ICT Supply-Chain Security

The Carnegie Endowment for Peace published a comprehensive report on ICT (information and communication technologies) supply-chain security and integrity. It's a good read, but nothing that those who are following this issue don't already know.

Posted on October 29, 2019 at 6:09 AM • 9 Comments

Comments

ChrisOctober 29, 2019 2:17 PM

@tds, agreed. Those nations which at one time supported fundamental liberties and personal privacy are leaning towards revoking those rights in order to address concerns of criminal behavior, yet in doing so are giving in to terrorists. Leaders are responding in fear, rather than reaffirm and uphold those freedoms which the terrorists seek to eliminate. If it is rooted in our choice of elected officials, then this outcome is by the people, for the people, in fear we distrust, surrendering.

HenryOctober 29, 2019 3:10 PM

@Chris

No, leaders are not "responding in fear"... Leaders are incentivized to purposefully heighten the fear of their "underlings" so that they'll be allowed to grab more power... My point is, leaders themselves aren't afraid, they're relishing a sweet opportunity that comes about by causing others to fear...

Am I being too cynical? The general populace should be more wary of leaders with too much power, than they are of so-called terrorists. Leadership with too much power equates to total breakdown of society. A few more criminals running around is actually far less dangerous.

Ismar October 29, 2019 11:53 PM

As supply chain is almost always comprised of products made in a range of jurisdictions (different countries) would it not be beneficial to all to have some sort of open standards / protocols in place used to check no back doors are installed at any stage of the process.
I even volunteer to preside over an international body created with this purpose in mind 😉 and have products certified as backdoor free 😀

0LafOctober 30, 2019 5:07 AM

I've only read the exec summary and the table but unfortunatly this is geared very much at national level procurements. It can be argued that more procurements and greater exposure is seen at subnational level. We're still dealing with very large companies but without the power to drive change. Forgetting targeted infiltration of suppliers we're still seeing regular and massive failure of basic principles of information security.

In the last few months I've had to deal with companies with billions in turnover who don;'t understant that a logging needs to be encrypted across the internet, that health information is covered by the GDPR, fighting to have basic patches applied, a cpmpany that claimed to have an extensive security policy set then admitted they were all in Spanish and couldn't be read. Many company developing "additional security" on discredited models (because they're cheaper than doing it right). It's increadibly frustrating.

Clive RobinsonOctober 30, 2019 6:37 AM

@ Henry

Leadership with too much power equates to total breakdown of society. A few more criminals running around is actually far less dangerous.

Yes unfortunately the way...

Our host @Bruce did some figures on 9/11 comparing deaths on the day, to subsequent deaths it caused in various ways such as the hassle of checkin and such causing people to drive rather than fly and just how much more dangerous it is. Whilst the 37,461 road accident deaths in 2016 are not all directly related to "drive rather than fly" quite a few will be.

In the two decades since 9/11 a number of statistics show a change in trend to the worse for society. Other US legislation may be in part reresponsible for these, but our host has indicated in the past that whilst it is security in the larger sense of society. What I will say is that as far as I can see the "War on terrorism" like the "War on drugs" that started a couple of decades before that, have been very usefull in making any number of hypothetical "bogeymen" reasons to cause legislators to vote for such laws that degrade society and the individual citizen.

The trick is "invent an omnipotent bogeyman" then describe hypothetically what the bogeyman can do. Use this to stir up FUD with the usuall "think of the children" type spin. Then tell politicians that if they vote against such legislation then everyone will know they are a bogeyman lover...

Usually that is enough, but when things start returning to rationality the FBI can always be counted on to parade some "ethnic minority" face into the MSM claiming they were going to blow up New York Financial District or some such. Big headlines much banging of drums and waving of flags political speeches "the whole nine yards" as they say[1]. Then eventually it comes out that this master mind is anything but, he --though that now appears to be changing to she-- all to often turns out to be some one of below average IQ who is at or below the effective poverty line or certainly at the bottom of society. You then find out that someone "befriended" the person and basicaly groomed the person before setting them up in some way... Some call these sorts of behaviours "fundraisers" because they can be held under the noses of politicions on appropriation committees to get the purse strings loosened in their favour. The fact it also works for more profitable legislation is what we are currently seeing with political appointee Barr.

[1] The expression "The whole nine yards" is often said to be an American riddle in it's origin. As some point out it came from WWI where a machinegun ammunition belt was nine yards long, hence it ment "give the enemy everything we've got" when they got to close. Others say it's to do with cloth. When you cut a length of cloth the free piece you have cut off is known as the "lie" and that a tailor needed nine yards of cloth to make a stripped business suit. Thus it means a person wearing such a suit as politicians invariably did is telling lies. Further others claim the traditional Scotish Kilt the feileadh-mhor of old which served as outer clothing and blanket for sleeping[2], contained at least nine yards of cloth, whilst it might just have for some people of sufficient doorway filling presence history shows that orders for military kilts were for about six and a half yards.

[2] In my family, there is a story about our ancestors being lowland cattle thieves and that one night on comming back from a successful raid, the leader caught one of his sons bedding down using a mound of snow as a pillow... Aparently his father was so incensed about the cissy he had raised he kicked him to death, and left his body for the wild life. Probably not an iota of truth in it, but if you are told this when young, it might serve to stiffen your spine or make you run away, I'm not sure which ;-)

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Sidebar photo of Bruce Schneier by Joe MacInnis.