Supply chain attacks are on the rise. The success of a business is undoubtedly linked to its supply chain. Yet, because of this, an organization is only as strong as its weakest link. According to the GAO-18-667T, reliance on a global supply chain introduces multiple risks to federal information systems. Supply chain threats are present during the various phases of an information system’s development life cycle and could create an unacceptable risk to federal agencies. These threats can have a range of impacts, including allowing adversaries to take control of systems or decreasing the availability of materials needed to develop systems. These threats can be introduced by exploiting vulnerabilities that could exist at multiple points in the supply chain.
Examples of such vulnerabilities include the acquisition of products or parts from unauthorized distributors; inadequate testing of software updates and patches; and incomplete information on IT suppliers. Malicious actors could exploit these vulnerabilities, leading to the loss of the confidentiality, integrity, or availability of federal systems and the information they contain. Today, organizations have a greater choice of suppliers and have become more reliant on third parties. This, however, also means that the supply chain has become a more complex web of interdependent companies who might not even be aware that they are connected. As a result, it is impossible to cover the entire supply chain. Additionally, technology is becoming an essential tool in the supply chain for all operations. These factors – on their own, but even more so when combined – have precipitated an inadvertent expansion of vulnerabilities within supply chains, especially in regard to cyberattacks.
There are various actors who might target an organization’s supply chain and, with that, comes numerous motives behind an attack; be that an individual looking to gain financial benefits, or a nation-state or state-sponsored actor seeking to sabotage an adversary by conducting espionage. When attacking the supply chain, it is typically the hardware (but not limited to) especially when some hardware components include built-in firmware) that is tampered with. Devices can be compromised at any point throughout the supply chain and the Rogue Device can be delivered by a supplier to the end user. Moreover, due to the interconnectedness of the involved organizations, suppliers often have access to a target’s sensitive information.
When the target is highly secured and gaining an onsite presence is almost impossible for an attacker, such as a government agency, it is more attainable to attack a third party with fewer security measures in place as confidential data can still likely be accessed. As mentioned, supply chains are becoming increasingly complex which makes detecting an attack, and its origin, extremely difficult and in many aspects supply chain attacks represent the “Holy Grail” of hardware based attacks. Additionally, implants can be microscopic and can easily go unnoticed to the human eye, avoiding any suspicion as to the device’s true intentions. Sitting on the physical layer (layer 1) implants are not detected by security software solutions either. Furthermore, Spoofed Peripherals might be authorized as a genuine HID thereby not raising any security alarms. Ultimately, there are plentiful benefits that make attacking the supply chain favorable for bad actors.
Many times, IT and security teams in the energy sector struggle in providing complete and accurate protection of their hardware assets – especially in today’s extremely challenging IT/OT/IoT environment. This is because, often, there is a lack of device visibility which leads to weakened policy enforcement of hardware access. This vulnerability may result in security incidents such as ransomware attacks, data leakage, etc. In order to address this challenge, ultimate visibility into your Hardware assets is required, regardless of device characteristics and the interface used for connection. Moreover, malicious actors have adapted to the dynamic cybersecurity defenses deployed to block cyber-attacks by taking advantage of the “blind spots” – mainly through USB HID-emulating devices or Physical Layer network implants. These Rogue Devices are covert by nature and go undetected by existing security software solutions, thereby leaving the organization extremely vulnerable.
Sepio has developed the Hardware Access Control (HAC-1) solution to provide a panacea to the gap in device visibility. As the leader in Rogue Device Mitigation, Sepio’s solution identifies, detects and handles all peripherals; no device goes unmanaged. HAC-1 uses Physical Layer fingerprinting technology and Machine Learning to calculate a digital fingerprint from the electrical characteristics of all devices and compares them against known fingerprints. In doing so, HAC-1 is able to provide organizations with ultimate device visibility and detect vulnerable devices and switches within the infrastructure. In addition to the deep visibility layer, a comprehensive policy enforcement mechanism recommends on best practice policy and allows the administrator to define a strict, or more granular, set of rules for the system to enforce. When a device breaches the pre-set policy, HAC-1 automatically instigates a mitigation process which instantly blocks unapproved or Rogue hardware.Download e-Book