The recently exposed SolarWinds cybersecurity incident has highlighted something those of us in the information-security business have long worried about: that the supply chain is a black box most of us have very little visibility into. It is a vast and diverse aggregation of both physical and virtual components of almost impenetrable origin and complexity.
The opaque nature of this conglomeration of systems results in digital security vulnerabilities that very few organizations have even tried to fathom, yet unwittingly accept. That may be changing. Jennifer Bisceglie, CEO of the supply-chain resilience company Interos, spends a lot of time talking with government organizations about supply-chain issues. "Given the unprecedented wave of supply-chain shocks we witnessed in 2020 the COVID-19 pandemic, the SolarWinds cyberattack and the impact of escalating trade wars with China organizations are beginning to realize they need to devote more attention to supply-chain risk," she says.
Supply chains are the backbone of today's global economy, and any organization public or private that relies on one to accomplish its business goals is a player in supply-chain cybersecurity risk management. Cyber-enabled supply-chain attacks can now result in vastly disproportionate harm compared to the minimal resources required to execute an attack. The good news is that robust, ever-improving technology is available today to provide organizations with the tools to identify their extended supply chains and monitor their risk factors. But software is only one part of a strong risk-mitigation strategy.
People often think of the supply chain as the logistical framework for getting a physical product from point A to point B, including activities involved in the sourcing and conversion of products and the collaboration among suppliers, intermediaries and customers. But the exploding global digital transformation has altered supply-chain risks dramatically to include a mystifying accumulation of software code and application relationships that generate perplexing cybersecurity risk-management challenges.
Supply-chain cybersecurity is taking an increasingly prominent role in many organizations because divining the provenance of components and software, and the relationships between systems critical to government and business operations, is crucial to knowing how to protect those systems. "If an organization doesn't understand which third parties have access to its network and present the greatest risk to its data, its digital ecosystem becomes a ticking time bomb just waiting to be exploited," says Fred Kneip, CEO of the security software company CyberGRX. This is especially true for government organizations where citizen privacy is at risk and in those sectors of the economy from energy to communications to water systems that are designated as essential critical infrastructure.
Supply-chain cybersecurity risk management is focused on the threats to disrupt, degrade or destroy IT systems, software and network infrastructure. Cyber-related disruptions can impact all of the multi-tier organizational relationships in the supply chain. What happened to the Maersk shipping company is instructive. Maersk is responsible for 20 percent of the world's shipping capacity, and when it was infected with the NotPetya malware in 2017, its 800-ship fleet, which is supported by 80,000 employees in 574 offices across 130 countries, was quite literally dead in the water. That was bad news for Maersk of course, but even worse news for the millions of customers who depend on the company for fresh and frozen food products, raw materials for manufacturing and products destined for the retail market.
A 2017 Wired article highlighted several other examples of hackers exploiting the digital supply chain, including one case in which a fake version of an Apple developer tool popular with Chinese app-builders resulted in the (at the time) largest-ever outbreak of malware on Apple devices.
And in October 2018, Bloomberg Businessweek raised the specter of a long-feared hardware attack on the supply chain, reporting that spy chips that could be used to alter or steal data had been discovered on components supplied by a Chinese subcontractor to Supermicro, a major U.S. supplier of servers and motherboards.
While all of the companies involved disputed the Bloomberg report, the value of Supermicro's stock dropped by more than 40 percent. For the public sector, the risks are far greater, bringing the potential for disruptions to everything from public health and safety to essential infrastructure. So what can your government organization do to understand and mitigate supply-chain cybersecurity risks? Some essential steps:
Map your supply chain and identify high-priority vendors most critical to your organization's ability to function.
Identify sub-tier suppliers whose critical IT components or software are embedded in your systems.
Create diversity in your supply chain so you don't have any single-point-of-failure vendors.
Know, without a doubt, what information systems your vendors can access via your own networks.
Establish baseline security controls to which you can hold all of your vendors accountable. To identify potential insider threats, make sure these security controls encompass their personnel employment practices.
Ensure that your organization's security team is integrated into the procurement process, including vendor assessments and vendor management.
John McAfee, the founder of the security software company that bears his name, is known for making wild and outlandish statements. But he hit the nail on the head when he said that "any logical structure that humans can conceive will be susceptible to hacking, and the more complex the structure, the more certain that it can be hacked." Our global supply-chain infrastructure is perhaps one of the most complex digital organisms to ever evolve, and government organizations need to be proactively diligent in recognizing the cybersecurity risks it presents.
Governing's opinion columns reflect the views of their authors and not necessarily those of Governing's editors or management.
