A lot of business and IT executives this week are spending a lot more time thinking about just how vulnerable their supply chains are in the wake of a report that alleges widely used servers have been compromised by a microchip surreptitiously implanted by on motherboards. The veracity of the report is highly disputed. But given the financial impact the report has had on the stock prices of organizations such as Super Micro named in the report, more than a few business leaders are wondering to what degree the systems they rely on are compromised.'Cybersecurity professionals are wondering how much sensitive IP may have been lost if their extended supply chains have been compromised.' ~@MVizardClick To Tweet
Cybersecurity professionals, meanwhile, are wondering just how much sensitive intellectual property may have been lost if it turns out that servers employed by Amazon and others that are part of their organization’s extended supply chains have been compromised.
Supply chain security has always been a concern. But as organizations move to digitize their supply chains the potential for security breaches starts to exponentially increase. Each supply chain is only as going to be as secure as its weakest cybersecurity link. A server compromised halfway around the world that is being employed by a critical supplier could theoretically become a vector through which some of the organizations most critical secrets are being revealed. It’s not hard to extrapolate what the implications are surrounding an order for a large quantity of parts required to make a specific finished product.
'Chances are good that cybersecurity supply chain reviews are about to become a lot more stringent with both larger companies and midmarket enterprises.' ~@mvizardClick To Tweet
Most large companies require cybersecurity reviews of their partners' processes. But those reviews don’t always extend out to their supply chain partner’s partner. Following this week’s reports chances are good those cybersecurity supply chain reviews are about to become a lot more stringent not just within larger companies, but midmarket enterprises as well.
Of course, if it does turn out there are widespread backdoors embedded in motherboards, many of the supply chains being relied on will soon be altered. That may wind up increasing the cost of a finished good, but the alternative is going to unpalatable for many companies that have built a business around core intellectual property. It’s also probable many of those companies will begin to invest more in building blockchain networks through which they can track the chain of custody for parts and equipment using an immutable ledger. That may not stop someone from soldering a microchip on a motherboard. But it would make it a lot easier to find those motherboards should such an incident be discovered.
Cyberespionage is clearly bad for business. Not only does it sow the seeds of distrust in a global economy, but reductions in trade that might stem from cybersecurity concerns could also spark an economic recession.
Hopefully, cooler heads will prevail. But in the meantime, cybersecurity professionals should expect to soon be gearing up for supply chain audits that in many cases are long overdue. Business executives may be disturbed by what those reviews turn up. But then again, an increased awareness of potential threats to supply chain among business executives is not necessarily a bad thing. In fact, many of them might now assume the supply chain is compromised and act accordingly. In the meantime, the only thing scarier than discovering the supply chain is compromised is arguably not knowing.
Barracuda offers security, access, and reliability for cloud-connected networks and applications.
Mike Vizard est un spécialise de l'informatique depuis plus de 25 ans et à ce titre, a publié et contribué à de nombreuses publications techniques, dont InfoWorld, eWeek, CRN, Baseline, ComputerWorld, TMCNet et Digital Review. Il rédige actuellement des articles de blog pour IT Business Edge, et contribue à la rédaction d'articles pour CIOinsight, The Channel Insider, Programmableweb et Slashdot. Mike Vizard rédige aussi des articles traitant des nouvelles technologies Cloud pour SmarterMSP.