{"id":6302,"date":"2020-07-25T19:43:55","date_gmt":"2020-07-25T22:43:55","guid":{"rendered":"https:\/\/www.nachodelatorre.com.ar\/mosconi\/?p=6302"},"modified":"2020-07-25T19:43:55","modified_gmt":"2020-07-25T22:43:55","slug":"los-piratas-informaticos-ponen-en-riesgo-la-cadena-de-suministro-global","status":"publish","type":"post","link":"https:\/\/www.fie.undef.edu.ar\/ceptm\/?p=6302","title":{"rendered":"Los piratas inform\u00e1ticos ponen en riesgo la cadena de suministro global"},"content":{"rendered":"
\n

Los piratas inform\u00e1ticos solitarios, los estados deshonestos y las organizaciones cibercriminales est\u00e1n en condiciones de interrumpir la cadena log\u00edstica. La ciberseguridad es realmente un problema de la cadena log\u00edstica que abarca desde los operadores de telecomunicaciones que utilizan las empresas, el hardware y el software que respaldan el flujo de trabajo de la organizaci\u00f3n, mas los activos en la nube que muchas organizaciones est\u00e1n empleando hoy.<\/p>\n

\n<\/div>\n

Lone wolf hackers, rogue nation-states and cybercrime syndicates are in a position to disrupt the global supply chain.<\/p>\n

\u201cCybersecurity really is a supply chain problem\u201d that encompasses the telecom carriers that are used by businesses, the hardware and software that supports organizational workflow, and the cloud assets that so many organizations are leveraging today, Richard George, former National Security Agency technical director of information assurance and current senior advisor for cybersecurity at Johns Hopkins University Applied Physics Laboratory, recently said in a speech to cybersecurity professionals.<\/p>\n

\u201cIt\u2019s not just the government that\u2019s a target, everybody\u2019s a target,\u201d he added.<\/p>\n

Part of the problem is that \u201cthere is no risk aversion\u201d for these bad actors. No one stands trial for their behavior while the Chinese deny their role in this activity and say, \u201cnot us, not us,\u201d George said.<\/p>\n

Kevin O\u2019Marah, former manufacturing and supply chain contributor to Forbes, wrote, \u201cWhere once we worried about localized mistakes or oversights upstream, now we worry about cataclysm, potentially at the hands of actors bent on destruction. The new world of supply chain risk means preparation for widespread, systemic disruption in our immediate future.\u201d<\/p>\n

He continued: \u201cAs with war and natural disasters, cyber threats have the potential to kick off systemic failure, meaning a sort of domino effect whereby ordinary preparedness fails to overcome infrastructure, communication and human breakdowns.\u201d<\/p>\n

To defend against cyber criminal intent to disrupt and \u201cown\u201d the global supply chain, George observed that corporations must be on guard, be careful of untrustworthy entities within the supply chain, ensure transparency throughout the supply chain, force strategic partners to prove their cybersecurity posture, and limit entanglement with companies\/countries that don\u2019t respect intellectual property rights.<\/p>\n

\u201cPeople today are putting those holes in because they want easy access to the targets, and we are the targets,\u201d said George. He noted that every aspect of the global supply chain must be put under the microscope of cybersecurity, including distribution, processes, people, reputation, manufacturing, research and development, transportation, logistics and facilities.<\/p>\n

Leading cybersecurity researchers are in line with what George and O\u2019Marah have said. In fact, Zac Rogers, assistant professor of supply chain management at Colorado State University, said, \u201cPurchasing people tend to think of cybersecurity as an information systems problem.\u201d But his research indicates that two-thirds of breaches are a result of a supplier or third-party vulnerabilities.<\/p>\n

Soha Systems, now Akamai Technologies, reported a similar finding of 63 percent of breaches caused by third-party providers.<\/p>\n

Mark Carrizosa, director of information security at Akamai, said, \u201cThe results of our survey highlight the disconnect between IT priorities and the urgent need to mitigate third-party data breaches. \u2026 The survey shows enterprises have vastly underestimated the resources required to deal with such breaches, even as their need to provide secure third-party access continues to grow.\u201d<\/p>\n

In light of breaches connected to the vulnerable third-party suppliers of Walmart, Equifax, Apple, Target, CVS, CNN and others, Derek Brink, vice president and research fellow at the business intelligence firm Aberdeen Group, said, \u201cFor business reasons, organizations are increasingly providing third parties with access to their IT infrastructure, but IT and security leaders really need to help their business leaders understand the risks of third-party access and take steps to help manage these risks to an acceptable level.\u201d<\/p>\n

One of the telecom companies under scrutiny recently in relation to posing a risk to the telecom side of the supply chain is Huawei, a Chinese company closely tied to the Communist Party and government of China. As a result, U.S. politicians and intelligence agencies are cautious about the intentions, actions and products produced by the company.<\/p>\n

John Suffolk, Huawei\u2019s global cybersecurity and privacy officer, inadvertently showed that the problem is not as simple as software and hardware being produced by the U.S. economic adversary, China.<\/p>\n

Here are Suffolk\u2019s own words: \u201cOur [research-and-development] center for microwave is based in Milan, yet we take our compression algorithms from the world\u2019s best scientists and mathematicians in Moscow. And then we apply that to Chinese technology and manufacturing.\u201d<\/p>\n