Link:
Governments Supply-Chain Vulnerabilities and What to Do About Them - Governing
- John McAfee: Verge (XVG) is the Best Buy; XVG Price ... [Last Updated On: February 6th, 2018] [Originally Added On: February 6th, 2018]
- John McAfee Says DOGE Is His Coin of the Week [Last Updated On: February 23rd, 2018] [Originally Added On: February 23rd, 2018]
- John McAfee Admits Bitcoin Is A Total Scam - Your News Wire [Last Updated On: March 13th, 2018] [Originally Added On: March 13th, 2018]
- John McAfee Resurfaces With a Bang as Adviser to Crypto ... [Last Updated On: March 16th, 2018] [Originally Added On: March 16th, 2018]
- John McAfee: 'CIA Compromised Every Router In America' [Last Updated On: April 1st, 2018] [Originally Added On: April 1st, 2018]
- John McAfee announces bid for 2020 US presidential election [Last Updated On: June 5th, 2018] [Originally Added On: June 5th, 2018]
- Is John McAfee Pumping Cryptocurrencies for Cash ... [Last Updated On: June 14th, 2018] [Originally Added On: June 14th, 2018]
- John McAfees Latest Prediction: Major Crypto Price Surge ... [Last Updated On: July 3rd, 2018] [Originally Added On: July 3rd, 2018]
- John McAfee Says There is a War on Cryptocurrencies ... [Last Updated On: July 13th, 2018] [Originally Added On: July 13th, 2018]
- John McAfee Fled to Belize, But He Couldnt Escape Himself [Last Updated On: July 26th, 2018] [Originally Added On: July 26th, 2018]
- John McAfee Says He's No Longer Pitching ICOs "Due To SEC ... [Last Updated On: July 26th, 2018] [Originally Added On: July 26th, 2018]
- The New Fight | John McAfee [Last Updated On: July 26th, 2018] [Originally Added On: July 26th, 2018]
- John McAfee Fled to Belize, But He Couldnt ... - WIRED [Last Updated On: July 27th, 2018] [Originally Added On: July 27th, 2018]
- Teen hacks John McAfee's 'unhackable' crypto-baby to play ... [Last Updated On: August 11th, 2018] [Originally Added On: August 11th, 2018]
- John McAfee Boldly Predicts Bitcoin Will Surpass $15,000 Next ... [Last Updated On: August 20th, 2018] [Originally Added On: August 20th, 2018]
- John McAfee: I keep a gun in my hand while showering, sitting ... [Last Updated On: August 26th, 2018] [Originally Added On: August 26th, 2018]
- John McAfee: I keep a gun in my hand while showering ... [Last Updated On: August 29th, 2018] [Originally Added On: August 29th, 2018]
- Seth Rogen & Michael Keaton Join John McAfee Film King Of ... [Last Updated On: October 30th, 2018] [Originally Added On: October 30th, 2018]
- Seth Rogen, Michael Keaton Starring in John McAfee Movie ... [Last Updated On: October 30th, 2018] [Originally Added On: October 30th, 2018]
- John McAfee, Ripple (XRP) and the SEC - Global Coin Report [Last Updated On: December 19th, 2018] [Originally Added On: December 19th, 2018]
- Security Solutions: Endpoint, Cloud, Network ... - mcafee.com [Last Updated On: December 23rd, 2018] [Originally Added On: December 23rd, 2018]
- John McAfee undeterred by crashing market, says Bitcoin will ... [Last Updated On: December 27th, 2018] [Originally Added On: December 27th, 2018]
- John McAfee on Bitcoin: You Cant Stop It, Reiterates $1 ... [Last Updated On: December 27th, 2018] [Originally Added On: December 27th, 2018]
- JOHN MCAFEE: I'll decrypt the San Bernardino phone free of ... [Last Updated On: December 28th, 2018] [Originally Added On: December 28th, 2018]
- Blockchain wins the John McAfee Award for Destroying Time and ... [Last Updated On: January 2nd, 2019] [Originally Added On: January 2nd, 2019]
- Dr. John McAfee, MD - Book an Appointment - Carson City, NV [Last Updated On: January 2nd, 2019] [Originally Added On: January 2nd, 2019]
- John McAfee's Warning About That Presidential Alert - The ... [Last Updated On: January 2nd, 2019] [Originally Added On: January 2nd, 2019]
- John McAfee: "The Bull Market IS coming" - Ethereum World News [Last Updated On: January 22nd, 2019] [Originally Added On: January 22nd, 2019]
