SUPPLY CHAIN
Securing the supply chain: building trust through trusted
Dr Jae Son D
computing standards By Thorsten Stremlau, Trusted Computing Group (TCG)
ue to the ongoing digitalisation of many key industries, the electronics supply chain has quickly become the backbone of modern technology. However, it’s for this exact reason that supply chains fi nd themselves increasingly under threat from cyberattacks.
From counterfeit components to a vast array of cyberattacks, if vulnerabilities are found within the supply chain, it can have serious consequences for industries and consumers alike. In fact, by the end of 2025, 45 per cent of organisations worldwide will have experienced at least one attack on their software supply chain.
Overcoming growing threats Malicious actors are now attempting to exploit the vulnerabilities often found within global supply chains, targeting the devices found at the different levels. For example, tampered fi rmware in industrial equipment can disrupt operations, potentially resulting in faulty products and an unsafe workplace for employees. Any injuries or product recalls resulting from these attacks could quickly cost businesses thousands of dollars. Similarly, Internet of Things (IoT) devices – which form the cornerstone of today’s smart technologies – have increasingly been used as entry points for attacks: in 2024, security researchers uncovered an unpatched vulnerability in AVTECH IP cameras, which resulted in an attack campaign to combine the devices into a single botnet. Successfully exploiting the devices, which are common across the commercial, fi nancial, healthcare and transportation sectors, would give attackers the ability to inject and execute commands as the owner of their running processes, and spread a Mirai botnet variant to target systems.
Establishing trust in devices If businesses are to trust the devices and technologies within their respective supply chains, then they need to look at the latest internationally-recognised standards and specifi cations available. Only then can vulnerabilities begin to be mitigated, and potential risks reduced.
Standards which place the concept of
trusted computing at their core, such as those developed by the Trusted Computing Group (TCG), provide a strong hardware foundation required to secure devices effectively. Hardware Roots-of-Trust (RoT) ensure that critical or sensitive data such as cryptographic keys and digital certifi cates will remain protected. As such, businesses have the tools required to attest and confi rm a device is what it presents itself as when it enters a network. By also verifying the authenticity of fi rmware updates and guard against malicious code, enabling organisations to maintain device trust even in the most complex supply chains. Other standards, such as the Device Identity Composition Engine (DICE), can also enhance security by generating unique cryptographic identities for devices. This ensures that components can be authenticated and traced, minimising the risk of counterfeit products being deployed within a supply chain.
Greater cyber resilience against attacks
A truly comprehensive approach must now go beyond solely protection to include detection, attestation and recovery. All of these elements are critical when ensuring systems can not only withstand an attack, but also recover effectively should a breach occur. In these instances, trusted computing solutions, once adopted, can enable the rapid identifi cation of anomalies and facilitate a swift recovery. For example, the use of unique device identifi ers can help pinpoint specifi c vulnerabilities within a supply chain and allow organisations to re- key compromised devices and contain the impact of breaches.
The sheer scale and diversity of today’s IoT ecosystems presents unique challenges when it comes to implementing adequate cyber resilience within networks. As highlighted in recent case studies like Microsoft’s ‘The Lazarus Effect’, manual intervention for recovery purposes is often impractical due to the volume and inaccessibility of devices, compromised or not.
However, automated recovery
mechanisms, such as those outlined in the Cyber Resilient Module and Building Block Requirements (CyRes) specifi cation can simplify the process - by defi ning essential building blocks, CyRes ensures that devices can recover to a trusted state without requiring manual intervention, even in resource-constrained environments.
Taking a proactive approach to supply chain security
Embedding cyber resilience as a core principle within supply chains helps organisations to address evolving threats proactively. Practices such as regular fi rmware integrity checks, adherence to security standards and continuous monitoring are essential to maintaining a robust defence. Moreover, the integration of recovery-focused technologies, like those described in CyRes, also provides the ability to safeguard critical infrastructure and maintain operational continuity in the face of sophisticated attacks.
Supply chain security must now be at the top of the agenda for businesses, regardless of the industries they operate in. It only takes one attack to compromise a wide range of businesses, so the onus is on those within a change to make sure everyone is following the gold standard for device and network security.
The adoption of trusted computing standards is essential for protecting key assets and safeguarding the customers linked to businesses throughout supply chains. embracing the concepts of trust and resilience, all industries can thrive in the face of future threats and challenges.
DECEMBER/JANUARY 2026 | ELECTRONICS FOR ENGINEERS 27
Page 1 |
Page 2 |
Page 3 |
Page 4 |
Page 5 |
Page 6 |
Page 7 |
Page 8 |
Page 9 |
Page 10 |
Page 11 |
Page 12 |
Page 13 |
Page 14 |
Page 15 |
Page 16 |
Page 17 |
Page 18 |
Page 19 |
Page 20 |
Page 21 |
Page 22 |
Page 23 |
Page 24 |
Page 25 |
Page 26 |
Page 27 |
Page 28 |
Page 29 |
Page 30 |
Page 31 |
Page 32 |
Page 33 |
Page 34 |
Page 35 |
Page 36 |
Page 37 |
Page 38 |
Page 39 |
Page 40 |
Page 41 |
Page 42
