Supply chain key to comprehensive security, says Cisco

A comprehensive security strategy must include the supply chain to deliver the integrity customers demand

A comprehensive security strategy must include the supply chain to deliver the integrity customers demand, according to Edna Conway, chief security strategist at Cisco Systems.

“Cisco sees the supply chain as a critical differentiator,” she told the Security Development Conference 2013 in San Francisco.

Consequently, the company is focused on driving a comprehensive way of thinking about security across the supply chain, starting with the developer community.

“The supply chain is a critical element of a secure network and if software developers fail to get it right then we all fail,” said Conway.

She appealed to the developer community to think about things such as anti-counterfeiting measures, traceability as a key element of design, and use of secure boot technologies.

“We need you, we are on the same team, and this is a great time to be in security,” she said.

According to Conway, never before has there been a time when security was in a position to make a bigger difference to economic growth for government and business.

more on supply chain security

However, she said not all players understand that for most products, particularly for commercial off-the-shelf software, the supply chain is global, and there is no going back.

There is a need to think globally, yet many regulators, legislators and industry groups are still drawing up their own closed sets of regulations, rules and laws that can only lead to balkanisation, said Conway.

Since 2011, she has been working to establish a trustworthy network at Cisco through focusing on trustworthiness in hardware and software supported by third-party certifications.

“Supply chain security as the foundation of security is what customers have come to expect,” she said.

Conway has sought to build this capability through driving security technology across the supply chain, seeking to influence key internal and external security policy, and monitoring supply chain partner adherence to security practices.

“I believe if supply chain partners focus on just four areas, a foundational level of security can be established,” she said.

These four areas are: 

  1. Malicious modifications or substitutions of technology;
  2. Counterfeit products;
  3. Security in times of supply chain disruption;
  4. Misuse of intellectual property.

Image: iStockphoto/Thinkstock

Read more on Application security and coding requirements