Supply-chain security and resilience is one of the biggest issues facing the tech sector
- Published: Tuesday, 23 June 2020 12:15
Supply-chain security and resilience is currently a huge emerging issue for the tech sector and securing corporate supply chains should be the number one priority for CISOs over the next 12 months. This finding emerged from a Resilience First expert briefing on how the Internet has been the backbone of business response to the impact of COVID-19.
Leading industry experts from Intel UK, Nominet, Cyber Rescue, and ISPA UK discussed a number of issues facing the tech sector and concluded that, with Internet capacity holding up well under the surge of demand, the biggest issue facing business is how to secure supply chains that are increasingly both extended and critical.
Andrew Glover, Chair, Internet Services Providers' Association (ISPA UK)said: “Early media stories that the Internet would not cope proved wide of the mark. Traffic has been doubling year on year anyway. Daytime usage has surged but the overall traffic has not been outside of expectations and we still have plenty of capacity headroom. Networks are still below peak demand seen during large video game releases and remote working generally uses less data-heavy activities like email and video conferencing.”
“In terms of supply-chain resilience, you probably need more than one source of whatever is your most critical dependency. For many people that is Internet access. 5G will provide more reliable and faster connectivity to enable us to do more exciting things. Excluding anyone from a supply chain is going to disrupt that supply chain.”
“More regulation is likely from government to ensure that companies are securing their own supply chains, but best practice rather than regulation is the answer.”
Cath Goulding, Chief Information Security Officer, Nominet UK said: “During this crisis we have seen an increase in phishing using COVID-19 and related terms as triggers in emails. We have been working closely with law enforcement and have seen a 30 percent increase in the suspension of domain names linked to such activity. We have also seen an increase in fraudulent regulated goods such as PPE being advertised over the web. MHRA have asked us to take down several domain names which are not in fact regulated by them.”
“Supply-chain security is the most important consideration for CISOs. A really good exercise for any business is to identify your critical suppliers, like power and telecoms and look at whether you are comfortable with the contractual controls in place. Even the US military are said to only be able to identify the top three of seven layers of their supply chain.”
Kevin Duffey, Managing Director, Cyber Rescue said: “There has been a wave of cyber-attacks during COVID-19, against firms already stressed by lockdown. So, companies must verify that their suppliers are still maintaining essential cyber controls. Much of this verification can and must be automated, because hackers are so quick to target vulnerable suppliers and then exploit the data belonging to all of their customers.”
Adrian Criddle, General Manager and Vice President, Intel UK said: “When Covid19 came around and everyone started working from home we saw incredible demand for hardware like Christmas and Black Friday combined. The tech industry has come together collaboratively to find solutions to the problems we have faced to ensure communications are maintained.”
“The UK has already done a lot in terms of supply-chain resilience in preparation for Brexit. We have learnt during the pandemic that we need to look after our people, our customers and our communities and how we do that has changed during lockdown.”
Robert Hall, Executive Director, Resilience First said: “COVID-19 has raised a number of significant issues for the technology sector, of which supply chain security and resilience is one of the most important.”
“Serious questions have also arisen over the actions of China in the pandemic and this has generated implications for the role of Huawei in 5G. The potential is huge for 5G, but the security and political factors are currently pulling in different directions. The Huawei issue is big enough in itself but COVID-19 has also raised wider questions.”