Comprehensive Analysis and Recommendation of Supply Chain Risk Management Framework for the Military Domain

Supply Chain Risk Management (SCRM) involves managing the risks that exist throughout the process of delivering products from producers to end customers, ensuring that the products meet the end customers’ requirements safely. In the software industry, the delivery of products does not require physical access to execute attacks on the supply chain. As a result, attacks on the software supply chain can be carried out more easily compared to other industries, and their impact can spread rapidly. To manage the risks present in the software supply chain, various organizations such as NIST operate SCRM frameworks. But for the military, these common SCRM frameworks are not suitable due to the nature of military environments. This study analyzes existing frameworks and researches on SCRM and proposes a novel framework for military area. Additionally, a case study is conducted and feedback is gathered from employees working in cyber risk management positions within the military and defense industry professionals to assess the appropriateness and practical applicability of the proposed framework.