In the past week, the NCCIC released two technical alerts (TA18-276A and TA18-276B) and Bloomberg published an article about cyber threats that had exploited vulnerabilities in supply chains. In the context of computer and Internet security, supply chain security refers to the challenge of validating that a given piece of electronics - and by extension the software that powers those computing parts - does not include any extraneous or fraudulent components beyond what was specified by the company that paid for the production of said item. Given how many entities are involved in supply chains and the vulnerabilities that can be introduced to them (sometimes in the novel ways like those described in the Bloomberg article), it’s not always obvious who should address the vulnerabilities. Cybersecurity expert Brian Krebs examines the many facets of this issue, which is quickly emerging as one of the most pressing of the present time. Krebs on Security.
H2Oex: In Person 1 day event/exercise. Thurs Dec 5th. Washington DC. Join us!