From Nextgov.com: Latest cybersecurity threat lies in trusted software and hardware
An e-mail the Justice Department sent in July warning employees about thumb drives left in offices and pre-loaded with software that could steal information from a computer is the latest example of a new cybersecurity threat that involves seemingly innocuous hardware devices.
COMMENTS
- Unfortunately, the supply chain threat is continual. Every time software is updated ... every time a maintenance technician touches a device ... every time a software patch is loaded ... all present opportunities for supply chain interdiction by our adversaries. Verification on initial purchase or install is but the first step. The only solution to this challenge is strict configuration monitoring and control, and statistical sampling of hardware / software / firmware for "gold standard" comparison and verification that there's been no corruption. Sound expensive? It is. But it should at least be considered in every enterprise's risk management equation! R. Arnold Posted August 27, 2008 7:58 AM
RELATED STORIES
- Energy told to tighten cybersecurity policies 08/15/08
- Top IT cops say lack of authority, resources undermine security 08/11/08
- Technology chiefs poised to take a more strategic role 08/08/08
- Appropriator lists grants, cybersecurity among priorities 06/10/08
- DHS moves to ramp up cybersecurity in federal agencies 04/25/08