- John McAfee Biography - Thefamouspeople.com [Last Updated On: January 22nd, 2019] [Originally Added On: January 22nd, 2019]
- 'The Bitcoin (BTC) Bull Market IS Coming,' Reassures John ... [Last Updated On: February 4th, 2019] [Originally Added On: February 4th, 2019]
- JOHN MCAFEE: Join the crusade to save our country ... [Last Updated On: March 7th, 2019] [Originally Added On: March 7th, 2019]
- John McAfee: How No One Got Laid Through Ashley Madison ... [Last Updated On: March 7th, 2019] [Originally Added On: March 7th, 2019]
- McAfee Stands By $1 Million Bitcoin Price Prediction By 2020 [Last Updated On: April 14th, 2019] [Originally Added On: April 14th, 2019]
- Will McAfee Disclose Nakamoto's Identity? Crypto Will Suffer ... [Last Updated On: April 20th, 2019] [Originally Added On: April 20th, 2019]
- John McAfee 'knows true identity of Bitcoin creator Satoshi ... [Last Updated On: April 20th, 2019] [Originally Added On: April 20th, 2019]
- John McAfee - IMDb [Last Updated On: April 20th, 2019] [Originally Added On: April 20th, 2019]
- John McAfee Triggers Countdown to Unmask Bitcoin Creator ... [Last Updated On: April 20th, 2019] [Originally Added On: April 20th, 2019]
- John McAfee Dares Bitcoin SV Creator Craig Wright to ... [Last Updated On: May 5th, 2019] [Originally Added On: May 5th, 2019]
- Bitcoin Below $1M by 2020 is Impossible, It's Pure ... [Last Updated On: May 13th, 2019] [Originally Added On: May 13th, 2019]
- Bitcoin Price Will Reach $1 Million in 2020, Or Youre an ... [Last Updated On: May 13th, 2019] [Originally Added On: May 13th, 2019]
- Bored? John McAfees New App Will Harass & Reward You in BTC [Last Updated On: May 13th, 2019] [Originally Added On: May 13th, 2019]
- John McAfee asks his Twitter followers to stop sending him ... [Last Updated On: May 13th, 2019] [Originally Added On: May 13th, 2019]
- John McAfee slams US authorities as government closes in [Last Updated On: May 13th, 2019] [Originally Added On: May 13th, 2019]
- Overstock Shares Crash as Former CEO Cashes Out Goes All In on Crypto and Gold - CCN.com [Last Updated On: September 25th, 2019] [Originally Added On: September 25th, 2019]
- Tezos Pumps On Binance Listing, But What About US Crypto Exchange? - newsBTC [Last Updated On: September 25th, 2019] [Originally Added On: September 25th, 2019]
- Charles Hoskinson Interview From Ethereum To Cardano And IOHK - Nasdaq [Last Updated On: September 25th, 2019] [Originally Added On: September 25th, 2019]
- Bakkt to Launch Bitcoin Futures in Three Days, John McAfee: It ould Jump-Start Crypto Adoption - U.Today [Last Updated On: September 25th, 2019] [Originally Added On: September 25th, 2019]
- John McAfee Speaks On the Beatzcoin IEO Hosting On Probit Exchange - Coinpedia [Last Updated On: September 25th, 2019] [Originally Added On: September 25th, 2019]
- John McAfee: Bitcoin Custody to Become the Standard - CryptoPotato [Last Updated On: September 25th, 2019] [Originally Added On: September 25th, 2019]
- Federal Reserve Ramping Up Repo Operations In Early 2020 Will Prove A Strong Case For Bitcoin - ZyCrypto [Last Updated On: December 16th, 2019] [Originally Added On: December 16th, 2019]
- Verge Crashes Over 15% Ahead of Scheduled Hard Fork - Bitcoinist [Last Updated On: December 16th, 2019] [Originally Added On: December 16th, 2019]
- Mike Novogratz Starts 2020 with a Simpler Prediction for Bitcoin - Live Bitcoin News [Last Updated On: January 5th, 2020] [Originally Added On: January 5th, 2020]
- Trevon James Promised (And Claims He Did) Eating His Dogs Poop If Bitcoin Isnt At $10 By 2020 - CryptoPotato [Last Updated On: January 5th, 2020] [Originally Added On: January 5th, 2020]
- 7 Big Bitcoin and Cryptocurrency Predictions for 2020 - The Daily Hodl [Last Updated On: January 5th, 2020] [Originally Added On: January 5th, 2020]
- The Dickening of John McAfee is Less Than 1 year Away - The Merkle Hash [Last Updated On: January 5th, 2020] [Originally Added On: January 5th, 2020]
