Supply chain security is going digital, according to Tom Garrison, Vice President and General Manager for Client Security Strategy and Initiatives at Intel. In his Leadership Keynote address at the Securing New Ground conference from the Security Industry Association (SIA), Garrison noted that as devices involved in supply chains improve, attackers targeting supply chains evolve new attack methods.
The supply chain has become the new frontline for cyberattacks. "One of the challenges we have is the nature of supply chains," said Garrison. Perceptions of supply chains have traditionally revolved around physical security, but that is no longer the case. Security professionals need to incorporate cybersecurity into their supply chain security strategies in order to be truly comprehensive.
The digital supply chain
Supply chain security needs to expand beyond just the physical security of the device, according to Garrison. He introduced the term "digital supply chain security," referring to the security on the platform level of devices involved in the supply chain. Increasing trust, traceability and resiliency are top priorities for cybersecurity professionals.
Considering the manufacturing and logistics element of a device is important, but it is not a complete solution. Focusing on compute lifecycle assurance can solve this issue: securing devices through all stages of the lifecycle — the build, transfer, operate and retirement phases — is paramount to preventing cyber issues and resolving them when they do arise.
Supply chain cybersecurity strategies
Garrison detailed strategies used at Intel in order to secure their products. Investing internally in testing, validation and research can solve cyber problems before devices are in the hands of users. Conducting internal offensive research like pentesting improves product and supply chain resiliency. Alongside internal investing, companies can invest in external talent to discover issues in their products.
Garrison noted that tracking the "digital DNA of a device" can improve supply chain security by determining whether devices are in a trusted state or not. Included in the digital DNA makeup of a device are country of origin, integration history, device health, OEM authenticity, asset tracking and more. Cybersecurity professionals who can ascertain all of this information are better prepared to identify potential vulnerabilities in their supply chain.