As part of our exploration of all of the above , we conducted an initial set of assessments of a group of IoT component suppliers that were critical to one of our sponsors . These suppliers provided critical IoT-related capabilities crucial to the operational activities of the sponsor and the supplier ’ s continued ability to be a trusted , reliable provider of the IoT capabilities were an important factor to the sponsor and their ability to do their job .
The focus of concern about these suppliers centered upon a “ Supplier and Public Data Profile ” with risks from the External Influences , Financial Stability , Maliciousness , Organizational Security and Organizational Stature sub-categories of the Supplier Trust Aspect and 26 specific risk factors that we could obtain publicly available data about . There were 11 suppliers in the group that was evaluated but we are showing the initial finding for three of 11 in radar plots shown in Error ! Reference source not found .. Figure 10-2 shows the full details for supplier 10 along with the sub-categories of five of the seven supplier risk categories from Table 6-2 above .
From the perspective of a IoT supplier to an organization , the overall set of risks that Company 1 and Company 7 present are of a different level from those presented by Company 10 . All three show no indications of External Influence risks as the assessment from public sources showed nothing beyond Green , when plotted as a stop-light chart for the sub-categories 13-19 listed in Figure 10-2 for External Influence . Similarly for Company 1 there was nothing to indicate that Maliciousness was present in the sub-categories 10-12 , with Maliciousness plotting to zero for Company 1 , but to non-zero for Company 7 and 10 .
More disturbing , for Company 10 , there was information available indicating that it had security issues that could make it a conduit of attack to its customers ( sub-categories 8 & 9 ) and that it had financial stability issues ( sub-categories 1-7 ).
When choosing your IoT suppliers , those that are providing the components for making Trustworthy IoT Systems , security and financial issues raise the possibility of undermining and disrupting your own capabilities and should be something to consider in choosing your suppliers .
Figure 10-1 . Three suppliers of interest from set of 11 using SoT supplier and public data profile .
56 July 2022