Protecting your Cyber Assets
Foreign – Cyber Risk
One of the biggest sources of cyber risk is foreign-made computer components with digital assets. It makes it easier to launch cyber attacks on U.S. companies and consumers, and this threat is not easy to detect. For example, the
Stuxnet that crippled the Iranian nuclear plant was planted in a digital system with programmable logic control. The number of components with integrated and programmable chips is staggering. These components are a source of serious trapdoors and cyber security risks. Perhaps one way to reduce this risk is for NIST to put out specific controls required for a given class or type of component, and for DHS to require importers to do risk assessment before putting the component into distribution or production. For example, any device with built-in digital component should be subject to importer certification with regard to cyber security assessment. In principle this would be same as doing compliance risk assessment like NERC CIP Compliance Management or NEI 08-09, CFATS or PCI assessment but a much more limited and focused assessment. Vendors like Wiznucleus already provide tools for cyber security assessment.