EXECUTIVE SUMMARY:

Can we ensure the integrity of our cyber architecture if the components and final product are assembled overseas? Think nation-state tampering, or cyber surveillance.

“An increasing number of actors are seeking the capability to target…supply chains and other components of the US information infrastructure,” stated a declassified intelligence report.

With computer servers, for example, piecing together the final product can require as many as 4,000 unique components. Bad actors can insert malicious microcodes within platforms to create backdoors, they can insert motherboard implants, or they can build in vulnerabilities; a situation that has already occurred. There are so many places along the supply chain where things can go askew.

Dependence on foreign factories and suppliers could compromise infrastructure, despite manufacturers’ best efforts to ensure the quality and integrity of components. These days, manufacturers are building cyber security into supplier SLAs, and regularly auditing service providers. Post-production, pre-sales testing also goes a long way in ensuring the security of cyber infrastructure.

In regards to manufactured goods, “We worry about manipulation, we worry about espionage, both nation-state and industrial level, and we worry about disruption,” says one Chief Security Officer.

As the popular adage goes, ‘your security is only as good as your weakest link’. Is your organization heavily reliant on foreign IT suppliers? To mitigate your supply chain risk, follow these best practices issued by the US National Institute of Standards and Technology.