Home page logo
/

isn logo Information Security News mailing list archives

Supply Chain Uncertainties Make Security Difficult
From: InfoSec News <alerts () infosecnews org>
Date: Thu, 24 Jan 2013 02:14:36 -0600 (CST)

http://www.darkreading.com/advanced-threats/167901091/security/security-management/240146871/supply-chain-uncertainties-make-security-difficult.html.html

By Robert Lemos
Contributing Writer
Dark Reading
Jan 23, 2013

Supply-chain security has become a growing concern for national governments and large enterprises, but the degree to which compromised technology is a threat remains uncertain, especially since backdoors are hard to detect and, once found, deniable.

In November, the acting chief information officer of Los Alamos National Laboratory reported in a letter to the National Nuclear Security Administration that the lab's technicians had removed two network switches made by a subsidiary of network giant Huawei Technologies based in Hangzhou, China, according to a Reuters report published earlier this month. The letter came after the House Armed Service Committee requested information on supply-chain risks from the Department of Energy.

In ditching the Chinese hardware, LANL took a standard strategy to attempt to add greater security to the supply chain: Use only trusted suppliers. But the strategy does not guarantee that a compromised product will not make it into an organization's infrastructure.

"If you pull a router off the shelf and you look at all the manufacturers involved in the creation of that product--it's like buying a computer that is totally from the U.S.--it's hard to do that," says Andrew Howard, a research scientist at the Georgia Tech Research Institute's cybertechnology lab.

[...]


______________________________________________
Visit the InfoSec News Security Bookstore
Best Selling Security Books and More!
http://www.shopinfosecnews.org

  By Date           By Thread  

Current thread:
  • Supply Chain Uncertainties Make Security Difficult InfoSec News (Jan 24)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]