Supply Chain Security

We need to challenge the security and integrity of digital products and their supply chain

3 papers and 3 talks

Recent revelations brought the integrity of digital products (e.g., IOT, smart things, control systems) to the attention of the public, as it has been demonstrated that hardware and software components can be compromised and backdoored with or without the consent or knowledge of the supplier or vendor.

The security and integrity of the supply chain is a concern with the increasing dependence on third party components for critical functionality.

The digital society currently runs the risk of creating security problems through the premature use and, in some cases, uncontrolled procurement and distribution of digital products – security issues that will only become manifest in the long term and can then only be corrected at huge expense and effort.

The ability to perform effective software and hardware tests must be regarded as a core competency of the digital society. The digital society is called upon to address the issue of supply chain security and to create the appropriate conditions (resources, legal framework, training, etc.) to prevent known and avoidable errors.

Papers

• Paper - Bug Bounty Program of Last Resort »»
  This paper makes the case for a centralized Bug Bounty Program of Last Resort to cover critical open-source projects and smaller vendors, who cannot fund them.
  | Published: Feb 2021 | Available: Paper (en) »

• Paper - Cyber Resilience in the Electricity Ecosystem »»
  Effective and sustainable measures for protecting the electricity industry supply and value chains now go beyond securing individual products or systems, driving the need for an adaptation of roles and responsibilities, from procurement and design through to retirement.
  | Published: Nov 2020 | Available: Paper (en) »

• Paper - Analysis and measures to secure the digital supply chain »»
  This white paper describes the risks of the digital supply chain and identifies essential measures for the security of both routine and critical functions in industry, government, the police and the military.
  | Published: Sep 2019 | Available: Paper (en,de,fr) »

Talks

• Keynote - ISSS Berner Tagung “Sicherheitsaspekte bei IT-Beschafungen”
  Supply Chain Risks
  Bern, Dec 2019
  | Event: www.isss.ch ..
  | Slides: isss_bern_supply_chain_security_2019.pdf

• Talk - ISF Grey Chapter Meeting Zurich
  Supply Chain Security & Integrity
  Zurich, Sep 2015
  | Event: www.securityforum.org ..
  | Slides: isf_zurich_supply_chain_security_2015.pdf

• Talk - ISD Internet Security Days 2015
  Supply Chain Security & Integrity
  Brühl - Köln, Sep 2015
  | Event: www.eco.de ..