Secure Provenance

Controlling access to the data and processing within any facility is a core task, and for some it is 100% mission critical.

Unfortunately, talking about ‘known and unknown threats’ can make you sound like a conspiracy-theorist-prepper. However, the issues are real and confront data-center teams every day.

“According to a Dept. of Commerce survey, 39% of organizations encountered counterfeit electronics in a four-year period, and the number is increasing.”
– Defense Industrial Base Assessment: Counterfeit Electronics. Dept of Commerce

 

“In 2016, the US Dept. of Defense and DHS warned against the use of Lenovo equipment due to concerns over cyber-spying.”

– J-2 Intelligence Directorate Report, 2016

39%

According to a Dept. of Commerce survey, 39% of organizations encountered counterfeit electronics in a four-year period, and the number is increasing.

Icon of a security Camera

In 2016, the US Dept. of Defense and DHS warned against the use of Lenovo equipment due to concerns over cyber-spying.

Antagonists love hardware

Historically software has been the preferred vehicle for antagonists, but in recent years there is a demonstrable trend toward appliances and firmware as the breaches here create opportunities that may go unnoticed for years.

Everybody’s doing it

There is a relentless stream of players seeking unauthorised access, from rogue individuals to nation states and their instruments, including ‘friendly fire’. Public discourse in the media seldom reveals these complexities.

Manufacturers are exposed

Consider that just one appliance from any major IT brand can have numerous sub- manufacturers, each using components from a multitude of international suppliers. Then consider that every stage; from design through component supply, manufacturing, coding and assembly, presents opportunities for tampering.

Bigger than most will say

The hardware and firmware risk is bigger than is generally acknowledged, as announcing breaches has wide ranging implications for those affected, and so many events are managed discreetly. Those of you who work in defence, intelligence or insurance, will know how deep the problem is.