This report presents an examination of how cyber-related risks compare with other risks to defense-industrial supply chains, including how attackers might use supply chains to wage attacks, such as through malicious code, and how supply chains might, themselves, be targets of attack, such as through disruption. It also explores the implications of the differences in risks for directions in risk assessment and mitigation and for research.