IT | Supply Chain Security and Compliance for Embedded Devices & IoT

The subject of this article: the scale of our dependency on buried computing assets – both the devices and the code we take for granted – will soon reach new dimensions. Can we keep control?

By Martin Callinan and David Phillips

IT | Supply Chain Security and Compliance for Embedded Devices & IoT

Introduction   

The use of software powered embedded devices is poised for massive growth over the next few years as medical devices, automotive and consumer electronics industries all embrace the Internet of Things (IoT). Not only will the fields embracing IoT be diverse, but also the devices themselves will be diverse, from everyday computers and tablets to sensors, light switches, thermostats and the infrastructure supporting them.   

The IoT industry will rely on software to run a small army of embedded devices. In order for technology companies to meet the demand and pace of development much of the software used will rely on open source technologies, with the final software assembled from an even deeper universe of IoT code libraries and web-based protocols accessing a mesh of fast-evolving resources.   

The subject of this article: the scale of our dependency on buried computing assets – both the devices and the code we take for granted – will soon reach new dimensions. Can we keep control?

New Scope of Security Controls for New IoT Device Capabilities   

The ever-upgrading platforms we know today will manifest in IoT tomorrow as an explosion of software and hardware, many with convoluted intellectual property sources. Each week chip builders announce smarter ways to architect ARM® and other cores, achieving another step change in embedded processor power available to IoT designs. Today’s tiny computer platforms can hold richer and more capable functions than we believe possible with negligible demands on power – they are so small, cheap and reliable, we can forget these assets are even there. Furthermore, just as micro-code in Intel® PC processors updates without our knowledge, the IoT code and functions I use expand silently over my lifetime, evolving as I renew domestic appliances and personal property.   

This poses developers with colossal questions how to protect people, IP rights and data rights for us under in a chaotic ecosystem. More than ever, we need intelligent policies and good practices, so assets are identified and controlled throughout these dynamic infrastructures now proliferating in our homes and lives.

Developing from a Secure Foundation   

When designing a device, it is important to engineer in security and quality controls from the ground up. For technology organisations there will be third party suppliers of hardware and software that will become part of the device shipping to end customers. It is not uncommon for organisations to trust manufacturers to deliver secure technology. However, with the fast pace of developments and the pressure to deliver solutions to market many organisations outsource parts of the manufacturing process to unverified partners and in doing so lose control of product and component assembly.

Agile Design with Multiple Interfaces Is More Vulnerable   

Traditionally computing platforms have been engineered either for relatively closed systems for specific uses, or else for more general use but having network interfaces founded on closely specified hardware and software, tight protocols and with segmented networks enabling security services to operate effectively. We also tend to use them with well-known classes of software applications. Although problems with security vulnerabilities arise, the conditions under which they arise can be readily described (even by relative novices) and clear warnings issued, for example by:-   
  • Warning users of a specific kind of platform; 
  • Naming familiar applications or executable files installed, that may contain the vulnerability;
  • Specifying a network, URL or open port by which threats attack and ultimately compromise the system.  

The fact these are familiar scenarios, or one of a few major classes has worked in our favour to highlight and contain vulnerabilities of classical traditional client computer platform environments.  

However, in the new era of agile device development, IoT devices are generally much more fragmented platform-types that don’t conform to labels we are familiar with.  Their executables and applications are nowhere near as visible and often contain multiple communications interfaces – and these can easily be non-conformant, for example, the growing variety of pseudo-implementations of Bluetooth-like wireless data communications.  

At the outset then, we should recognise that due to the diversity of IoT, without action we will all find describing and sharing the conditions that can lead to a vulnerability to be very much harder.

Grey Market and Counterfeit Embedded Devices   

Taking embedded devices as an example there is a significant grey market for components or complete platforms such as a network device which would have an embedded processor with an operating system most likely based on Linux which can be booted and application’s code then loaded to control the device.  There are numerous risks associated with using grey market components and devices:  
  • Quality and reliability E.g.: http://hackaday.com/2014/10/22/watch-that-windows-update-ftdi-drivers-are-killing-fake-chips/
  • Traceability – markets such as defence and aerospace require traceability of components 
  • Unable to meet requirements for standards such as ISO9001 SAE9120 
  • Malware – what is in embedded code on the devices? What is the provenance of the code?

Governance Framework   

Existing standards do offer many of the elements of governance to assist agile IoT developments. Some examples ready to come to the rescue are the policies, procedures and repeatable process (may of which can be automated) for identification of software found in the ISO/IEC 19770-series of standards.   

It is now much easier to conquer one of the first barriers to effective data for managing complex software assets categories, thanks to public access to an internationally agreed vocabulary, key principles and rich definitions specifically created to help achieve this improvement in control.  

