Washington (AP) – The US government is working to address vulnerabilities in the supply chain, an issue that came to the fore late last year after suspected Russian hackers broke into federal agencies and private corporations to hide the widely used malicious code. in the software.
The National Center for Counterintelligence warned on Thursday that foreign hackers were increasingly targeting sellers, suppliers working with the government to compromise their products in an attempt to steal intellectual property and spy. The NCSC said it was working with other agencies, including the Cyber Security Infrastructure Security Agency, to raise awareness of supply chain issues.
April marks what the government describes as the fourth annual month of supply chain integrity. This year’s event comes as federal officials deal with the aftermath of the SolarWinds crackdown in which hackers dismantled the software supply chain. At least nine federal agencies have been hacked, including dozens of private sector companies.
The NCSC said it plans to provide guidance throughout the month on how they can protect themselves in certain areas, such as health and energy.
“If the Covid-19 epidemic and the resulting shortage of products were not sufficiently alarming, the latest software supply chain attacks on US industry and government should serve as a wake-up call,” said NCSC Acting Director Michael Orlando. “We need to increase the stability, diversity and security of our supply chains. The vitality of our nation depends on it. “
Officials from Orlando, the United Kingdom, Canada and Australia will take part in a discussion next week on protecting Harvard University’s international supply chain.
The large number of steps in the supply chain process allows hackers to penetrate businesses, agencies, infrastructure, multiple access points, and does not mean that no company or CEO is responsible for protecting the entire industrial supply chain.
One of the most well-known intrusions into the supply chain before SolarWinds is the NotPetya attack, in which a malicious code detected by Russian military hackers was discovered through an automatic update of Ukrainian tax preparation software called MeDoc.
Follow Eric Tucker on Twitter at http://www.twitter.com/etuckerAP.