A few months ago, the CyberBrief reported on an early 2018 incident where a Chinese hacker managed to get his (or her, or their) way into the servers of a contractor working for the U.S. Naval Undersea Warfare Center and steal nearly a terabyte of data. Yeah, that was a bad day. This, among other more recent incidents, has the government concerned that the cybersecurity industry hasn’t done enough to protect the vulnerable U.S. supply chain. And it’s probably true. According to a recent DoD report, while most cyber research is pretty heavy on things like cloud, data management and other IT services, the supply chain is often overlooked. But, considering the “infinite number of touch points” on a supply chain that can be exploited or corrupted, the time to secure our supply chains is now.
On Oct 4, Bloomberg reported that China had infected multiple U.S. bound products, including some sold by juggernauts like Amazon and Apple. This allegation has been vigorously denied by all the named companies, including the US Government but nonetheless, the article highlights very clearly how a supply chain attack like this could occur. Jennifer Bisceglie, head of Interos Solutions, asserts that “the average consumer does not really understand that technologies may be sharing information to Russia, China or North Korea.” And that’s a big deal considering that nearly 51 percent of all shipments to the top seven IT suppliers originate in China. So, what can we do about it? Well for starters, we all need to know where our important components are coming from. “Once a business understands who and where they are sourcing from, they might change who they partner with,” added Bisceglie.
Ignorance is bliss. But that bliss could cost us everything.
P.S. – We think Jennifer Bisceglie is pretty cool. In case you missed it, she was a featured speaker at the 2018 NCC Cyber Symposium. Fist bump to Jennifer…