Supply chain, Governance, Risk and Compliance, Critical Infrastructure Security

Better hardware supply chain risk evaluations sought by new CISA framework

SiliconAngle reports that mounting cybersecurity threats against the hardware supply chain have prompted the Cybersecurity and Infrastructure Security Agency to unveil a new framework aimed at bolstering risk assessment and mitigation in the supply chain. Several components have been integrated into the Hardware Bill of Materials Framework for Supply Chain Risk Management developed by the Information and Communications Technology Supply Chain Risk Management Task Force, including one that details possible use cases for HBOMs depending on the evaluated risk, a format for maintaining consistency in HBOM production and utilization, and a data field taxonomy that offers input and component attributes in HBOMs. "This methodology gives organizations a useful tool to evaluate supply chain risks with a consistent and predictable structure for a variety of use cases," said ICT SCRM Task Force co-chair John Miller. Cybersecurity experts have expressed support for the new framework, with HackerOne Lead Security Technologist Kayla Underkoffler noting the additional transparency offered by the framework.

Related

Third-party ransomware attack threatens Sweden’s liquor supply

Swedish government-owned liquor retailer Systembolaget, which is the country's lone vendor of alcoholic beverages, has warned of a shortage of some beers, wines, and spirits across the country following a ransomware attack against its distributor Skanlog, which its CEO Mona Zuko has attributed to a North Korean state-sponsored threat operation, according to The Record, a news site by cybersecurity firm Recorded Future.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.