lunes, 6 febrero 2023
Visitas totales a la web: 88326630

El portal de los profesionales de seguridad y emergencias

Nº 1 del mundo en español en seguridad global

Soluciones de seguridad global

Supply Chains Have a Cyber Problem

Jonathan William Welburn. Operations researcher at the nonprofit, nonpartisan RAND Corporation. His research includes systemic risk in economic systems, supply chain risks, cybersecurity, and deterrence.

In May, JBS S.A., the world’s largest meat producer, suffered a ransomware attack disrupting beef production in the United States, Canada, and Australia. That came after another ransomware attack, then against Colonial, disrupted gas supplies in the eastern United States and drove up prices. If it wasn’t before, it’s now painfully clear that the intersection of cyberattacks and supply chains creates a wicked new form of risk—and the stakes are as much about national security as they are economics.

Last December, for example, hackers breached the company SolarWinds and compromised a software product called Orion. Orion, sitting within the software supply chain of numerous government agencies and nearly all of the Fortune 500‘s firms, gave the hackers unfettered and trusted access to sensitive systems for months without detection. This was the most prominent example to date of what cybersecurity analysts call a “supply chain attack”—one in which hackers gain entry to an organization’s systems through its computer hardware or software vendors.

SolarWinds wasn’t the first big supply chain attack, however. In 2017, the NotPetya cyberattack crippled thousands of organizations worldwide. Hackers in that case compromised accounting software used by companies, hospitals, schools, and government agencies. That gave hackers the ability to destroy tens of thousands of computers in a single attack. The effects rippled outward like a shockwave. And once the malware reached companies like Maersk, the large shipping company at the center of global supply chains, the digital supply chain disruption turned into a physical supply chain disruption worldwide.

The intersection of cyberattacks and supply chains creates a wicked new form of risk—and the stakes are as much about national security as they are economics.Share on Twitter

This is the first part of the cyber problem in a nutshell: Disruptions keep traveling through software linkages, stalling new parts of the physical supply chain.

But the reverse is potentially true as well: Compromised physical goods can become cyber risks.

The saga over Supermicro is Exhibit A. In 2018, Bloomberg Businessweek reported that Chinese spies had compromised the San Jose company’s computer hardware. Supermicro produced motherboards for another company, Elemental, which uses them in very expensive video-processing servers. The Bloomberg article alleged that somewhere along this production chain, subcontractors inserted a tiny chip that allowed a hack on Elemental’s downstream customers including banks, Apple, and the U.S. Department of Defense.

The report has been met with consistent denial and backlash. But it provided a window into how devastating infiltrating computing supply chains could be. That, of course, may make such targets even more attractive to not just spies but also cybercriminals.

Don’t expect an end to cyber-driven supply chain disruptions any time soon. Hackers prey on targets with a large “attack surface.” The more open ports to exploit, open machines to corrupt, or even open humans willing to open suspicious emails, the larger the attack surface. Supply chains, by linking together hundreds if not thousands of firms, present the perfect attack surface.

We are quickly entering a world where cyber disruptions easily become supply chain disruptions, and where supply chains for hardware and software create new cyber risks. Managing these will demand digital-era solutions, including updating tools, regulations, and reporting requirements.

One move in that direction is the Biden administration’s recent Executive Order on Improving the Nation’s Cybersecurity. It tells the Department of Commerce to develop standards and procedures for a Software Bill of Materials—basically a list of digital ingredients. This kind of labeling could allow analysts to trace bits of vulnerable code to their end use in software. That is a crucial first step. The next? Mapping the firms—or whole industries—that rely on particular software so that the vulnerable businesses might be warned.

Fuenterand.org
Fecha de publicaciónjunio 22, 2021

BELT.ES no se hace responsable de las opiniones de los artículos reproducidos en nuestra Revista de Prensa, ni hace necesariamente suyas las opiniones y criterios expresados. La difusión de la información reproducida se realiza sin fines comerciales. 

Listado de Expertos

Recomendado

Profesión militar: Obediencia debida frente a la obligación de disentir

Con ocasión de la realización de estudios en el Instituto Universitario Gutiérrez Mellado tuve la ocasión de leer y analizar una serie de documentos de opinión que trataban en profundidad las diferentes facetas presentes en el campo de las relaciones cívico-militares; temas que , habitualmente, no han estado presentes en los diferentes cursos y actividades formativas en la enseñanza militar, ni, por supuesto, en la civil.

El amor de Macarena Olona por la Guardia Civil empieza por su pareja, un joven oficial condecorado

El padre de su hijo llegó a la Benemérita como militar de carrera y, los que le...

La artillería ‘made in USA’ comprada por Marruecos que deja fuera de juego a España

El país magrebí sigue reforzando sus fuerzas armadas a golpe de talonario, y no lo hace de...

Últimas noticias

El Plan de seguridad. (El Esperado modelo estatal para eventos)

La seguridad de un evento deportivo o recreativo requiere objetivos, planificación, dotación, implantación y evaluación de resultados.

Sistemas de Extinción por Gas: Manual Práctico para el Diseño, Instalación y Mantenimiento

Este Documento Técnico tiene como objetivo dar a conocer las peculiaridades de los Sistemas de Extinción por Gas, sus puntos fuertes y...

A CSO’s challenge for building a global risk strategy

Without a strategy, security plans are almost impossible to implement, and C-suite engagement can be jeopardized Global security risks...

Este timbre para bicicletas es el lugar perfecto para esconder un AirTag sin que los ladrones lo sepan

Los AirTags de Apple desbancaron con su nacimiento al resto de opciones del mercado entre los usuarios de Apple. Esta solución de rastreo se...

Este timbre para bicicleta es el lugar perfecto para esconder un AirTag sin que los ladrones lo sepan

Bajo un timbre o un portabotellas, esta compañía ha ideado unos escondites para colocar los rastreadores a prueba de robos y pérdidas.