Title :
Risks of unrecognized commonalities in information technology supply chains
Author :
Axelrod, C. Warren
Author_Institution :
Delta Risk LLC, Great Neck, NY, USA
Abstract :
In this paper we examine the interdependencies and common points of failure (and attack) that plague commonly-used system and network hardware and software. The proposed approach requires not only generating inventories of acquiring organizations´ equipment and software products, and clear and detailed descriptions of every link in the supply chain, but also the identification of common components and their sources. This information is required not only for manufacturer and OEM supply chains, but also for the services supply chains of maintenance and repair organizations. When such critical components and services have been identified, one must prioritize their importance and apply appropriate security and testing. Such an identification and tracking system is only as good as its ability to incorporate up-to-the-minute changes and additions. This requires extensive real-time reporting and information sharing. The author presents a general description of a proprietary tool that facilitates the collaboration needed for such an approach to be effective.
Keywords :
information technology; production engineering computing; risk management; supply chain management; OEM supply chains; identification system; information sharing; information technology supply chains; network hardware; network software; plague commonly-used system; repair organizations; tracking system; unrecognized commonalities; Complexity theory; Hardware; Organizations; Security; Software; Supply chains; Testing; IT outsourcing; common points of failure; complexity; computer hardware; computer software; dependencies; risk mitigation; supply chain;
Conference_Titel :
Technologies for Homeland Security (HST), 2010 IEEE International Conference on
Conference_Location :
Waltham, MA
Print_ISBN :
978-1-4244-6047-2
DOI :
10.1109/THS.2010.5654970