- Crypto Baron John McAfee Claims He Put Up Show Together with CIA and Zombie Coin - U.Today [Last Updated On: January 5th, 2020] [Originally Added On: January 5th, 2020]
- Let's look at what McAfee had to say about Bitcoin in 2019 - CryptoNewsZ [Last Updated On: January 5th, 2020] [Originally Added On: January 5th, 2020]
- John McAfee: Bitcoin Is Ancient Technology, As Ford Model T For Cars - CryptoPotato [Last Updated On: January 5th, 2020] [Originally Added On: January 5th, 2020]
- $1mn by 2020: John McAfee will still eat his own d*ck if ... [Last Updated On: January 5th, 2020] [Originally Added On: January 5th, 2020]
- I want the stage: McAfee will run for president in ... [Last Updated On: January 5th, 2020] [Originally Added On: January 5th, 2020]
- Bring it on! Hack This Bitcoin Wallet And Win $250,000, GK8 Dares Hackers - Coinfomania [Last Updated On: February 1st, 2020] [Originally Added On: February 1st, 2020]
- Binance CEO Strikes Back At FUD Over Reports That Exchange Is Not Authorized To Operate In Malta - ZyCrypto [Last Updated On: February 24th, 2020] [Originally Added On: February 24th, 2020]
- XRP Price Expected to Hit $1 Minimum as We Approach 2021 - U.Today [Last Updated On: February 24th, 2020] [Originally Added On: February 24th, 2020]
- John McAfee Praises Privacy Crypto, Reveals the Secret of Technical Progress - U.Today [Last Updated On: February 24th, 2020] [Originally Added On: February 24th, 2020]
- Johnny Depp: Upcoming Movies He Will Be Seen In - The Digital Weekly [Last Updated On: February 24th, 2020] [Originally Added On: February 24th, 2020]
- The rise, and fall, and rise of John McAfee, from tech ... [Last Updated On: February 29th, 2020] [Originally Added On: February 29th, 2020]
- John McAfee 2020 presidential campaign - Wikipedia [Last Updated On: February 29th, 2020] [Originally Added On: February 29th, 2020]
- 7 Things You Probably Didn't Know About John McAfee [Last Updated On: February 29th, 2020] [Originally Added On: February 29th, 2020]
- IRS fugitive John McAfee sent to UK after stint in ... [Last Updated On: February 29th, 2020] [Originally Added On: February 29th, 2020]
- Satoshi Nakaboto: Steven Seagal to pay $330K settlement for promoting a Bitcoin scam - The Next Web [Last Updated On: March 4th, 2020] [Originally Added On: March 4th, 2020]
- Satoshi Nakaboto: Bitcoin drives 50% of Cash Apps revenue - The Next Web [Last Updated On: March 4th, 2020] [Originally Added On: March 4th, 2020]
- Tim Draper's Proposal To Replace the US Dollar With Bitcoin (BTC) - UseTheBitcoin [Last Updated On: March 4th, 2020] [Originally Added On: March 4th, 2020]
- Alamance County makes its choices at the polls - Burlington Times News [Last Updated On: March 4th, 2020] [Originally Added On: March 4th, 2020]
- Elon Musk Just Sent The Best Cryptocurrency And Prank Bitcoin Rival Sharply HigherHeres Why - Forbes [Last Updated On: March 4th, 2020] [Originally Added On: March 4th, 2020]
- Social media companies are taking steps to tamp down coronavirus misinformation but they can do more - Middletown Press [Last Updated On: March 31st, 2020] [Originally Added On: March 31st, 2020]
- Over $7 Billion In Investments Expected to Enter the Cryptocurrency Market - Coin Idol [Last Updated On: April 2nd, 2020] [Originally Added On: April 2nd, 2020]
- Social media companies are taking steps to tamp down coronavirus misinformation but they can do more - Alton Telegraph [Last Updated On: April 2nd, 2020] [Originally Added On: April 2nd, 2020]
- Conservative Voices Are Pumping Out Coronavirus Misinformation on Twitter - Vanity Fair [Last Updated On: April 2nd, 2020] [Originally Added On: April 2nd, 2020]
- Social media platforms caught up in information overload amid coronavirus pandemic - The Sociable [Last Updated On: April 2nd, 2020] [Originally Added On: April 2nd, 2020]
- McAfee Finally On The Right Path - Forbes [Last Updated On: April 2nd, 2020] [Originally Added On: April 2nd, 2020]