Working to Secure the Technology Supply Chain – Nextgov

Application-based attacks like the Colonial Pipeline ransomware hack capture headlines but security pros know that cyber criminals are not stopping with application-based attacks and will continue to aim deeper into the heart of computing by targeting operating systems, firmware and hardware.

This inevitable trend has created a need for security solutions that not only focus below the OS in areas like firmware and software, but also that reach deep into the technology supply chain. Attacks early in the chain can have a profound impact on technology consumers, including government organizations that rely on technology to carry out their missions and store and transmit sensitive data.

This trend is one reason the National Institute for Standards and Technology is updating its guidance on developing cyber resilient systems. It is also a bit part of why the Biden administration emphasized cyber resilience in its recent review of supply chain issues.

The escalating nature of cybercrime is also why Intel and other industry leaders are investing in the Compute Lifecycle Assurance, or CLA, initiative. The goal is to develop and implement industry leading supply chain security solutions and to work with industry partners to implement a framework for building security into every stage of a device’s existence, from design to manufacture, from deployment to retirement.

For government organizations, CLA means the technologies they rely on should become increasingly cyber resilient. Agencies are well-advised to keep themselves informed of the advancements in supply chain transparency and traceability, and the continual protections CLA will generate to address vulnerabilities as they emerge.

Security at Every Stage

The shift in focus of cyber crime has highlighted the importance of advanced security operations, investments, training and solutions that span across every stage of the device lifecycle. Industry leaders in security have long invested, implemented and led the industry in these holistic supply chain and product lifecycle assurance investments.  CLA extends that security-first mindset throughout the technology lifecycle, including:

Build: Starting at the design stage then deep integration with sourcing and manufacturing, how do you confirm the integrity of a platform and its component devices? Is it designed and built in a trusted manner? Is the platform assembled in a trusted facility, with proper controls in place to not only establish the time of manufacture, but also to ensure the necessary levels of traceability?

There’s always risk during manufacture that a vulnerability could be inadvertently built into a product. This could occur, for example, through firmware with embedded malicious code or counterfeit components that are intentionally malicious or not designed securely.

CLA provides guidelines for mitigating this risk. One approach is to implement security solutions to gather, cryptographically seal, and securely store metadata from devices as they are manufactured. 

Transfer: Does the system arrive as ordered? Are there processes, controls, and technologies in place to detect tampering, modification or changes within the hardware, firmware and software? Are there mechanisms in place to establish who should, or should not have rights to modify the platform throughout distribution?

Risk can also be …….


Leave a Reply

Your email address will not be published. Required fields are marked *



U.S. Courts India as Technology Partner to Counter China – The New York Times

Officials from the United States and India agreed on Tuesday to expand cooperation on advanced weaponry, supercomputing, semiconductors and other high-tech fields, as the Biden administration looks to strengthen its connections with Asian allies and offset China’s dominance of cutting-edge technologies.

The agreements followed two days of high-level meetings in Washington between government officials and executives from dozens of companies, the first under a new dialogue about critical and emerging technologies that President Biden and India’s prime minister, Narendra Modi, announced in Tokyo in May.

<p class="css-at9mc1…….


US blocks export license renewals for China’s Huawei – The Associated Press – en Español

BEIJING (AP) — China’s government accused Washington on Tuesday of pursuing “technology hegemony,” as the United States has begun stepping up pressure on tech giant Huawei by blocking access to American suppliers.

The Biden administration has stopped approving renewal of licenses to some U.S. companies that have been selling essential components to the Chinese company, according to two people familiar with the matter. Neither was authorized to comment publicly on the sensitive matter and they spoke on the condition of anonymity.

<p class="Component-root-0-2-51 p Component…….