The assessment of reliability of industrial automation hardware and software suppliers is commonplace. The September 2024 attacks on pagers and walkie-talkies in the Middle East, however, cast a shadow over the devices of reliable suppliers, also. The possibility of someone in the supply chain hiding harmful components or software in automation devices and systems requires thorough consideration. The EU cybersecurity directive (NIS2) and similar regulations also put demands for industrial entities to manage their supply chain risks.