Other Risk Factors have matching hardware/software pairs, but the "threat actor" risk only had a hardware section.
