In this episode of the podcast (#167): two stories this week – one from Pittsburgh and one from New York – have highlighted anxiety about Chinese made cameras and other security gear deployed in U.S. government agencies and in cities and towns. We’re joined by Terry Dunlap the co-founder of ReFirm Labs to talk about why software supply chain risks are real -and growing.
From China with Love: New York Firm sold millions in PRC Surveillance Gear to US Government, Military
A complaint unsealed by the Department of Justice on Thursday alleges a New York firm engineered a years-long scheme to deceive the U.S. government: selling Chinese manufactured cameras and other gear to the U.S. Military, the Department of Energy and other government agencies that it claimed were “Made in the U.S.A”.
Third party cyber risk is a growing concern for organizations, as breaches and hacks tied to third party providers and applications multiply. How do you know if your third party cyber risk management program is up to the task? Our new e-book, sponsored by CyberGRX, will help you figure it out!
Supply chain hacks like ME Docs and ASUS aren’t inevitable. In this Spotlight Podcast, sponsored by Trusted Computing Group, I speak with Dennis Mattoon, a Principal Researcher at Microsoft Research and the Chairman of the Trusted Computing Group’s DICE Architectures Working Group* about how strong device identities for IoT endpoints can stop supply chain compromises.
The compromise of device maker Asus Live Update Utility is just the latest evidence that sophisticated attackers have software supply chains in the crosshairs.