The Australian Cyber Security Center has published a guide on identifying cyber supply chain risks in suppliers, manufacturers, distributors and retailers.

A key area flagged is foreign control, influence and interference and suggests a questionnaire for the suppliers which includes the following questions:

  • What access might a foreign government gain in controlling or interfering with the business?
  • What access does the business’ products or services have within their customers’ environments?
  • Where does the business operate?
  • Where is the business headquartered?
  • Who has controlling shares in the business?
  • What are the nationalities of board members and key employees?
  • What ties do board members and key employees have to the government of countries they operate in?
  • Is there any evidence of corrupt or criminal activities by board members or key employees?

Other areas flagged include:

  •  Poor security practice
  •  Lack of transparency
  • Access and privileges

Read the full text of the Australian Cyber Security Center guide.