QOTD on Outsourced IT Supply Chain

Our national reliance on IT hardware and software from various non-pedigreed sources is a foundation for major cybersecurity risks having national security implications. The incident reports cited in this article further highlight potential risks ranging from logic bombs and self-modifying code, deliberately hidden back-doors to potentially fatal equipment failure and even foreign espionage...
As NIST advises, organizations must add “defense-in-breadth” to their strategy mix. While Defense-in-depth focuses on the operations phase of the systems development lifecycle, defense-in-breadth covers the entire lifecycle.
Src: Trust but verify: Security risks abound in the IT supply chain | GCN.com
Thanks to the CyberWarfare Forum Initiative for bringing this article to my attention.

No comments: