The Australian Cyber Security Center has published a guide on identifying cyber supply chain risks in suppliers, manufacturers, distributors and retailers.
A key area flagged is foreign control, influence and interference and suggests a questionnaire for the suppliers which includes the following questions:
- What access might a foreign government gain in controlling or interfering with the business?
- What access does the business’ products or services have within their customers’ environments?
- Where does the business operate?
- Where is the business headquartered?
- Who has controlling shares in the business?
- What are the nationalities of board members and key employees?
- What ties do board members and key employees have to the government of countries they operate in?
- Is there any evidence of corrupt or criminal activities by board members or key employees?
Other areas flagged include:
- Poor security practice
- Lack of transparency
- Access and privileges