- Page 1
- Page 2
- Page 3
- Page 4
- Page 5
- Page 6
- Page 7
- Page 8
- Page 9
- Page 10
- Page 11
- Page 12
- Page 13
- Page 14
- Page 15
- Page 16
- Page 17
- Page 18
- Page 19
- Page 20
- Page 21
- Page 22
- Page 23
- Page 24
- Page 25
- Page 26
- Page 27
- Page 28
- Page 29
- Page 30
- Page 31
- Page 32
- Page 33
- Page 34
- Page 35
- Page 36
- Page 37
- Page 38
- Page 39
- Page 40
- Page 41
- Page 42
- Page 43
- Page 44
- Page 45
- Page 46
- Page 47
- Page 48
- Page 49
- Page 50
- Page 51
- Page 52

- Flash version

© UniFlip.com
background image
· 35 ·
Dependent upon who you are and/or what you do, encouragement through
policy and potentially mandate could direct departments to only accredited
service options, where for example, the data transfer and hosting remains
within a trusted UK domain.
Therefore is the threat of data theft through unauthorised access via a
compromised data centre greater than the threat of data loss/leakage
through an exfiltration hack initiated through intentional corruption built
into the software or hardware? We certainly worry about the former
sufficiently to act upon it (e.g. G-Cloud ­ UK Safe Harbour), so why not
the latter? Is it just too hard, expensive, or overwhelming to begin to think
about? Or do we simply worry less?
Maybe we should worry less. After all, infiltrating a highly mechanised and
automated factory production process would contaminate a huge quantity
of devices shipped to many separate locations all over the world. This type
of attack would surely be out of reach of the criminal fraternity, whereby
their intent and subsequent targets would be far too defined and specific
to attack effectively in this way. Threats of these attacks would therefore
be restricted to state sponsored objectives, and can then be, to an extent,
predicted by current global and political intelligence.
Even with state sponsored attacks, infiltrating an outsourced design process
or a semi-conductor foundry for example, would be very difficult and
expensive. Plus, the further upstream in the supply chain you infiltrate, the
more difficult it would become to home in on any specific targets.
Nevertheless if we conclude the threat to be real, could we create a similar
set of circumstances for the analogue and corporeal supply chain as we do
that of the digital in respect to the G-Cloud model? I acknowledge this
would be extremely difficult and the costs would be eye-watering, but if
we really worry about the threats of adopting a global supply chain (after
all, over 50% of chip production revenue originates in China), then is this
worth considering? At the very least, is this worth considering for specific
acquisitions made by our High Threat Club for instance?
It has already been done to an extent in the US. The NSA has initiated the
Trusted Foundry Programme, creating an assured supply chain including 50
accredited suppliers for DOD or DOD-sponsored critical requirements.
This addresses some of the issues, at least with production vulnerabilities
(though not chip design vulnerabilities) but it is expensive and restricted to
only the most critical defence requirements. The vast majority of Federal
and Infrastructure capability remains at the mercy of the global supply chain,
and for economic reasons alone, will no doubt continue to be so for the
foreseeable future.
Could it be feasible to create a quarantine process that specific high threat
customers could use? This would be a cyber-equivalent of how we treat the
movement of animals across continents. These quarantine areas could use
technology currently available, or develop new capabilities that conduct deep
inspection activities testing for intentional hardware and software corruption,
or use techniques to prematurely trigger payloads that contaminated
products may host. This would clearly delay shipments, however if we
believe the threat to be real then is it worth investing in this type of
quarantine system or clearing house for IT imports?
In summary we need to ask ourselves, and at least attempt to answer a
series of questions, notably:
· Do we believe that state sponsored threats of this nature actually exist
within the supply chain?
· Do we have any evidence that they do?
· If not, what are we doing to the gather that evidence?
· What can we actually do to mitigate any risks based upon any evidence
we collect?
· How does each layer of our public and private sector markets evaluate
these threats as risks (assuming that through the collection of evidence
we have determined that they do exist)?
· How then, do these risk weightings translate to economically sensitive
buying decisions?
· Based upon this economic translation, what realistic options remain open
to us? i.e. what should we be doing to mitigate and reduce the risks of
supply chain contamination?
a global supply chain is
extremely
complex,
and the context in
which it is perceived
changes
dependent upon your own
location and associated
risk factors.
Using a process of trigonometry the answers to these questions could for
instance, equate to:
·
Exercise a programme of activity to diplomatically engage potentially
antagonistic nations on these subjects, whilst attempting to gather
evidence that supply chain threats exist.
·
Invest in / subsidise the creation of an assured supply chain. This could
also constitute an emergency supply chain for our critical functions.
This would in turn mitigate threats to availability, e.g. in the wake of
major natural disasters like the recent floods in Thailand.
·
Develop quarantine areas. Technological challenges will have to be
overcome; however this activity could for instance be outsourced to
trusted, specialist, and local SME's who could usefully take up some of
the burden.
·
Based upon lack of evidence or confidence in state sponsored intent,
accept and acknowledge a residual risk of supply chain contamination,
and move onto to the next problem.
Any and all of these options are difficult, complex, political, dynamic, and
localised all at the same time, and it's certainly not an exhaustive list but we
do need to do something other than continuing to proffer doom. We need
to break the inertia that this attitude has developed. There is just no value
or utility in rehearsing the problem space, and continuing to perpetuate fear,
uncertainly and doubt.
Despite depositing this notion of paranoia I acknowledge that a threat must
exist, but what is the actual risk? And whilst I can agree that the problems
will persist, and in many respects we face insurmountable challenges in
regard to the complete safety of a global supply chain, there must be
immediate opportunities to improve the situation and at least mitigate and
reduce the risks of supply chain contamination as things now stand.
But what is the level of motivation? What will move us beyond talk and
into action? Are we waiting for a compelling event? Or are we prepared to
implement some mitigation strategies now?
To conclude, I would be extremely interested in your feedback on these
issues. In particular, do you think the "Supply chain safety label" idea
described earlier actually has value? Your voice literally determines the
action that we take in respect to developing this system, as in the spirit of
this article we will endeavour to play a positive role in moving the debate
forward if this idea is deemed to have genuine utility.
P.S. In researching the concept of paranoia for this article I called the National
Paranoia Society. The person who answered wondered how I got his
number.....(sorry).
· 34 ·