Supply Chain Risk is not the same as Supply Chain Cybersecurity. When looking at studies of military and commercial Supply Chain risk, Cybersecurity is not the leading concern. There is much more to Supply Chain Risk than Cybersecurity (see article here). A Supply Chain, especially with our aging systems, has a higher risk in dealing with Diminishing Manufacturing Sources and Material Shortages (DMSMS). Data integrity, in the form of incorrect data populating our information systems, is a concern. The data integrity risk is not from a hacker changing component data, but from authorized personnel incorrectly entering data. We make mistakes.
Our Supply Chain also faces risk from weather events, counterfeit parts and labor issues. These typically convert from a risk to an issue with little warning. Combine this with our leaning of Supply Chains, and now you can face a significant challenge. Therefore mitigation planning must be in place to control, avoid, assume or transfer the risk. This mitigation planning must be focused on what is most likely and has the greatest consequence.
Analyze your Supply Chain. Understand the greatest risks. Build your mitigation plans for those risks. Don't blindly assume Cybersecurity is the same as Supply Chain risk.