The August ISSA membership meeting is sponsored by Beyond Identity
Topic: Supply Chain Security: Preventing Second Hand or Counterfeit Computing Device Components
Increasingly, large enterprise customers are requiring Original Design Manufacturers (ODMs) and/or Original Equipment Manufacturers (OEM) to show demonstrable proof that they have a secure supply chain. These manufacturers must prove, through controlled, documented, and audited means, that their supply chain ecosystem is secure throughout the product development lifecycle (pre-manufacturing through product end-of-life.) This legitimate concern is based on the growing threat posed by second hand or counterfeit computing device components. Disruptions in supply chains and the possible introduction of counterfeit components can increase risks to the proper functioning and overall reliability of electronic devices. Even worse, such contaminated platforms may include malware that could potentially lead to data theft or other types of system compromise. To prevent this, organizations should only partner with technology vendors that provide verifiable proof that their products are free of second hand or counterfeit components. To do so, a manufacturer should be able to trace serial numbers or similar identifiers that are stamped or embedded on hardware during downstream manufacturing. For software components, these manufacturers should work with their software vendors to ensure that only accurate, non-counterfeit software is ever installed on their products.
Speaker: Kevin McPeak, Deputy Director within the Lenovo Chief Security Office
Kevin McPeak, CISSP, ITILv3 is a Deputy Director within the Lenovo Chief Security Office. Kevin is a technical SME for endpoint management, endpoint security, data loss prevention, encryption, mobile device app management, secure mobile content delivery, and new defensive technologies. Kevin has two Masters of Science degrees, with one being earned at Johns Hopkins University and the other being earned at Virginia Tech. He is a part-time PhD candidate at Virginia Tech’s northern Virginia extension campus and is completing his dissertation. Kevin previously worked for Symantec Corporation where he was their Public Sector Principal Cybersecurity Architect. Prior to Symantec, Kevin worked as an on-site contractor (CACI, Lockheed Martin, and AlphaInsight) where he conducted cybersecurity work across numerous Federal Government agencies. Additionally, Kevin is a US Army veteran of both Operation Enduring Freedom (2003) and Operation Iraqi Freedom (2010 – 2011).