Information Security News mailing list archives
Supply Chain Uncertainties Make Security Difficult
From: InfoSec News <alerts () infosecnews org>
Date: Thu, 24 Jan 2013 02:14:36 -0600 (CST)
http://www.darkreading.com/advanced-threats/167901091/security/security-management/240146871/supply-chain-uncertainties-make-security-difficult.html.html By Robert Lemos Contributing Writer Dark Reading Jan 23, 2013Supply-chain security has become a growing concern for national governments and large enterprises, but the degree to which compromised technology is a threat remains uncertain, especially since backdoors are hard to detect and, once found, deniable.
In November, the acting chief information officer of Los Alamos National Laboratory reported in a letter to the National Nuclear Security Administration that the lab's technicians had removed two network switches made by a subsidiary of network giant Huawei Technologies based in Hangzhou, China, according to a Reuters report published earlier this month. The letter came after the House Armed Service Committee requested information on supply-chain risks from the Department of Energy.
In ditching the Chinese hardware, LANL took a standard strategy to attempt to add greater security to the supply chain: Use only trusted suppliers. But the strategy does not guarantee that a compromised product will not make it into an organization's infrastructure.
"If you pull a router off the shelf and you look at all the manufacturers involved in the creation of that product--it's like buying a computer that is totally from the U.S.--it's hard to do that," says Andrew Howard, a research scientist at the Georgia Tech Research Institute's cybertechnology lab.
[...] ______________________________________________ Visit the InfoSec News Security Bookstore Best Selling Security Books and More!http://www.shopinfosecnews.org
Current thread:
- Supply Chain Uncertainties Make Security Difficult InfoSec News (Jan 24)