This article appeared in Cybersecurity Law & Strategy, an ALM publication for privacy and security professionals, Chief Information Security Officers, Chief Information Officers, Chief Technology Officers, Corporate Counsel, Internet and Tech Practitioners, In-House Counsel. Visit the website to learn more.

Countless organizations have devoted considerable amounts of resources and time building cybersecurity defenses in the last decade. However, efforts to build secure supply chain networks have only begun in recent years. Indeed, it was not until the April 2021 compromise of SolarWinds software that led to a swath of intrusions across government entities and various industries that attacks on supply chain networks became a common concern within the C-Suite. The heightened threat to distribution networks compelled attorneys, among other professionals, to rethink how best to protect existing infrastructure and allocate risks. This article details the anatomy of a supply chain cyberattack, explores the existing state of supply chain protective contractual terms, and proposes actionable steps with a collective approach to guide legal professionals through their precarious endeavors.

Anatomy of a Supply Chain Cyberattack