"Five Principles to Help Secure Technology Supply Chains"

Factory fires were once the most common source of supply chain disruption, but the landscape has shifted as globalization has resulted in distributed supply chains. Logistics powered by Artificial Intelligence (AI) enable just-in-time component delivery. New threats, such as ransomware, pose new risks to manufacturers, making cyberattacks one of the most significant sources of disruption. With new risks and threats, the new supply chain normal calls for a new approach to securing technology supply chains. It is critical to illuminate supply chains so that organizations can see what they are purchasing and from whom. Although most businesses know who their direct suppliers are, few know who their second-tier suppliers are. The Software Bill of Materials (SBOM) initiative seeks to provide this illumination on the software side. As vendors start requiring SBOMs from their suppliers, a list of all the software libraries and building blocks that go into a finished product or service can be inventoried. It is important to be able to make risk- and threat-informed supplier decisions. For example, software that relies on an unmaintained open-source library may pose a risk. Similarly, Chinese companies' products may pose a threat. The 2023 National Defense Authorization Act (NDAA) includes language requiring the Department of Homeland Security (DHS) to only purchase software with no known vulnerabilities for critical functions. This article continues to discuss principles to help bolster the security of technology supply chains. 

HSToday reports "Five Principles to Help Secure Technology Supply Chains"