Supply chain attacks are on the rise. The success of a business is undoubtedly linked to its supply chain. Yet, because of this, an organization is only as strong as its weakest link.
According to the GAO-18-667T, reliance on a global supply chain introduces multiple risks to federal information systems. Supply chain threats are present during the various phases of an information system’s development life cycle and could create an unacceptable risk to federal agencies.
These threats can have a range of impacts, including allowing adversaries to take control of systems or decreasing the availability of materials needed to develop systems. These threats can be introduced by exploiting vulnerabilities that could exist at multiple points in the supply chain.
Supply Chain Cybersecurity Vulnerabilities
Examples of such supply chain vulnerabilities include the acquisition of products or parts from unauthorized distributors. Inadequate testing of software updates and patches. And incomplete information on IT suppliers.
Malicious actors could exploit these vulnerabilities, leading to the loss of the confidentiality, integrity, or availability of federal systems and the information they contain. Today, organizations have a greater choice of suppliers and have become more reliant on third parties. This, however, also means that the supply chain has become a more complex web of interdependent companies who might not even be aware that they are connected. As a result, it is impossible to cover the entire supply chain. Additionally, technology is becoming an essential tool in the supply chain cybersecurity for all operations. These factors combined, have precipitated an inadvertent expansion of vulnerabilities within supply chain cyber security.
There are various actors who might target an organization’s supply chain attack. With that comes numerous motives behind an attack. An individual looking to gain financial benefits, or a nation-state or state-sponsored actor seeking to sabotage an adversary by conducting espionage.
On a supply chain attack, it is typically the hardware that is tampered with. Devices can be compromised at any point throughout the supply chain. And a Rogue Device, like bad USB, can be delivered by a supplier to the end user. Moreover, due to the interconnections of the involved organizations, suppliers often have access to a target’s sensitive information.
Supply Chain Attacks Environments
When the target has high security measures and the attacker finds it nearly impossible to gain an onsite presence, they may find it more attainable to attack a third party with fewer security measures. As mentioned, supply chains are becoming increasingly complex which makes detecting an attack, and its origin, extremely difficult. And in many aspects supply chain attacks represent the “Holy Grail” of hardware based attacks. Additionally, implants can be microscopic and can easily go unnoticed to the human eye, avoiding any suspicion as to the device’s true intentions.
Sitting on the physical layer implants are not detected by cybersecurity software solutions either. Furthermore, Spoofed Peripherals might be authorized as a genuine HID thereby not raising any security alarms. Ultimately, there are plentiful benefits that make attacking the supply chain favorable for bad actors.
Many times, IT and security teams in the energy sector struggle in providing complete and accurate protection of their hardware assets. Especially in today’s extremely challenging IT/OT/IoT environment. This is because, often, there is a lack of device visibility which leads to weakened policy enforcement of hardware access. This vulnerability may result in security incidents such as ransomware attacks, data leakage, etc. In order to address this challenge, ultimate visibility into your Hardware assets is required. Regardless of device characteristics and the interface used for connection. Moreover, malicious actors have adapted to the dynamic cybersecurity defenses deployed to block cyber-attacks by taking advantage of the “blind spots”. Mainly through bad USB HID-emulating devices or Physical Layer network implants. These Rogue Devices are covert by nature and go undetected by existing security software solutions, thereby leaving the organization extremely vulnerable.
See Every Known and Shadow Asset. Prioritize and Mitigate Risks
Sepio’s platfom (HAC-1) provide a panacea to the gap in device visibility. As the leader in Rogue Device Mitigation, Sepio’s solution identifies, detects and handles all peripherals. No device goes unmanaged. Sepio uses Physical Layer fingerprinting technology and Machine Learning to calculate a digital fingerprint from the electrical characteristics of all devices and compares them against known fingerprints.
In doing so, Sepio is able to provide organizations with ultimate device visibility and detect vulnerable devices and switches within the infrastructure. In addition to the deep visibility layer, a comprehensive policy enforcement mechanism recommends on best practice policy and allows the administrator to define a strict, or more granular, set of rules for the system to enforce. When a device breaches the pre-set policy, Sepio automatically instigates a mitigation process which instantly blocks unapproved or Rogue hardware.Download e-Book