McAfee urges rethink on supply chain security

McAfee has urged businesses to pay close attention to protecting supply chains from attack, and to plan ahead for outages and infections.

Dennis Omanoff, senior vice president of worldwide supply chain, manufacturing and facilities at McAfee, warned in a blog post that companies must remain wary of attacks on the supply chain and partner facilities.

"Concerns continue to rise about the 'injection of viruses' into high-tech hardware products during their journey from manufacturing sources to customer delivery, especially to government agencies," he said.

"More than natural disasters, financial instability or political upheavals, what keeps me up at night is the fear that the bad guys are injecting stuff into products that can disrupt, bring down or steal confidential information from networks."

Omanoff noted that an increase in attacks targeted at industrial systems and embedded devices has raised the risk that manufacturing facilities and other supply chain links could be infected.

Security researchers have shown that many vital devices, such as programmable logic controllers, can easily be compromised in targeted attacks. The discovery of the Stuxnet and Duqu malware infections suggests that industrial systems are already being targeted in the wild.

Omanoff explained that McAfee requires its supply chain partners to install security measures such as intrusion and data loss prevention tools, and malware scanning.

"Compromising a company's intellectual property can jeopardise a competitive advantage, cut into market share and even endanger customer reputations, not to mention the vulnerabilities to top secret government information," he said.

"The sharing of data from McAfee to our suppliers is important for new product development, continuous improvement of our product, elimination of customer issues and the ongoing growth of product lines."