Annual Computer Security Applications Conference (ACSAC) 2013

Full Program »

Detecting and Reporting Counterfeit and Tainted Products

The US Department of Homeland Security Office of Cyber Security and Communications program for Software and Supply Chain Assurance (SSCA) leads and enables public-private collaboration efforts focused on advancing Information and Communications Technology (ICT) supply chain resilience and software security and resilience. Techniques employed include enhanced processes and diagnostics for detecting, analyzing, reporting, and mitigating risks attributable to counterfeits, defects, and tainted components that could contain exploitable constructs, such as malware, exploitable weaknesses and vulnerabilities. The US Government and industry partners are working toward solutions to reduce the risk of counterfeit and tainted ICT components. Departments and agencies (D/As) rely on the functionality of its ICT to accomplish their missions, and businesses rely on the demand for genuine non-tainted ICT for profitability. Numerous efforts are underway to prevent, test, identify, and track counterfeit ICT and tainted products. This case study presents some of the leading counterfeit studies, approaches, reporting, and information gathering activities across government and industry. Some D/As have helped to frame the problem, while other D/As and standards bodies have proposed methods to prevent and respond. Some industry organizations have developed advanced detection techniques while others facilitate awareness through data collection and alerts. Though not an exhaustive list, the activities explored in this case study demonstrate the breadth of anti-counterfeiting and supply chain risk management efforts taking place as well as the need to share data and lessons learned.

Author(s):

Joe Jarzombek    

 

Powered by OpenConf®
Copyright©2002-2014 Zakon Group LLC