Note: Yet another for everyone to remember when you hear someone say the old security certifications were just red tape. Stopping interdiction is just red tape. Haha.
Here's a basic set of recommendations for supply chain security that provides at least a start on various aspects:
Personally, I think being able to print or wire-wrap the electronics yourself can be helpful given they might be able to attack inside the PCB. It's a speculative attack I came up with many, many years ago that I can't remember if anyone has implemented. It would be difficult to detect with some of these internet-of-things style chips implemented w/ minimal packaging.
There's a lot to this subfield of IT. Verification of incoming components & manufacturing process with trusted couriers is the baseline, though.
http://csrc.nist.gov/publications/secpubs/rainbow/tg008.txt
Note: Yet another for everyone to remember when you hear someone say the old security certifications were just red tape. Stopping interdiction is just red tape. Haha.
Here's a basic set of recommendations for supply chain security that provides at least a start on various aspects:
http://www.albint.com/en-us/company/Suppliers%20Documents/Su...
U.S. government is freaking about about what they, err the Chinese, can do. They're implementing their own research with stuff like this:
http://www.technology.org/2015/07/09/sandia-tamper-detecting...
http://www.darpa.mil/program/supply-chain-hardware-integrity...
Personally, I think being able to print or wire-wrap the electronics yourself can be helpful given they might be able to attack inside the PCB. It's a speculative attack I came up with many, many years ago that I can't remember if anyone has implemented. It would be difficult to detect with some of these internet-of-things style chips implemented w/ minimal packaging.
There's a lot to this subfield of IT. Verification of incoming components & manufacturing process with trusted couriers is the baseline, though.