• Advertise
  • Contact Us
  • About Us
  • Supplier Directory
  • SCB YouTube
  • Login
  • Subscribe
  • Logout
  • My Profile
  • LOGISTICS
    • Air Cargo
    • All Logistics
    • Express/Small Shipments
    • Facility Location Planning
    • Freight Forwarding/Customs Brokerage
    • Global Gateways
    • Global Logistics
    • Last Mile Delivery
    • Logistics Outsourcing
    • LTL/Truckload Services
    • Ocean Transportation
    • Rail & Intermodal
    • Reverse Logistics
    • Service Parts Management
    • Transportation & Distribution
  • TECHNOLOGY
    • All Technology
    • Artificial Intelligence
    • Cloud & On-Demand Systems
    • Data Management (Big Data/IoT/Blockchain)
    • ERP & Enterprise Systems
    • Forecasting & Demand Planning
    • Global Trade Management
    • Inventory Planning/ Optimization
    • Product Lifecycle Management
    • Sales & Operations Planning
    • SC Finance & Revenue Management
    • SC Planning & Optimization
    • Sourcing/Procurement/SRM
    • Supply Chain Visibility
    • Transportation Management
  • GENERAL SCM
    • Business Strategy Alignment
    • Education & Professional Development
    • Global Supply Chain Management
    • Global Trade & Economics
    • HR & Labor Management
    • Quality & Metrics
    • Regulation & Compliance
    • SC Security & Risk Mgmt
    • Supply Chains in Crisis
    • Sustainability & Corporate Social Responsibility
  • WAREHOUSING
    • All Warehouse Services
    • Conveyors & Sortation
    • Lift Trucks & AGVs
    • Order Fulfillment
    • Packaging
    • RFID, Barcode, Mobility & Voice
    • Robotics
    • Warehouse Management Systems
  • INDUSTRIES
    • Aerospace & Defense
    • Apparel
    • Automotive
    • Chemicals & Energy
    • Consumer Packaged Goods
    • E-Commerce/Omni-Channel
    • Food & Beverage
    • Healthcare
    • High-Tech/Electronics
    • Industrial Manufacturing
    • Pharmaceutical/Biotech
    • Retail
  • THINK TANK
  • WEBINARS
    • On-Demand Webinars
    • Upcoming Webinars
    • Webinar Library
  • PODCASTS
  • VIDEOS
  • WHITEPAPERS
Home » Exposing the Weakest Security Link - Your Supply Chain

Exposing the Weakest Security Link - Your Supply Chain

April 21, 2014
Sally Long, Director of The Open Group Trusted Technology Forum

Identifying the risks

To survive against malicious attacks, organizations must guarantee and trust every link in their technology supply chain. But as systems become more interoperable, more of the supply chain is becoming exposed. International connectivity created massive benefits to large Commercial Off-the-Shelf (COTS) Information and Communication Technology (ICT) producers and consumers, but with those advancements come a higher level of risk.

The introduction of maliciously tainted and counterfeit components can occur at various stages of the supply chain life cycle. From design, sourcing, build, fulfillment, distribution, sustainment and disposal stages, the supply chain is wide open for an unfriendly “passenger” to take a ride straight into an organization’s computer systems and access intellectual property. This has led to many organizations facing the unknown when purchasing hardware or software for mission-critical systems. There is a huge possibility now that products are filtering to them without any guarantee that suppliers have used secure engineering practices and supply chain management practices.

Today’s technology supply chain is complex, with component suppliers located across the globe. To ensure its supply chain is secure, organizations need to guarantee that they are purchasing items from trusted technology providers who follow universally accepted best practices. This not only includes standardizing secure development and engineering practices in-house when creating software and hardware pieces, but also that best practices are being followed at every step of the supply chain. In today’s global economy, the best way to anticipate the massive threat of cyber criminals and counterfeit products is to identify trusted component suppliers, trusted providers and trusted integrators. With a trusted network, organizations can know who in the supply chain is following best practices, and be sure they are aligned with the best partners.

