Swiss Cyber Think Tank | Cyber Risk & Insurability at Roche Diagnostics, Rotkeruz, Feb, 2019
Cyber risks are abstract, have developed slowly and, consequently, were ignored for a long time. Digital products increasingly pervade every area of life, and it is difficult to allocate resources to protect against abstract risks. These are often recognized only once a major event has occurred. This presentation is about the important but largely overlooked fact that we must assume that critical components of our infrastructure are already compromised, from applications and operating systems down the everyday devices, their firmware, hardware and individual chips. We have come to rely on a complex chain of suppliers for hardware and software, a supply chain which can no longer be fully controlled.
On top, the revelations by Snowden have demonstrated that hardware and software can be compromised and backdoored with or without the consent or knowledge of the supplier. This presentation examines the supply chain risks and remediating measures from the attackers, defenders, technology, and economic perspective. This latest disruptive innovation is not the first to prompt critical questions regarding security and safety, there are effective lessons from history to inform us for the future.
As a society and industry, we are obligated to prevent known and avoidable mistakes.