Infiltrating the defense supply chain is one of the most insidious means by which attackers can compromise our nation’s communications and weapons systems. Successfully targeting a single component of the defense industrial base can cause a ripple effect that can significantly impact everything from data centers to war fighters in theater.
The Department of Defense’s new “Deliver Uncompromised” security initiative is designed to tackle this problem at its root cause: third-party suppliers. In essence, the DoD is requiring its suppliers to bake security into their applications from the beginning of the production process. A “good enough” approach that just clears the bar for minimal security criteria is no longer good enough. Security must be ingrained in the very fabric of the entire production process.
Security starts with people
The process starts with people. They are responsible for ensuring that the solutions that comprise the supply chain work as designed and are inherently secure. They work closely with highly sensitive and proprietary information that is attractive to enterprising hackers. They are the first line of defense.
Unfortunately, those same factors make people the most attractive attack vector. When a malicious actor wants to gain access to a component or system, it’s often easier to just steal someone’s credentials than it is to try and find their way around a firewall. Obtaining a simple password is often enough to gain access to a critical system that can then be compromised, or information that can be exploited.