Supply-Chain Attacks: Why the U.S. Should Worry:

There are different types of supply-chain attacks: generic attacks, which attempt to sabotage all devices; and targeted attacks, which take advantage of knowing the end customer for a device. Additionally, supply-chain attacks on the software component can take place not only when a device is shipped but also whenever the software receives an update. There are also information-gathering supply-chain attacks in which a cloud service provider reveals data.

The U.S. government needs to take supply-chain attacks much more seriously and refine government purchasing in ways that resist these attacks. Some attacks—such as bulk sabotage of consumer chips or devices—are probably unavoidable. But wide-ranging attacks like these can cause only limited amounts of damage, because, unless they are particularly subtle, they are more likely to be detected.

(Via Lawfare – Hard National Security Choices)

Why supply chain isn’t a bigger discussion when discussing security boggles my mind. Every company and organization – and individual – is vulnerable.

Also on:

This site uses Akismet to reduce spam. Learn how your comment data is processed.

To respond on your own website, enter the URL of your response which should contain a link to this post's permalink URL. Your response will then appear (possibly after moderation) on this page. Want to update or remove your response? Update or delete your post and re-enter your post's URL again. (Learn More)