Supply Chain Uncertainties Make Security Difficult

[InfoSec News <alerts () infosecnews org>]

http://www.darkreading.com/advanced-threats/167901091/security/security-management/240146871/supply-chain-uncertainties-make-security-difficult.html.html

By Robert Lemos
Contributing Writer
Dark Reading
Jan 23, 2013

Supply-chain security has become a growing concern for national governments and 
large enterprises, but the degree to which compromised technology is a threat 
remains uncertain, especially since backdoors are hard to detect and, once 
found, deniable.

In November, the acting chief information officer of Los Alamos National 
Laboratory reported in a letter to the National Nuclear Security Administration 
that the lab's technicians had removed two network switches made by a 
subsidiary of network giant Huawei Technologies based in Hangzhou, China, 
according to a Reuters report published earlier this month. The letter came 
after the House Armed Service Committee requested information on supply-chain 
risks from the Department of Energy.

In ditching the Chinese hardware, LANL took a standard strategy to attempt to 
add greater security to the supply chain: Use only trusted suppliers. But the 
strategy does not guarantee that a compromised product will not make it into an 
organization's infrastructure.

"If you pull a router off the shelf and you look at all the manufacturers 
involved in the creation of that product--it's like buying a computer that is 
totally from the U.S.--it's hard to do that," says Andrew Howard, a research 
scientist at the Georgia Tech Research Institute's cybertechnology lab.

[...]


______________________________________________
Visit the InfoSec News Security Bookstore
Best Selling Security Books and More!
http://www.shopinfosecnews.org