Microsoft has teamed up with Intel and Goldman Sachs to push for hardware security improvements that could help to mitigate supply chain risks. Working under the auspices of the non-profit Trusted Computing Group (TCG), the companies have created a new Supply Chain Security workgroup that will aim to bring in experts from across the tech sphere.
The TCG argued that malicious and counterfeit hardware is particularly difficult to detect as most organizations don’t have the tools or in-house knowledge to do so.
With that in mind, the group will focus on two key areas:
- Provisioning to ensure devices can be trusted at every step of the supply chain.
- Helping companies to recover in the event of an attack.
This is TCG’s sweet spot as it has in the past been instrumental in developing global standards for a hardware-based root of trust. “For nearly 20 years, TCG has guided the industry in adopting technologies that enable secure computing, with specifications for IoT and embedded systems, PCs and servers, mobile, and storage,” argued Dennis Mattoon, co-chair of the workgroup and principal software development engineer at Microsoft. “The supply chain is the one thing that spans all of these verticals and experts from TCG workgroups are now coming together to create industry-wide guidance that seeks to make the supply chain more secure.”
A new report published by Acronis on 19 October 2021 claimed that 53% of global organizations have a false sense of security when it comes to supply chain attacks and trust manufacturers and software providers when they perhaps shouldn’t.
In a recent report from BlueVoyant claimed that 93% of global firms had suffered a supply chain-related breach over the past year. Furthermore, it said the average number of breaches increased 37% from 2020 to 2021. The number of respondents who admitted they have no way of knowing if an incident has occurred in their supply chain rose from 31% to 38% over the period.
In lieu of forming a task force to study a problem, Red Sky Alliance has developed and is currently offering a service named RedXray that can monitor your supply chain today. For more information and to order the RedXray, please visit https://www.wapacklabs.com/redxray .
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@wapacklabs.com
Weekly Cyber Intelligence Briefings:
- Reporting: https://www.redskyalliance.org/
- Website: https://www.wapacklabs.com/
- LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://attendee.gotowebinar.com/register/3702558539639477516
Comments