This presentation is about the important but largely overlooked fact that we must assume that critical components of our infrastructure are already compromised, from applications and operating systems down the everyday devices, their firmware, hardware and individual chips. We have come to rely on a complex chain of suppliers for hardware and software, a supply chain which can no longer be fully controlled. On top, the revelations by Snowden have demonstrated that hardware and software can be compromised and backdoored with or without the consent or knowledge of the supplier. This presentation examines the supply chain risks and remediating measures from the attackers, defenders, technology, and economic perspective. This latest disruptive innovation is not the first to prompt critical questions regarding security and safety, there are effective lessons from history to inform us for the future.
June 12, 2019, ISSS Tagung