{"title":"Risks of unrecognized commonalities in information technology supply chains","authors":"C. Axelrod, Ph. D. Delta","doi":"10.1109/THS.2010.5654970","DOIUrl":null,"url":null,"abstract":"In this paper we examine the interdependencies and common points of failure (and attack) that plague commonly-used system and network hardware and software. The proposed approach requires not only generating inventories of acquiring organizations' equipment and software products, and clear and detailed descriptions of every link in the supply chain, but also the identification of common components and their sources. This information is required not only for manufacturer and OEM supply chains, but also for the services supply chains of maintenance and repair organizations. When such critical components and services have been identified, one must prioritize their importance and apply appropriate security and testing. Such an identification and tracking system is only as good as its ability to incorporate up-to-the-minute changes and additions. This requires extensive real-time reporting and information sharing. The author presents a general description of a proprietary tool that facilitates the collaboration needed for such an approach to be effective.","PeriodicalId":106557,"journal":{"name":"2010 IEEE International Conference on Technologies for Homeland Security (HST)","volume":"7 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2010-12-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2010 IEEE International Conference on Technologies for Homeland Security (HST)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/THS.2010.5654970","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 5
Abstract
In this paper we examine the interdependencies and common points of failure (and attack) that plague commonly-used system and network hardware and software. The proposed approach requires not only generating inventories of acquiring organizations' equipment and software products, and clear and detailed descriptions of every link in the supply chain, but also the identification of common components and their sources. This information is required not only for manufacturer and OEM supply chains, but also for the services supply chains of maintenance and repair organizations. When such critical components and services have been identified, one must prioritize their importance and apply appropriate security and testing. Such an identification and tracking system is only as good as its ability to incorporate up-to-the-minute changes and additions. This requires extensive real-time reporting and information sharing. The author presents a general description of a proprietary tool that facilitates the collaboration needed for such an approach to be effective.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
