Supply chain security must include cyber resilience

Supply chain security is going digital, according to Tom Garrison, Vice President and General Manager for Client Security Strategy and Initiatives at Intel. In his Leadership Keynote address at the Securing New Ground conference from the Security Industry Association (SIA), Garrison noted that as devices involved in supply chains improve, attackers targeting supply chains evolve new attack methods.

The supply chain has become the new frontline for cyberattacks. "One of the challenges we have is the nature of supply chains," said Garrison. Perceptions of supply chains have traditionally revolved around physical security, but that is no longer the case. Security professionals need to incorporate cybersecurity into their supply chain security strategies in order to be truly comprehensive.

The digital supply chain

Supply chain security needs to expand beyond just the physical security of the device, according to Garrison. He introduced the term "digital supply chain security," referring to the security on the platform level of devices involved in the supply chain. Increasing trust, traceability and resiliency are top priorities for cybersecurity professionals.

Considering the manufacturing and logistics element of a device is important, but it is not a complete solution. Focusing on compute lifecycle assurance can solve this issue: securing devices through all stages of the lifecycle — the build, transfer, operate and retirement phases — is paramount to preventing cyber issues and resolving them when they do arise.

Supply chain cybersecurity strategies

Garrison detailed strategies used at Intel in order to secure their products. Investing internally in testing, validation and research can solve cyber problems before devices are in the hands of users. Conducting internal offensive research like pentesting improves product and supply chain resiliency. Alongside internal investing, companies can invest in external talent to discover issues in their products.

Garrison noted that tracking the "digital DNA of a device" can improve supply chain security by determining whether devices are in a trusted state or not. Included in the digital DNA makeup of a device are country of origin, integration history, device health, OEM authenticity, asset tracking and more. Cybersecurity professionals who can ascertain all of this information are better prepared to identify potential vulnerabilities in their supply chain.

Madeline Lauver is a former Editor in Chief at Security magazine. Within her role at Security, Lauver focused on news articles, web exclusives, features and several departments for Security’s monthly digital edition, as well as managing social media and multimedia content.

ON DEMAND: In this webinar, Regina Lester, Vice President of Security & Safety Operations at Toledo Zoo, will share her insights on implementing security technologies in the entertainment sector and the challenges all organizations face — large and small — when it comes to balancing budget and security.

Supply chain security must include cyber resilience

The digital supply chain

Supply chain cybersecurity strategies

Get our new eMagazine delivered to your inbox every month.

Stay in the know on the latest enterprise risk and security industry trends.

Supply chain security must include cyber resilience

The digital supply chain

Supply chain cybersecurity strategies

Share This Story

Related Articles

Get our new eMagazine delivered to your inbox every month.

Stay in the know on the latest enterprise risk and security industry trends.