Recently, CRC Press published Securing the Nation’s Critical Infrastructures: A Guide for the 2021–2025 Administration. In it, ThreatWarrior’s founder and CTO, Pete Slade, authored an essay along with Institute for Critical Infrastructure Technology (ICIT) Fellow Dave Summitt discussing the importance of digital supply chain protection and how it affects both public and private sector organizations.
Securing the Nation’s Critical Infrastructures: A Guide for the 2021–2025 Administration is intended to help United States executive administration, legislators, & critical infrastructure decision-makers prioritize cybersecurity, combat emerging threats, and craft meaningful policy, embrace modernization, and critically evaluate nascent technologies.
The book is divided into 18 chapters that are focused on the critical infrastructure sectors identified in the 2013 National Infrastructure Protection Plan (NIPP), election security, and the security of local and state governments. Each chapter features viewpoints from an assortment of former government leaders, C-level executives, academics, and other cybersecurity thought leaders.
The Guide is a collaborative effort of authors who are Fellows at the Institute for Critical Infrastructure Technology (ICIT) and published by CRC Press.
Protect Your Digital Supply Chain
Traditionally, the supply chain refers to every component involved in the delivery of a product; from production to distribution and everything along the way that affects the end consumer from receiving it.
However, the world runs on software now. From the computers we use at work, to our personal mobile devices, connected homes and IoT — we’re powered by code. The digital supply chain is anything that touches that code from development to production and updates and enhancements. It includes version releases, known vulnerabilities and security controls. It even includes other software running on the same infrastructure the applications are running on.
This means that digital supply chain risks are inherited from an organization’s dependencies, which are pervasive. The digital supply chain runs the entire technology stack from code embedded in hardware all the way up to software packages used to develop a user interface. Any of these software dependencies can be used to leverage an attack, and bad actors will always attempt to compromise the weakest link in the security ecosystem. Because our global ecosystem is completely intertwined, exploiting a common connection is a dangerously effective (and economic, for the hackers) way to victimize a large group at once.
One example of this type of attack which garnered wide-spread media attention was the SolarWinds breach discovered in 2020, whereby hackers leveraged an auto-update function that allowed them to insert malicious code into updates that were sent to all SolarWinds Orion users. The SolarWinds breach extended far beyond the commercial sector, compromising several US government agencies, including the US Departments of Homeland Security, Commerce, and Treasury.
This is only one cautionary tale. Cyberwarfare techniques advance daily, and defense must be at the forefront of our national security agenda.
A Look Inside the Guide
In their essay, Slade and Summitt discuss digital supply chain security implications on national security, what it means for all organizations to reexamine trust, inherent problems in software development that have led to the exploitation of the digital supply chain, and much more.
They provide tangible recommendations on how organizations can bolster their security efforts to defend against this type of attack, including:
- How network detection and response (NDR) solutions can combat these sophisticated attacks
- The importance of gaining full-network visibility
- How organizations must begin looking into proactive threat hunting capabilities
- Constantly reassessing risk from all third parties and not falling victim to the myth of “trust”
Get Your Copy
To learn more about Securing the Nation’s Critical Infrastructures: A Guide for the 2021-2025 Administration and how to purchase your copy, visit ICIT’s website here.