Running Head:SUPPLY CHAIN RISK2IntroductionThe risks associated with cybersecurity products, travelling through the supply chain,have been steadily increasing over the years.Many people would assume receiving patches andupdates from manufacturers of IT security products would come with no vulnerabilities pre-installed.Unfortunately, as more research is performed on distributed cybersecurity updates,there have been some disturbing findings.Cisco’s security and network management software,named Prime Collaboration Provisioning, recently pushed out version 10.6 not realizing itcontains a critical vulnerability that allows an attacker to remotely bypass authentication andgain full administrator rights on an affected system. (Kovacs, 2016)This is one of manyvulnerabilities that are being revealed as cybersecurity products move through the supply chainfrom manufacturer to consumer.A study performed by PricewaterhouseCoopers, titled TheGlobal State of Information Security Survey, revealed that even though manufacturers ofcybersecurity goods are paying more attention to supply chain risks, over a third do notimplement basic security standards for third party partners, and only 42% perform riskassessments on external partners. (Orr, 2015)The public and private sectors of the cybersecurityindustry must come together to work to mitigate supply chain vulnerabilities.Manyorganizations, including Armed Forces Communication and Electronics Association (AFCEA)Cyber Committee, have been asserting that Supply Chain Risk Management (SCRM) should bean active Public-Private Partnership initiative with government agencies and privateorganizations sharing information to raise awareness for supply chain integrity. (Filsinger, Fast,Wolf, Payne, & Anderson, 2012)Analysis
Running Head:SUPPLY CHAIN RISK3Supply Chain RisksThere are several points in the supply chain management for cybersecurity products thatcontain risks.One of these risks is when vulnerabilities are intentionally installed on computerand networking hardware.An example of this occurring is when Lenovo preloaded adwarenamed Superfish onto their computers and laptops, in 2014.The software was installed toredirect browser search results to display different advertisements.The problem is that theadware bypassed the computer’s security settings, so that cyber-attackers could snoop on a user’sbrowsing history revealing such information as passwords, banking information, etc. (Rosenblatt,2015)The recent discovery of security flaws in Cisco’s Prime Collaboration Provisioningsoftware highlights the supply chain risk of unknown vulnerabilities that are built incybersecurity software which could lead to exposures exploited by malicious hackers.In 2008,the FBI seized over $75 million worth of counterfeit Cisco routers in the supply chain headed forU.S. consumers.