: Supply Chain Risk Management Practices for Federal

Information Systems and Organizations

ISO/IEC 20243:2018 – Information Technology – Open Trusted Technology Provider Standard