martes, 3 agosto 2021
Visitas totales a la web: 86690535

El portal de los profesionales de seguridad y emergencias

Nº 1 del mundo en español en seguridad global

Soluciones de seguridad global

Supply Chains Have a Cyber Problem

Jonathan William Welburn. Operations researcher at the nonprofit, nonpartisan RAND Corporation. His research includes systemic risk in economic systems, supply chain risks, cybersecurity, and deterrence.

In May, JBS S.A., the world’s largest meat producer, suffered a ransomware attack disrupting beef production in the United States, Canada, and Australia. That came after another ransomware attack, then against Colonial, disrupted gas supplies in the eastern United States and drove up prices. If it wasn’t before, it’s now painfully clear that the intersection of cyberattacks and supply chains creates a wicked new form of risk—and the stakes are as much about national security as they are economics.

Last December, for example, hackers breached the company SolarWinds and compromised a software product called Orion. Orion, sitting within the software supply chain of numerous government agencies and nearly all of the Fortune 500‘s firms, gave the hackers unfettered and trusted access to sensitive systems for months without detection. This was the most prominent example to date of what cybersecurity analysts call a “supply chain attack”—one in which hackers gain entry to an organization’s systems through its computer hardware or software vendors.

SolarWinds wasn’t the first big supply chain attack, however. In 2017, the NotPetya cyberattack crippled thousands of organizations worldwide. Hackers in that case compromised accounting software used by companies, hospitals, schools, and government agencies. That gave hackers the ability to destroy tens of thousands of computers in a single attack. The effects rippled outward like a shockwave. And once the malware reached companies like Maersk, the large shipping company at the center of global supply chains, the digital supply chain disruption turned into a physical supply chain disruption worldwide.

The intersection of cyberattacks and supply chains creates a wicked new form of risk—and the stakes are as much about national security as they are economics.Share on Twitter

This is the first part of the cyber problem in a nutshell: Disruptions keep traveling through software linkages, stalling new parts of the physical supply chain.

But the reverse is potentially true as well: Compromised physical goods can become cyber risks.

The saga over Supermicro is Exhibit A. In 2018, Bloomberg Businessweek reported that Chinese spies had compromised the San Jose company’s computer hardware. Supermicro produced motherboards for another company, Elemental, which uses them in very expensive video-processing servers. The Bloomberg article alleged that somewhere along this production chain, subcontractors inserted a tiny chip that allowed a hack on Elemental’s downstream customers including banks, Apple, and the U.S. Department of Defense.

The report has been met with consistent denial and backlash. But it provided a window into how devastating infiltrating computing supply chains could be. That, of course, may make such targets even more attractive to not just spies but also cybercriminals.

Don’t expect an end to cyber-driven supply chain disruptions any time soon. Hackers prey on targets with a large “attack surface.” The more open ports to exploit, open machines to corrupt, or even open humans willing to open suspicious emails, the larger the attack surface. Supply chains, by linking together hundreds if not thousands of firms, present the perfect attack surface.

We are quickly entering a world where cyber disruptions easily become supply chain disruptions, and where supply chains for hardware and software create new cyber risks. Managing these will demand digital-era solutions, including updating tools, regulations, and reporting requirements.

One move in that direction is the Biden administration’s recent Executive Order on Improving the Nation’s Cybersecurity. It tells the Department of Commerce to develop standards and procedures for a Software Bill of Materials—basically a list of digital ingredients. This kind of labeling could allow analysts to trace bits of vulnerable code to their end use in software. That is a crucial first step. The next? Mapping the firms—or whole industries—that rely on particular software so that the vulnerable businesses might be warned.

Fuenterand.org
Fecha de publicaciónjunio 22, 2021

BELT.ES no se hace responsable de las opiniones de los artículos reproducidos en nuestra Revista de Prensa, ni hace necesariamente suyas las opiniones y criterios expresados. La difusión de la información reproducida se realiza sin fines comerciales. 

Listado de Expertos

Recomendado

Profesión militar: Obediencia debida frente a la obligación de disentir

Con ocasión de la realización de estudios en el Instituto Universitario Gutiérrez Mellado tuve la ocasión de leer y analizar una serie de documentos de opinión que trataban en profundidad las diferentes facetas presentes en el campo de las relaciones cívico-militares; temas que , habitualmente, no han estado presentes en los diferentes cursos y actividades formativas en la enseñanza militar, ni, por supuesto, en la civil.

El amor de Macarena Olona por la Guardia Civil empieza por su pareja, un joven oficial condecorado

El padre de su hijo llegó a la Benemérita como militar de carrera y, los que le...

El paracaidista español que humilló a los «temibles» espías soviéticos

Joaquín Madolell, natural de Melilla y militar del Ejército del Aire, desarticuló la mayor red del espionaje...

Últimas noticias

Un español, exmilitar en Venezuela, regentaba el primer taller ilegal de armas 3D descubierto en España

Vecino de Santa Cruz de Teneife y obsesionado con las armas y los explosivos, regresó a Canarias...

La mascarilla perjudica las capacidades operativas y de combate de los militares

Un estudio del Ejército concluye que limita las habilidades cognitivas y motoras, perjudica el salto y el municionamiento y causa un peor...

GEORGE WASHINGTON Y ESPAÑA. EL LEGADO DEL EJÉRCITO ESPAÑOL EN LOS ESTADOS UNIDOS DE AMÉRICA

Era un frío y húmedo catorce de diciembre del año del Señor de mil setecientos noventa y nueve, las manecillas del reloj...

11-M: La venganza de Al Qaeda

Los principales terroristas del 11-M eran bien conocidos en las Fuerzas y Cuerpos de Seguridad del Estado, el Centro Nacional de Inteligencia...

Getting tangible about intangibles: The future of growth and productivity?

Investment in intangible assets that underpin the knowledge or learning economy, such as intellectual property (IP), research, technology and software, and human capital,...