Security News > 2024 > January > CISOs’ role in identifying tech components and managing supply chains
In this Help Net Security interview, Nate Warfield, Director of Threat Research and Intelligence at Eclypsium, outlines the crucial tasks for CISOs in protecting supply chains and achieving comprehensive visibility.
Auditing a hardware supply chain is exponentially more difficult, as vendors may or may not choose to disclose what their underlying operating systems are, what open source software they use, where they source the hardware components of their devices, what firmware runs both the device itself and its subcomponents - for example a router may run a Linux distribution, with an open source routing daemon, a motherboard from Supermicro, with high-speed NICs from Mellanox, a baseboard management controller from ASPEED with BMC code from AMI which itself is another version of Linux with its own SBOM. With the apparent disconnect between security and development teams in software supply chain security, what strategies do you recommend to enhance collaboration?
How should CISOs adapt their supply chain security strategies to new global cybersecurity regulations and standards?
Supply chain security is a relatively new concept that organizations may have put on the back burner due to the relentless barrage of vulnerabilities, zero-day exploit campaigns, ransomware, and the challenges of working in both a COVID and post-COVID world.
As organizations rapidly adopt digital services, what measures do you recommend to ensure that the speed of deployment does not compromise supply chain security?
As AI and machine learning become more prevalent in cybersecurity, what are the implications for supply chain security, and how can CISOs leverage these technologies effectively?