To perform safely and efficiently, companies operating in critical industries depend on instrumented, interconnected, and intelligent embedded devices.
Since a “smart” device is only as good as the firmware or software running on it, asset owners must rely on their vendors to supply valid, authentic software for system implementation and upgrades.
Of course every vendor does its best to supply safe and reliable software. But the path from device vendor to device user - the software supply chain - can be complex and open to exploitation.
Unfortunately, events like the Dragonfly attacks and more recently the Kaseya attacks make it clear that criminal groups and hostile governments are exploiting the weaknesses in our software distribution processes. They have begun to develop and distribute counterfeit software for embedded systems.
If a technician installs just one malicious file, this Trojanized software can have access to everything in your system. The consequences of this kind of attack can be devastating.
Industry currently lacks a robust solution for protecting organizations - both suppliers and asset owners - from supply chain attacks.
When you examine the upgrade process in large organizations, it’s easy to see the current challenges:
The concern over counterfeit software and firmware isn’t hypothetical. And the resulting problems from an attack are both life threatening and expensive.