Why The Supermicro Hack Matters Even If It’s Not 100% True
Let us get started by emphatically stating that we believe the core tenants of the Bloomberg article about Chinese spying via Supermicro boards (https://bloom.bg/2OCRfgO). Chinese State level “hacking” via supply chain infiltration is not only fact, it is a fact wildly understated even in the shadow of the Supermicro news. Our collective Triton Cyber team has spent decades serving in various Intelligence Community roles both combating similar activities against US companies and perpetrating operations against adversaries.
Business leaders need to accept the reality that today’s intellectual property is always at risk. Taking a long-term view of their cyber security and supply chains will enable them to secure their most valuable assets – intellectual property. It is arrogant and insulting to the savviness of our economic adversaries to think they are NOT undertaking aggressive cyber activities to compete with US businesses. Whether Apple and Amazon were directly informed, confirmed infected, or wholly unaware, is almost entirely irrelevant to the real lesson here. China has natural access to global technologies via their dominant role as low-cost producer of inputs and finished goods. They sit in a picture-perfect position to infiltrate the supply chain via domestically produced products and achieve information dominance.
Companies continue to make supply chain decisions based almost entirely on cost per unit metrics without taking the strategic view that sourcing affects risk and risks lead to breaches.
While still employed in the Intelligence Community we used to try and convince US businesses to take the long-term view of their intellectual property and structure their security and supply chains accordingly. Despite ironclad proof that this was occurring (https://on.mktw.net/2yaOgCH) myopic revenue-based decisions persisted. Unfortunately, the “long-term” view is now upon us and companies find themselves reaping the cyber threats they sowed via vendor decisions a decade ago.
Liberty offers Secure Vendor ProgramTM (SVPTM), designed to provide enterprises with a critical understanding of the mappable network footprint, vulnerabilities and threat posture of vendors, suppliers, and other critical dependencies. SVP delivers to customers a deeper awareness of threats that are inherited as the result of normal business-to-business relationships. This valuable intelligence can be used as negotiation collateral over potentially vulnerable partners that can obligate better security, enhance contractual agreements, and improve negotiation strategies, saving on expensive cost centers.
Liberty Advisor Group is a mission-focused advisory and strategic consulting firm. We partner with our clients to solve their most complex business issues and improve enterprise value. Our experienced team has a proven track record in Business and Technology Transformation, Data Analytics, Business Threat Intelligence, and Mergers and Acquisitions. We offer original thinking combined with factual data to develop comprehensive, situation-specific solutions that work. With straight talk and proven results, we accelerate growth, drive efficiency and reduce risks. We are experienced. We are doers. We are Battle-Tested.