Purpose

The Adaptive Security Answer to the “Supply Chain Problem”

By

This article is Part 1 of a 2 Part Supply Chain Cyber Series. Part 2 will be posted to uncomn.com/news in August.

 

Recent accounts of supply chain attacks have derailed our faith in the trust relationships that built the digital infrastructure surrounding every plane of our existence.

The Kaseya Ransomware attack that caught thousands of organizations unprepared over the 4th of July weekend was one of the biggest cyber-attacks in history. These attacks always have a deep impact that seems to trigger an emotional response, as we all can relate to the feeling you get when someone you trust proves untrustworthy.

The problem with supply chain attacks is that the pseudo attacker is an unsuspecting ally who has no idea that they are delivering the attack. They are an unsuspecting victim of a previously undetected compromising event, and now they are made aware of the harm to themselves and the devastation they delivered to trusted partners. That multi-level connection creates critical business impacts on both sides of the supply chain. The suppliers now are fruitlessly overcompensating for the potential risk they bring to their customers, and the customers are overly guarded to depend on necessary vendor relationships that enable them to operate. The problem has crippled our ability to efficiently satisfy the supply and demand infrastructure that our society has been built upon.

What is a supply chain attack?

In a traditional cyberattack, the adversary is a malicious actor who knowingly targets a victim by attacking an identified weakness in the security infrastructure, causing a “risk of exploit”. Alternatively, a supply chain attack is an attack on the security infrastructure of an internal infrastructure utilizing a trusted partnership. That partnership delivers the exploit in an otherwise non-threatening software or vendor-supplied patches/upgrades and third-party IT support services. The attack method involves introducing the malicious content to the supplied digital means of the transaction.

Some recent examples include both the attack against SolarWinds, and the Kaseya Ransomware incident. In those examples, the exploit contents were concealed in software update packages that the victim inherently trusted as they came from trusted vendors via regular system updates.

Even trusted connections can deliver ransomware to your systems. Adaptive security approaches help protect you by constantly analyzing and evolving your security practices.

The supply chain entities were unsuspecting of any malicious exploit hidden in their delivery, and the victim organization attributed a reduced risk of compromise to the transaction given the trusted relationship and countless previously secure deliveries. In both cases, the introducing entity and the receiving victim were both affected by the attack.

How do you defend against a supply chain attack?

Hopefully, we are all educated to some degree on safe practices relating to cybersecurity, the standard practices of maintaining compliance to industry regulations, educating our users about detecting and reporting phishing emails, protecting usernames and passwords, etc. Now we introduce this concept of not trusting digital entities that we have always associated as trusted allies. How do we realign the concept of cybersecurity without overwhelming their abilities to remain vigilant yet maintain operational efficiency?

The adaptive model provides a solution that eliminates the traditional boundary mentality, separating the outside as “bad” and all things inside as “good”.

The benefits of adaptive security in supply chain attacks.

An adaptive security solution has the components needed to defend against a supply chain attack. The “trust and risk” problem identified as the core component of a supply chain attack is separate in an adaptive security approach. The foundations of adaptive security that treat risk, trust, and security as a constant and evolving progression can detect anomalies in the supply chain software patch and react to security threat indicators of attack.

A successful adaptive security architecture will incorporate security components that layer prediction, prevention, detection, and response when defending against a supply chain attack. Therefore, the adaptive model provides a solution that eliminates the traditional boundary mentality, separating the outside as “bad” and all things inside as “good”. We have all seen good things turn sour, and when the good something happens to be a supply chain element, there are no boundaries associated with risk that allow a successful attack to ensue.

 

This article is Part 1 of a 2 Part Supply Chain Cyber Series. Part 2 will be posted to uncomn.com/news in August.

 

Read more of Cory’s insights on cybersecurity topics.  

The implications of the Colonial Pipeline Attack.