How do you know that the critical parts inside your servers and devices are not poor quality, ready to fail at a crucial moment? Or, worse, hide malware with nefarious intentions like key-stroke logging, data theft, or sabotage?
Outside of leading-edge advances like Intel® Transparent Supply Chain protecting globally linked sellers, buyers, and partners from these kind of threats is difficult. Leaders like GE are embracing new risk management approaches that provide component level traceability and authentication.
Yet many enterprises and vendors remain poorly prepared to prevent or detect growing supply chain cyber-risks. They cannot easily spot compromised parts or breaches that expose their organizations and partners to data loss and widespread disruption.
From not good to worse
Two years ago, Steve Durbin, Managing Director of the Information Security Forum (ISF), warned: “When I look for key areas where information security may be lacking, one place I always come back to is the supply chain.” A widely cited study found 16% of companies purchased counterfeit IT equipment.
Since then, things have gotten worse. A recent global survey of 1,300 companies found 90% were “unprepared” for supply chain cyber-attacks
False alarm or wake-up call?
So it’s no surprise that widespread anxiety followed a sensational report in late 2018 claiming China had hidden tiny spy chips on servers shipped to major companies.
The allegations were quickly denied and eventually debunked. But the incident raised troubling questions: “A lot of people asked: ‘What if that could happen?’” says Charlie Stark, an Intel Supply Chain specialist and engineer.
It’s a critical concern, and not just for industry manufacturers and procurement pros. Supply chains are lifelines for tech sellers and buyers alike. Over the last few years, they’ve increasingly become a battlefield, under incessant attack by nations and criminals. A small but tellingly grim sign of popularity: Presentations on hacking supply chains at Black Hat and Defcon.
Whether you are a technology buyer, seller, manufacturer, investor, or security professional, here are five reasons why supply chain cybersecurity belongs on your radar and action list.