We spend a lot of time securing our perimeter networks and our internal systems. We fret about public cloud and private data centers. But what if the hacking can be done at a level that we can’t even begin to detect? The supply chain is the grail of undetectable hacking. If you can get integrated into the supply chain of a device you can own every one of them from now until forever.
Bruce Schneier has some great thoughts on the need to secure the supply chain and what could happen if something really were to slip in and cause issues. As he states here:
This is an area that needs more research. Today, the advantage goes to the attacker. It’s hard to ensure that the hardware and software you examine is the same as what you get, and it’s too easy to create back doors that slip past inspection. And while we can find and correct some of these supply-chain attacks, we won’t find them all. It’s a needle-in-a-haystack problem, except we don’t know what a needle looks like. We need technologies, possibly based on artificial intelligence, that can inspect systems more thoroughly and faster than humans can do. We need them quickly.
Make sure you check out all his thoughts about the possibility of supply chain hacks.
Read more: Supply-Chain Security and Trust
- Predicting Data Patterns with Cradlepoint - January 16, 2020
- How Do RFC3161 Timestamps Work? - January 15, 2020
- Testing the Whole System with NetAlly EtherScope nXG - January 14, 2020
- Stupid Network Tricks - January 14, 2020
- There Is No Layer-2 in Public Cloud - January 8, 2020
- Assuring Your Service Level with Ixia IxProbe - January 8, 2020
- Wi-Fi and the Netflix Effect - December 27, 2019
- Figure Out What Problem You’re Trying to Solve - December 20, 2019
- Ensuring Unified Communications Success with NETSCOUT - December 19, 2019
- Network Stability Through Resilience Engineering - December 18, 2019