[1]Supply-Chain Attacks: Why the U.S. Should Worry:

    There are different types of supply-chain attacks: generic attacks,
    which attempt to sabotage all devices; and targeted attacks, which
    take advantage of knowing the end customer for a device.
    Additionally, supply-chain attacks on the software component can
    take place not only when a device is shipped but also whenever the
    software receives an update. There are also information-gathering
    supply-chain attacks in which a cloud service provider reveals data.

    …

    The U.S. government needs to take supply-chain attacks much more
    seriously and refine government purchasing in ways that resist these
    attacks. Some attacks-such as bulk sabotage of consumer chips or
    devices-are probably unavoidable. But wide-ranging attacks like
    these can cause only limited amounts of damage, because, unless they
    are particularly subtle, they are more likely to be detected.

  (Via [2]Lawfare - Hard National Security Choices)

  Why supply chain isn't a bigger discussion when discussing security
  boggles my mind. Every company and organization - and individual - is
  vulnerable.
  Also on:

  [3]Twitter
    __________________________________________________________________

  My original entry is here: [4]Supply-Chain Attacks: Why the U.S. Should
  Worry. It posted Wed, 27 Jun 2018 10:28:48 +0000.
  Filed under: business,

References

  1. https://www.lawfareblog.com/supply-chain-attacks-why-us-should-worry
  2. https://www.lawfareblog.com/recent
  3. https://twitter.com/TokyoGringo/status/1011920774196801542
  4. https://www.prjorgensen.com/?p=1236

You are viewing proxied material from sdf.org. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.