Microsoft, Intel and Goldman Sachs Team Up For New Supply Chain Security Initiative

Microsoft has teamed up with Intel and Goldman Sachs to push for hardware security improvements that could help to mitigate supply chain risks.

Working under the auspices of the non-profit Trusted Computing Group (TCG), the companies have created a new Supply Chain Security work group which will aim to bring in experts from across the tech sphere.

The TCG argued that malicious and counterfeit hardware is particularly difficult to detect as most organizations don’t have the tools or in-house knowledge to do so.

With that in mind, the group will focus on two key areas: 

1) Provisioning to ensure devices can be trusted at every step of the supply chain.

2) Helping companies to recover in the event of an attack.

This is TCG’s sweet spot as it has in the past been instrumental in developing global standards for a hardware-based root of trust.

“For nearly 20 years, TCG has guided the industry in adopting technologies that enable secure computing, with specifications for IoT and embedded systems, PCs and servers, mobile, and storage,” argued Dennis Mattoon, co-chair of the work group and principal software development engineer at Microsoft.

“The supply chain is the one thing that spans all of these verticals and experts from TCG work groups are now coming together to create industry-wide guidance that seeks to make the supply chain more secure.”

A new report published by Acronis yesterday claimed that 53% of global organizations have a false sense of security when it comes to supply chain attacks and trust manufacturers and software providers when they perhaps shouldn’t.

A separate report from BlueVoyant last week claimed that 93% of global firms had suffered a supply chain-related breach over the past year. Furthermore, it said the average number of breaches increased 37% from 2020 to 2021.

Worryingly, the number who admitted they have no way of knowing if an incident has occurred in their supply chain rose from 31% to 38% over the period.

What’s Hot on Infosecurity Magazine?