ISSEC 2013 Book of Abstracts (Sept. 2013) | Page 4

Tuesday 17 September, 2013 9:50 – 10:40 Software & Supply Chain Assurance: Migrating Risks Attributable to Exploitable ICT Products and Processes Joe Jarzombek Director for Software and Supply Chain Assurance Department of Homeland Security NPPD CS&C SECIR Regardless of intent, software, hardware, and services can potentially contain counterfeit or tainted components. Whether compromised by ignorance, negligence, or malfeasance, the end result of counterfeit and tainted products can be dire for those who inherit the residual risk exposure. Just as with food and pharmaceuticals, these products can be corrupted in ways that put users, organizations, and missions at risk. Thus each participant in the supply chain requires an appreciation of controls and processes that should be in the potential paths software and hardware can take before it is acquired and put into use. How do we ensu ?H]H?Y?]?[??YH[Y?[??H\?H?Z[??\YY?[\??\?HH???Y[?X[]K[?Y?]K[?]?Z[X?[]H?H?[??]]?H[???X][?[??\?Y??\?\?\?H?[???[??\??\H?Z[????H?YYH8?'???K\?HX[?H[Y\??'H??[Y]???]?]?\???? [YK[??Y???\]Z\?Y???X??X?\?]H\??\??Y[????]??[?X?H?\H?Z[?\??X????\????\??\??Y[? ]]?^?][??\??X[?Y?[Y[? [???[?[?\?[?]?[???????\?K\??\?H[??\??X?\?????[?Y?[?\??]]?X]HH???\??\??Y[?Y?X?][?Z]Y?][?[?[???X][??\?[??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????RT??P? L??