The recent alleged attack on America’s technology supply chain carried out by Chinese spies was rumored to have affected over 30 US companies, including titans such as Amazon and Apple. Supposedly, a small Chinese-made chip had been introduced onto the circuit boards of thousands of pieces of hardware used by some of the world’s largest corporations. As it was reported by Bloomberg in October 2018, the investigation held great weight; that is until it was proven false.
However, the threat raised a frightening specter of supply chain attack in a way that is very difficult for end-users to detect. Hardware vulnerability creates a set of new and sophisticated hardware vulnerabilities for businesses in the United States, large and small, and across a wide range of manufacturing industries. The report led to a rise in concerns among network security experts and organizations. It left businesses integrated with technology supply chains of critical hardware questioning whether their network hardware is trustworthy.
Common Threats to Look Out For
The chances of recovering from a supply chain attack are very slim. According to Wired.com, security experts consider this type of attack the worst-case scenario when it comes to network security. “The problem with detection is that it’s extremely impractical. Security professionals need specialized equipment and have to carefully examine several heterogeneous pieces of complex equipment. “It sounds like a nightmare, and it’s an expense that’s hard for companies to justify,” confirmed Vasilios Mavroudis, a doctoral researcher at University College London.
Supply chain hacks are the biggest threats to network security in terms of compromised hardware. However, a network must be secured on the software end, too. Common software-oriented threats to network security include:
- Breaches caused by unreliable or compromised hardware
- Malicious programs including viruses, trojan horses, spyware, malware, etc.
- DoS and DDoS attacks
- Data Theft
How To Ensure Trustworthy Network Security
Defending against cybersecurity weaknesses in a supply chain is a tough battle, though. Ramesh Karri, professor of electrical and computer engineering at the Polytechnic Institute of New York University, has developed new techniques for ensuring supply chain security. One of his techniques for ensuring an integrated circuit is reliable involves the use of odd-numbered ring oscillators placed on a circuit board. Ring oscillators produce specific frequencies that define a profile for the hardware. Hardware malware, though, alters the frequencies of infected hardware from their baseline emissions. Testers, then, are able to recognize threats emanating from hardware immediately.
Tips on Securing Network Hardware
To reduce the potential impact of compromised network hardware, be sure to secure the network on the software and operating side. The holistic approach will make it easier to isolate the source of hardware that harbors malicious circuits. A checklist of software safety measures could include:
- Keep all systems and programs up to date – Remove unwanted vulnerabilities by installing all security patches provided by original developers.
- Use strong passwords – Consider additional security solutions such as two-factor authentication.
- Secure the network with VPN – Encrypt all data related to the network and use strong VPN protocols to ensure maximum security.
- Educate your employees – People who have access to the network must be aware of potential security threats and necessary safety measures.
- Manage user access privileges – Restrict employees’ access to sensitive data and confidential files.
The increased feasibility of compromised network hardware has left many organizations concerned over network security. These kinds of threats make it difficult to determine whether putting your trust in certain hardware suppliers is a good idea. Jason Dedrick, a global information technology researcher at Syracuse University, confirmed for Wired that recovering from these types of attacks might be too difficult for some companies to handle.
“As for cleaning up the mess, that would require looking at the whole value chain, from design through manufacturing, and carefully monitoring every step. It might not be so hard to move the motherboard assembly out of China. The bigger issue is how to control the design process so that there isn’t space for a counterfeit chip to be inserted and actually function,” he said.
Network cybersecurity just moved to a whole new level of sophistication. Network administrators now need to stay abreast of developments in the hardware supply chains of their critical systems.