The Future Of Software Supply Chain Security? It’s Already Here
Cofounder and CEO of ReversingLabs, which helps cybersecurity teams gain insights into malware-infected files and objects.
“The future is already here,” the science fiction writer William Gibson famously observed. “It’s just not evenly distributed.”
That quote came to mind recently as I considered the recent software supply chain hack of the Voice over Internet Protocol (VoIP) provider 3CX and calls for greater oversight of software security and the security of software supply chains in the wake of that incident.
Those calls have come from the very top of the U.S. government. For example, Jen Easterly, the Director of the Cybersecurity and Infrastructure Security Agency (CISA) and her co-author, Eric Goldstein, wrote in Foreign Affairs that “Americans need a new model” for securing technology, “one they can trust to ensure the safety and integrity of the technology that they use every hour of every day.”
The two argue for a new regulatory model that emphasizes safety and security, similar to the way federal and state regulations, such as laws mandating the inclusion and use of seatbelts, airbags and other safety features, have greatly reduced the number of fatal accidents in the past half-century.
Of course, technology industry groups like TechNet are wary of stricter government regulation of product design and argue that stricter government regulation of cybersecurity will stifle innovation.
It’s true: Securing a software application or supply chain is not the same thing as keeping a river clear of pollutants. But it is also true that software supply chains are deeply intertwined with the supply chains that keep the lights on, keep water flowing and clean and put food on supermarket shelves.
Decades of digital transformation have seen digital systems replace mechanical ones, with little ability to gracefully fall back to human-managed, analog controls. The result is that cyberattacks now have the capacity for widespread social disruption, as evidenced by the hack of Colonial Pipeline (paywall).
Medical Devices: The Future Of Cybersecurity Regulations
Calls for greater oversight of software security and software supply chains mark a profound shift for a federal…
