Cyber Threats and Nuclear Weapons by Lin Herbert;
Author:Lin, Herbert;
Language: eng
Format: epub
Publisher: Stanford University Press
Published: 2021-08-15T00:00:00+00:00
Alas, neither of these approaches is fully adequate. A large, well-known company could be under the control (either overt or covert) of the government to which the company is accountable by law, and might introduce compromises in the products it delivers due to government compulsion. Passing tests is a necessary but not sufficient condition to declare a component secure. Testing generally cannot demonstrate the presence of unwanted (and hostile) functionality in a component, although it may be able to provide evidence that the component does in fact perform as it is supposed to perform. For example, a component may always perform as it should except when one of the inputs is a particular sequence of digits; upon receiving that sequence, the component can (deliberately) perform some unexpected and hostile action.
Perhaps one could inspect the inner mechanisms of a supplied component (e.g., reading the human-understandable software source code supplied) before integrating it into a finished system. But that would require access to source code, which a supplier may well resist for fear of divulging valuable intellectual property. Moreover, inspection and review can take substantial amounts of time, and waiting for inspection to be completed can unduly affect a schedule. Also, what if the component is a fix to a security problem? In that case, a delay can leave a system more vulnerable.
Many methods have been developed (and some deployed) to mitigate the effects of possible supply-chain attacks. Nevertheless, cyber risk associated with such attacks cannot be avoided entirely.
1. Sources: Fred Schneider and Justin Sherman, âBases for Trust in a Supply Chain,â Lawfare, February 1, 2021, www.lawfareblog.com/bases-trust-supply-chain; National Research Council (NRC), Toward a Safer and More Secure Cyberspace, ed. Seymour Goodman and Herbert Lin (Washington, DC: National Academies Press, 2007), 103â4, doi.org/10.17226/11925; NRC, At the Nexus of Cybersecurity and Public Policy: Some Basic Concepts and Issues, ed. David Clark, Thomas Berson, and Herbert Lin (Washington, DC: National Academies Press, 2014), 112â13, doi.org/10.17226/18749.
Download
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.
| Automotive | Engineering |
| Transportation |
Whiskies Galore by Ian Buxton(41341)
Introduction to Aircraft Design (Cambridge Aerospace Series) by John P. Fielding(32730)
Small Unmanned Fixed-wing Aircraft Design by Andrew J. Keane Andras Sobester James P. Scanlan & András Sóbester & James P. Scanlan(32417)
Craft Beer for the Homebrewer by Michael Agnew(17773)
Turbulence by E. J. Noyes(7512)
The Complete Stick Figure Physics Tutorials by Allen Sarah(6966)
Kaplan MCAT General Chemistry Review by Kaplan(6404)
The Thirst by Nesbo Jo(6251)
Bad Blood by John Carreyrou(6120)
Modelling of Convective Heat and Mass Transfer in Rotating Flows by Igor V. Shevchuk(6079)
Learning SQL by Alan Beaulieu(5868)
Weapons of Math Destruction by Cathy O'Neil(5595)
Man-made Catastrophes and Risk Information Concealment by Dmitry Chernov & Didier Sornette(5395)
Digital Minimalism by Cal Newport;(5166)
Life 3.0: Being Human in the Age of Artificial Intelligence by Tegmark Max(5016)
iGen by Jean M. Twenge(5002)
Design of Trajectory Optimization Approach for Space Maneuver Vehicle Skip Entry Problems by Runqi Chai & Al Savvaris & Antonios Tsourdos & Senchun Chai(4700)
Secrets of Antigravity Propulsion: Tesla, UFOs, and Classified Aerospace Technology by Ph.D. Paul A. Laviolette(4600)
Electronic Devices & Circuits by Jacob Millman & Christos C. Halkias(4533)