Unfortunately, all along the way, there is plenty of room for bad actors to get into the game of tweaking their aspect of the supply chain to access data that isn\u2019t their own.
\nGeorge in his address to the RSA conference in 2018, reminded the audience that nation-states are the primary malevolent actors attacking the global supply chain and that all countries spy. He went on to explain that permitting a foreign country to maintain infrastructure or supply components for U.S. systems allows them access to those systems.<\/p>\n

When asked about the rapid expansion of supply chain attacks, George explained that once an attack is successful, copycats easily replicate it; and as larger entities fortify their supply chains, the criminal intent moves to the next easiest target \u2014 mid-size organizations and state\/local governmental agencies.<\/p>\n

In researching and speaking to these supply chain cybersecurity professionals, the question was, \u201cWhat can be done about cybersecurity vulnerabilities in the supply chain?\u201d<\/p>\n

The answers most commonly given by these experts were that companies should design incident protocols, implement protected software update systems, narrow third-party access to systems, inspect and secure current infrastructure, insist on transparency with strategic partners, and lock in due diligence throughout the lifecycle of the organization\u2019s IT components.<\/p>\n

The good news for business leaders is that bad actors \u2014 even governments with billions of dollars at their disposal \u2014 are not all-powerful. George said their access to resources, their capability, their intent\/motive, their risk aversion, and their access to the systems they want to compromise are all, as he describes, \u201climiting factors\u201d to their harmful desires to create damage and cause chaos in the global marketplace.<\/p>\n

Although Huawei is under global scrutiny, Suffolk said, \u201cYou cannot bolt quality onto a product, and nor can you bolt on cybersecurity. Cybersecurity must be built into everything that you do. \u2026 Many cybersecurity threats come from the very inside. So, if you do not know what the incentives are, the disincentives, the rules and regulations, many attacks can be perpetrated by insiders.\u201d<\/p>\n

In today\u2019s global marketplace, the people and companies within an organization\u2019s supply chain can easily be considered to be \u201cinsiders\u201d with enough access to cause harm, he said.<\/p>\n

The harm that can be done though supply chain cyber attacks, however, is not limited to damage to the economy. The Defense Department is also reliant upon global supply chains. The department comprises the nation\u2019s warfighting abilities, moving more equipment, people and supplies globally than any other agency or organization. A state actor having access to this data through porous networks and cyber vulnerabilities presents a major problem.<\/p>\n

Speaking to the 12,000 suppliers and 24 global distribution centers that make up his purview of the defense supply chain, Army Lt. Gen. Darrell Williams, director of the Defense Logistics Agency stated, \u201cThe technology that we are using to run that global network of warehouses that feeds into and supports all of our military services is quite old, 25 or 30 years old.\u201d<\/p>\n

However, there is good news. Progress in securing the defense supply chain is being made.<\/p>\n

The Government Accountability Office recently removed the Defense Department supply chain from its own internal \u201chigh risk\u201d list because of progress made within the department.<\/p>\n

A GAO report stated that: \u201cFrom 2014 to 2017, we identified 18 actions and outcomes DoD needed to implement in order for its supply chain management to be removed from our High-Risk List. In our 2017 High-Risk Report, we reported that DoD had made progress in addressing 11 actions and met the criteria of leadership commitment, capacity and action plan for asset visibility and materiel distribution.\u201d<\/p>\n

However, the department needed to take additional steps to fully implement the remaining seven actions and outcomes related to the monitoring and demonstrated progress criteria. \u201cWe are removing DoD Supply Chain Management from the High-Risk List because, since 2017, DoD has addressed the remaining two criteria (monitoring and demonstrated progress) for asset visibility and materiel distribution by addressing the seven actions and outcomes identified in our 2017 High-Risk Report,\u201d the GAO said.<\/p>\n

The takeaway from these professionals is that the security of global commercial and military supply chains is not something that can be bolted onto an organization and that of its suppliers.<\/p>\n

Cybersecurity has to be baked into the entire process for end-to-end supply chain protection.<\/p>\n

Fuente:<\/strong> https:\/\/www.nationaldefensemagazine.org<\/a><\/em><\/p>\n","protected":false},"excerpt":{"rendered":"

Los piratas inform\u00e1ticos solitarios, los estados deshonestos y las organizaciones cibercriminales est\u00e1n en condiciones de interrumpir la cadena log\u00edstica. La ciberseguridad es realmente un problema… <\/p>\n","protected":false},"author":1,"featured_media":6303,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[2,23],"tags":[],"_links":{"self":[{"href":"https:\/\/www.fie.undef.edu.ar\/ceptm\/index.php?rest_route=\/wp\/v2\/posts\/6302"}],"collection":[{"href":"https:\/\/www.fie.undef.edu.ar\/ceptm\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.fie.undef.edu.ar\/ceptm\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.fie.undef.edu.ar\/ceptm\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.fie.undef.edu.ar\/ceptm\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=6302"}],"version-history":[{"count":0,"href":"https:\/\/www.fie.undef.edu.ar\/ceptm\/index.php?rest_route=\/wp\/v2\/posts\/6302\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.fie.undef.edu.ar\/ceptm\/index.php?rest_route=\/wp\/v2\/media\/6303"}],"wp:attachment":[{"href":"https:\/\/www.fie.undef.edu.ar\/ceptm\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=6302"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.fie.undef.edu.ar\/ceptm\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=6302"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.fie.undef.edu.ar\/ceptm\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=6302"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}