3rd Party Risk Management , Critical Infrastructure Security , Cybercrime

To Repel Supply Chain Attacks, Better Incentives Needed

Aging Protocols in Desperate Need of Overhaul, Says Security Expert Karsten Nohl
To Repel Supply Chain Attacks, Better Incentives Needed

The five-year data breach recently disclosed by Tampa, Florida-based Syniverse revealed yet another criminal or nation-state hack attack targeting a key supplier.

But with most of the world's top mobile carriers relying on Syniverse to route their text messages, it's no wonder the company got targeted, says German cryptography and mobile telephony security expert Karsten Nohl.

"I'm not surprised that we heavily rely on a few technology providers to provide services across large ecosystems. We do that privately too, right? We all gravitate towards the same platforms for network effects," Nohl says.

"I'm also not surprised that criminal hackers would go after these critical points in infrastructure. The lesser known the better, because then there's less attention, there's less security scrutiny from the public and the customers," he adds. "So all of this comes down to supply chain security, where it's been learned time and time again … that more often, you suffer damage by one of your suppliers getting hacked than you yourself getting hacked, because of the multiplier effect."

In other words, if by hacking a key supplier such as SolarWinds, Kaseya or Syniverse, an attacker can successfully subvert not one company, but perhaps dozens or thousands, then the odds are they're going to target the supplier.

In this audio interview with Information Security Media Group (click on player beneath image to listen), Nohl discusses:

  • How technology and communications businesses in particular must rethink their risk calculus, especially surrounding supply chains;
  • The security risk posed by - and potential mitigations for - such outdated protocols as Border Gateway Protocol, Signaling System #7 and transmitting text messages;
  • The need to incentivize the right group of stakeholders to overhaul and maintain old networking and communications protocols that underpin today's top services.

Nohl is the founder and chief scientist at Berlin-based Security Research Labs. He's previously served as an interim CISO at both Axiata and Jio, as well as a senior associate at McKinsey & Company.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.asia, you agree to our use of cookies.