We spend a lot of time securing our perimeter networks and our internal systems. We fret about public cloud and private data centers. But what if the hacking can be done at a level that we can’t even begin to detect? The supply chain is the grail of undetectable hacking. If you can get integrated into the supply chain of a device you can own every one of them from now until forever.
Bruce Schneier has some great thoughts on the need to secure the supply chain and what could happen if something really were to slip in and cause issues. As he states here:
This is an area that needs more research. Today, the advantage goes to the attacker. It’s hard to ensure that the hardware and software you examine is the same as what you get, and it’s too easy to create back doors that slip past inspection. And while we can find and correct some of these supply-chain attacks, we won’t find them all. It’s a needle-in-a-haystack problem, except we don’t know what a needle looks like. We need technologies, possibly based on artificial intelligence, that can inspect systems more thoroughly and faster than humans can do. We need them quickly.
Make sure you check out all his thoughts about the possibility of supply chain hacks.
Read more: Supply-Chain Security and Trust
- Design: Is It One Site or Two? - October 15, 2019
- Investing in the CWNE - October 15, 2019
- Wi-Fi6 Ratification: Not So Fast My Friend - October 14, 2019
- Connectivity Solved with Aryaka - October 11, 2019
- All-In on AI With Mist and Juniper - October 10, 2019
- Firefox DNS-over-HTTPS for the Enterprise - October 9, 2019
- When Is Something SD-WAN? - October 8, 2019
- Supply-Chain Security and Trust - October 3, 2019
- Using SD-WAN to Unify Communications with NEC and InfoVista - October 3, 2019
- Customer FAQ: Is NAT Security? Should I Remove My Public IPv4 From My Internal Network? - October 1, 2019