martes, 9 agosto 2022
Visitas totales a la web: 87774756

El portal de los profesionales de seguridad y emergencias

Nº 1 del mundo en español en seguridad global

Soluciones de seguridad global

Supply Chains Have a Cyber Problem

Jonathan William Welburn. Operations researcher at the nonprofit, nonpartisan RAND Corporation. His research includes systemic risk in economic systems, supply chain risks, cybersecurity, and deterrence.

In May, JBS S.A., the world’s largest meat producer, suffered a ransomware attack disrupting beef production in the United States, Canada, and Australia. That came after another ransomware attack, then against Colonial, disrupted gas supplies in the eastern United States and drove up prices. If it wasn’t before, it’s now painfully clear that the intersection of cyberattacks and supply chains creates a wicked new form of risk—and the stakes are as much about national security as they are economics.

Last December, for example, hackers breached the company SolarWinds and compromised a software product called Orion. Orion, sitting within the software supply chain of numerous government agencies and nearly all of the Fortune 500‘s firms, gave the hackers unfettered and trusted access to sensitive systems for months without detection. This was the most prominent example to date of what cybersecurity analysts call a “supply chain attack”—one in which hackers gain entry to an organization’s systems through its computer hardware or software vendors.

SolarWinds wasn’t the first big supply chain attack, however. In 2017, the NotPetya cyberattack crippled thousands of organizations worldwide. Hackers in that case compromised accounting software used by companies, hospitals, schools, and government agencies. That gave hackers the ability to destroy tens of thousands of computers in a single attack. The effects rippled outward like a shockwave. And once the malware reached companies like Maersk, the large shipping company at the center of global supply chains, the digital supply chain disruption turned into a physical supply chain disruption worldwide.

The intersection of cyberattacks and supply chains creates a wicked new form of risk—and the stakes are as much about national security as they are economics.Share on Twitter

This is the first part of the cyber problem in a nutshell: Disruptions keep traveling through software linkages, stalling new parts of the physical supply chain.

But the reverse is potentially true as well: Compromised physical goods can become cyber risks.

The saga over Supermicro is Exhibit A. In 2018, Bloomberg Businessweek reported that Chinese spies had compromised the San Jose company’s computer hardware. Supermicro produced motherboards for another company, Elemental, which uses them in very expensive video-processing servers. The Bloomberg article alleged that somewhere along this production chain, subcontractors inserted a tiny chip that allowed a hack on Elemental’s downstream customers including banks, Apple, and the U.S. Department of Defense.

The report has been met with consistent denial and backlash. But it provided a window into how devastating infiltrating computing supply chains could be. That, of course, may make such targets even more attractive to not just spies but also cybercriminals.

Don’t expect an end to cyber-driven supply chain disruptions any time soon. Hackers prey on targets with a large “attack surface.” The more open ports to exploit, open machines to corrupt, or even open humans willing to open suspicious emails, the larger the attack surface. Supply chains, by linking together hundreds if not thousands of firms, present the perfect attack surface.

We are quickly entering a world where cyber disruptions easily become supply chain disruptions, and where supply chains for hardware and software create new cyber risks. Managing these will demand digital-era solutions, including updating tools, regulations, and reporting requirements.

One move in that direction is the Biden administration’s recent Executive Order on Improving the Nation’s Cybersecurity. It tells the Department of Commerce to develop standards and procedures for a Software Bill of Materials—basically a list of digital ingredients. This kind of labeling could allow analysts to trace bits of vulnerable code to their end use in software. That is a crucial first step. The next? Mapping the firms—or whole industries—that rely on particular software so that the vulnerable businesses might be warned.

Fuenterand.org
Fecha de publicaciónjunio 22, 2021

BELT.ES no se hace responsable de las opiniones de los artículos reproducidos en nuestra Revista de Prensa, ni hace necesariamente suyas las opiniones y criterios expresados. La difusión de la información reproducida se realiza sin fines comerciales. 

Listado de Expertos

Recomendado

Profesión militar: Obediencia debida frente a la obligación de disentir

Con ocasión de la realización de estudios en el Instituto Universitario Gutiérrez Mellado tuve la ocasión de leer y analizar una serie de documentos de opinión que trataban en profundidad las diferentes facetas presentes en el campo de las relaciones cívico-militares; temas que , habitualmente, no han estado presentes en los diferentes cursos y actividades formativas en la enseñanza militar, ni, por supuesto, en la civil.

El amor de Macarena Olona por la Guardia Civil empieza por su pareja, un joven oficial condecorado

El padre de su hijo llegó a la Benemérita como militar de carrera y, los que le...

La artillería ‘made in USA’ comprada por Marruecos que deja fuera de juego a España

El país magrebí sigue reforzando sus fuerzas armadas a golpe de talonario, y no lo hace de...

Últimas noticias

La exigencia de ser alumno en la Academia de Artillería

El Colegio de Artillería del Alcázar fue designado como tal centro formativo el 29 de enero de...

El impresionante y olvidado resurgir de España con Felipe V

Desperta Ferro edita en castellano la obra de referencia del hispanista Christopher Storrs, donde prueba que la Monarquía Hispánica reivindicó un lugar...

Los 30 años del Samur: de «cinco o seis sanitarios» a «salvar 25.000 vidas»

"Quisimos que las Urgencias llegaran al ciudadano", dice Javier Quiroga, uno de los impulsores de este servicio que nació en 1992.

París 2024 no tendrá fútbol en Saint-Denis tras el escándalo de la final de la Champions League

El escándalo antes del Liverpool - Real Madrid supuso que la organización de los Juegos Olímpicos tome medidas. El atletismo sigue previsto...

Emperadores de HISPANIA

Trajano, Adriano. Marco Aurelio y Teodosio en la forja del Imperio Romano "Es una tierra bendecida": el poder de...