[ISN] Supply Chain Uncertainties Make Security Difficult

http://www.darkreading.com/advanced-threats/167901091/security/security-management/240146871/supply-chain-uncertainties-make-security-difficult.html.html By Robert Lemos Contributing Writer Dark Reading Jan 23, 2013 Supply-chain security has become a growing concern for national governments and large enterprises, but the degree to which compromised technology is a threat remains uncertain, especially since backdoors are hard to detect and, once found, deniable. In November, the acting chief information officer of Los Alamos National Laboratory reported in a letter to the National Nuclear Security Administration that the lab’s technicians had removed two network switches made by a subsidiary of network giant Huawei Technologies based in Hangzhou, China, according to a Reuters report published earlier this month. The letter came after the House Armed Service Committee requested information on supply-chain risks from the Department of Energy. In ditching the Chinese hardware, LANL took a standard strategy to attempt to add greater security to the supply chain: Use only trusted suppliers. But the strategy does not guarantee that a compromised product will not make it into an organization’s infrastructure. “If you pull a router off the shelf and you look at all the manufacturers involved in the creation of that product–it’s like buying a computer that is totally from the U.S.–it’s hard to do that,” says Andrew Howard, a research scientist at the Georgia Tech Research Institute’s cybertechnology lab. […] ______________________________________________ Visit the InfoSec News Security Bookstore Best Selling Security Books and More! http://www.shopinfosecnews.org