On this episode of What Lies Beneath?, we talk with Trey Herr, & Stewart Scott, co-authors of the recent Atlantic Council report, “Breaking Trust: Shades of Crisis Across an Insecure Software Supply Chain.” 

For too long, when people have talked about supply chain security, it’s been all focused on the physical hardware. Where is the physical box? What chips make up that box? Who built it? Where does it live? But the digital supply chain is something that needs to be paid attention to. 

Attacks against the digital supply chain can impact nearly any company, but the defense organizations are particularly susceptible to these kinds of attacks. But why is that? Is it similar to the reasons we see for other kinds of supply chain attacks? 

Trey & Stewart spend the better part of this episode talking us through their report, and highlighting, among other things: 

-Why digital supply chain security is so crucial

-Why defense organizations are especially vulnerable to these attacks

-Untrusted technology, specifically in the 5g space

-Why you can't talk about 5g security without accounting for software security

You can access the Atlantic Council paper here!