The Trojan horse

Let’s take a closer look at the gateways that are exposing the supply chain, starting with the “Trojan horse” techniques. Tainted products introduced within the supply chain increases the possibility of untracked, malicious behavior, as evident when Target’s credentials were stolen via a heating and refrigerator contractor. This is known fondly by hackers as the “Trojan Horse”, and may be hiding within your company right now.

Customers and governments are moving away from creating personal high assurance and customized systems to secure against these threats. Instead, they are adopting the use of COTS because they are cheaper and more reliable. But a maliciously tainted COTS product, once connected or incorporated, can pose a substantial security once it is operating at a customer site. Unfortunately for organizations like Target, it can allow hackers to take control of the organization’s network or gain access to sensitive intellectual property.

Counterfeit components

In addition to the maliciously tainted “Trojan horse” scenario, counterfeit products within the supply chain are another major threat to customers and suppliers. Manufacturers and suppliers have been plagued by counterfeit products for years due to the growth in outsourcing and expanded global supply chains. These counterfeit products can result in faulty or sub-par products, revenue and brand equity loss and even expose sensitive intellectual property. With these mounting risks to the supply chain, how can vendors, corporations and suppliers increase the integrity of technology products and help protect the supply chain from the threat of attacks?

Creating unity and securing the supply chain

Virtually nothing is made from one source anymore, making it difficult to build security into supply chains. The global and speedy manner in which technologies are invented, produced and sold require agile business processes to achieve routine and scalable results. Combining an international focus and the public-private partnership is a big issue for all parties impacted by supply chain security issues. Security value is now broadening its reach from the end point perspective and looking end to end at the product lifecycle of the global supply chain.

The increased sophistication of cyber-attacks has made it necessary for technology suppliers and governments to take a more comprehensive approach to assuring product integrity and supply chain security. Customers and governments are now beginning to seek universal guarantees that their providers are following best practices to mitigate the risk of tainted or counterfeit components before they make their way into mission-critical infrastructure. Aligning this with a codified approach that is universally formulated with transparent standards, which are recognized by multiple industries and regions, will increase the integrity of the supply chain and help protect against cybersecurity attacks.

Creating global unity across industries and establishing open conversations is key to progressing supply chain security. With an open path to share best practices on how to assure product integrity and secure supply chains, organizations can be in sync with all parts of their supply chain. This is crucial when developing a framework of best practices as an open standard, which can then be utilized to assess and guarantee providers are conforming to the standard.

Universal standard and accreditation of conformance

Creating a global common standard of best practices for securing supply chains is necessary to comprehensively tackle the vulnerabilities inherent in global supply chains. A standard that is freely available, and open to be adopted by all component suppliers, technology providers, and integrators can help ensure that products are built with integrity so customers can buy with confidence.

With a universal understanding of the issues, implementation of a universal standard and a formal accreditation program to verify conformance, all parties involved in the supply chain can have assurance that they are working with trusted technology providers. Thus making every enterprise environment that partners with trusted technology providers safer and more secure.

The security bar must be raised across the full spectrum of the supply chain, from small component suppliers to the providers who include those components in their products, to the integrators who incorporate those providers’ products into customers’ systems. By accepting the realities of the threat landscape and taking appropriate measures, like working only with trusted technology providers who conform to a universal standard for mitigating those threats, organizations can be sure that they will improve the integrity of their products and the security of their supply chains.

The Open Group Trusted Technology Forum (OTTF) is an international forum of industry providers, third-party labs and governments developing standards and conformance programs to increase security in global technology supply chains. OTTF has published the Open Trusted Technology Provider Standard (O-TTPS), which benefits global providers and acquirers of commercial off-the-shelf (COTS) information and communication technology products. This open standard and the O-TTPS accreditation program are the first of their kind to help organizations, component suppliers, technology providers, and integrators to demonstrate conformance to the standard and achieve Open Trusted Technology Provider status, helping assure the integrity of COTS ICT products worldwide and safeguarding global supply chains against the increased sophistication of cybersecurity attacks.

