We spend a lot of time securing our perimeter networks and our internal systems. We fret about public cloud and private data centers. But what if the hacking can be done at a level that we can’t even begin to detect? The supply chain is the grail of undetectable hacking. If you can get integrated into the supply chain of a device you can own every one of them from now until forever.
Bruce Schneier has some great thoughts on the need to secure the supply chain and what could happen if something really were to slip in and cause issues. As he states here:
This is an area that needs more research. Today, the advantage goes to the attacker. It’s hard to ensure that the hardware and software you examine is the same as what you get, and it’s too easy to create back doors that slip past inspection. And while we can find and correct some of these supply-chain attacks, we won’t find them all. It’s a needle-in-a-haystack problem, except we don’t know what a needle looks like. We need technologies, possibly based on artificial intelligence, that can inspect systems more thoroughly and faster than humans can do. We need them quickly.
Make sure you check out all his thoughts about the possibility of supply chain hacks.
Read more: Supply-Chain Security and Trust
- BGP and Car Safety - December 11, 2019
- Rethinking Networking Architecture with Arrcus - December 9, 2019
- Intro to NetworkMiner - December 6, 2019
- On The Hunt with Confluera - December 4, 2019
- How Difficult Is SD-WAN? - December 4, 2019
- Letting Go of the Digital Hoard - December 2, 2019
- Tackling Troublesome IoT with Fortinet - November 26, 2019
- Technology and Policymakers - November 26, 2019
- BGP Traffic Engineering - November 25, 2019
- The Value of Virtual Networks from Tesuto - November 20, 2019