Source: The Open Group Trusted Technology Forum

    RELATED CONTENT

    RELATED VIDEOS

    Technology Business Strategy Alignment Global Supply Chain Management Quality & Metrics Supply Chain Security & Risk Mgmt Pharmaceutical/Biotech
    KEYWORDS Business Strategy Alignment cyber security Director of The Open Group Trusted Technology Forum Global Supply Chain Management malware Pharmaceutical/Biotech Quality & Metrics Sally Long SC Security & Risk Mgmt Supply Chain Analysis & Consulting supply chain management IT Supply Chain Management: Supply Chain security and Risk Management Supply Chain Risk Management supply chain solutions Technology
    Sally Long, Director of The Open Group Trusted Technology Forum

    More from this author

    Subscribe to our Daily Newsletter!

    Timely, incisive articles delivered directly to your inbox.

    Popular Stories

    • AN ARRAY OF MEDICAL DEVICES LAID OUT ON A GREEN BACKGROUND

      Why the Medical-Device Industry Is Embracing Contract Manufacturing

      Sourcing/Procurement/SRM
    • A MANUFACTURING PLANT AT DUSK OR DAWN REFLECTED IN WATER

      Uncertainty is the New Normal

      Data Management (Big Data/IoT/Blockchain)
    • EXTERIOR OF A BROWN PATAGONIA STORE WITH A BLACK OVERHANG.

      Podcast | Patagonia’s 50-Year Journey as a ‘Responsible’ Company

      Regulation & Compliance
    • SEVERAL PLOTS OF VEGETABLES SIT UNDERNEATH GLASS PANELS OF A GREENHOUSE.

      The Food Supply Chain at Risk: How Can We Secure it?

      Business Strategy Alignment
    • A GIANT CONTAINER VESSEL SPORTING THE LETTERING OF YANG MING PLIES THE SEAS

      Yang Ming Accused of Profiteering During Pandemic by Bed Bath & Beyond

      Ocean Transportation

    Digital Edition

    Scb august 2023 lg

    2023 100 Great Supply Chain Partners

    VIEW THE LATEST ISSUE

    Case Studies

    • JLL Finds Perfect Warehouse Location, Leading to $15M Grant for Startup

    • Robots Speed Fulfillment to Help Apparel Company Scale for Growth

    • New Revenue for Cloud-Based TMS that Embeds Orderful’s Modern EDI Platform

    • Convenience Store Client Maximizes Profit and Improves Customer Service

    • A Digitally Native Footwear Brand Finds Rapid Fulfillment

    Visit Our Sponsors

    Antuit Zebra Anvyl AutoStore
    BEUMER Group Blue Ridge Global Brother
    CHEP Cleo Coenterprise
    Data Capture E2open Enveyo
    Eva Air ForwardX Robotics Frayt
    GAINSystems Generix Geodis
    GEP Global Supply Chain Marketing Summit GreyOrange
    Here Holman Logistics Infor
    Inmar Kinaxis Lexis Nexis
    Locus Robotics Logility LogistiVIEW
    Lucas Systems MCA Connect MPO
    Old Dominion OneRail Overhaul
    PartnerLinQ (Visionet) Port of Virginia Ryder E-commerce by Whiplash
    Saddle Creek Logistics SAP Shyft
    Sourcemap SPS Commerce Tecsys
    TGW Systems Thomson Reuters Veho
    Verusen Walmart Workshop
    • More From SCB
      • Featured Content
      • Video Library
      • Think Tank Blog
      • SupplyChainBrain Podcast
      • Whitepapers
      • On-Demand Webinars
      • Upcoming Webinars
    • Digital Offerings
      • Digital Issue
      • Subscribe
      • Manage Your Subscription
      • Newsletters
    • Resources
      • Events Calendar
      • SCB's Great Supply Chain Partners
      • Supplier Directory
      • Case Study Showcase
      • Supply Chain Innovation Awards
      • 100 Great Partners Form
    • SCB Corporate
      • Advertise on SCB.COM
      • About Us
      • Privacy Policy
      • Contact Us
      • Data Sharing Opt-Out

    All content copyright ©2023 Keller International Publishing Corp All rights reserved. No reproduction, transmission or display is permitted without the written permissions of Keller International Publishing Corp

    Design, CMS, Hosting & Web Development :: ePublishing