Developer toolkits – even pro-suites – can be weak at managing software and libraries as proper assets, lacking well-formed definitions of key asset properties required for their proper management (standardised licence classifications, entitlements, usage metrics, platform/version IDs). However, many can be configured properly – if we apply these new definitions.  It is then possible to achieve good baseline reports for controlling secure asset use, cut risk and spot unexpected non-compliance. Stakeholders using such reports also talk the same language: so where are the foundation principles for confidently managing our increasingly complex software and platform assets?  

Help is now at hand in Part 5 of the ISO/IEC 19770-series - an internationally agreed industry standard providing clear and common vocabulary and a structured approach for effectively managing IT assets (both software and hardware) and for building trustworthy data for control and showing good governance. (Outside the embedded world this series is already popular with managers, auditors and practitioners seeking to improve CMDBs, CI records and reporting.)

- The new publically available Part 5 vocab is readily available here (by accepting ISO copyright): http://standards.iso.org/ittf/PubliclyAvailableStandards/c068291_ISOIEC_19770-5_2015.zip

This accessible standard offers vocabulary and more to assist in building trustworthy asset management for security, risk reduction, confident licensing or service negotiations and for cutting waste and cost. 

As well as applying these improved definitions and processes, we also need responsible managers making up the chain of governance in IoT. Managers must require controls and conduct verification of these practices within their part of the IoT supply chain. Organisations with such a Management System can benefit from stating their allegiance to a good Standard and by driving good governance from the top down, citing their conformance – starting with regular self-assessment.   

In time, potentially more industry infrastructure may help these good practices to inter-work effectively across the many different components making up our exploding IoT universe.

Supply Chain Governance   

Organisations should look to adopt supply chain security. Every supplier of components (hardware, software or firmware) should have quality assurance over their source and credentials of suppliers.  

A striking driver in the current market is the torrent of ‘Maker’ Kit variants. These offer anyone prototyping embedded controllers – including many quite suited to IoT applications - an increasing choice, ever cheaper as each new feature emerges (Bluetooth LE for example). Kick-starter teams now offer capable sub $9 computer platforms. These initiatives are wonderful for prototyping and a side effect is the aggressive cutting of supply costs of very powerful chips and interface components.

Yet there are a number of areas that can be increasingly overlooked when sourcing components:  
  • At ground-level, smart choices begin with the Embedded/Electronics Hardware Designer.  

Careful choices of components build-in safe electronic components. Confidence in a platform begins at the lowest level - in the support chips – many of which themselves contain intelligent processors and bare-metal code.  Increasingly, embedded designers rely on modules which can include 

1. Network modules 

2. Wireless modules 

3. Single-wire / Near Field Communications modules 

4. Co-Processors and FPGAs 

5. Firmware engineers also choose the embedded processor architecture for IoT devices, and so firmware professionals also have a key role in controlling sourcing of: 
  • Main processor 
  • Security feature sets (such as secure boot capability)
  • Embedded Architectures and their associated reference designs.  

The latter often come with technology guarantees which can be a good sign of assurance. For example, more and more processor architectures experience end of life each year, whereas others such as Freescale (now NXP) offer certain architectures with come with many years of guarantee and designers can use this to judge whether they will offer greater confidence of support as reliable IoT solutions.   
  • Supply Chain Officers – purchasing staff will need to aware of the risks of these new classes of module, system-on-chip and powerful component so they can apply rules and corresponding procedures for appropriate sourcing controls and batch identifications 
  • Production/Inventory Controllers – will need to implement controlled MRP systems that make use of batch data through manufacturing, support traceability and retain identities. 
  • Inspection and Testing Offices – will need to apply centralised data to their test procedures 
  • Embedded Firmware Programmers – will need to have checks and balances on versions of code, components of code, libraries and software and ensure similar traceability of version, recognising these may not correspond with manufactured PCB revisions.


Supply Chain Risk

Responsible suppliers of embedded into professional/industrial IoT are now offering a Production Readiness service – this can help convert such fast prototype kit designs into reliable platforms that are proven for volume deployment.   

For a handy checklist, try the 9 success factors for reliable production of embedded, as suggested by UK’s BitBox Ltd, whose platforms cover many M2M and private-cloud IoT, some protecting >100,000 nodes: http://www.bitbox.co.uk/design-services/arduino-volume-electronics-production

Open Source Software Policy   

Most companies Open Source Software in their in-house or third party sourced do not have a fully defined open source software policy or a cohesive view of what should be in an open source software policy.   

Without a clearly defined policy companies will leave themselves exposed to risks such as security, licence compliance or operational risk.   

It is not a straightforward task creating a policy and it is not a one off task but rather that something that is always evolving to reflect developments in the open source software industry.

The high level steps to creating a policy are:  

1. Identify key stakeholders 
  • Developers 
  • DevOps 
  • Legal 
  • Human resources Management: 
  • CTO, CIO, CEO…. 
  • Software architects 
  • Security CISO, CSO

2. Elect and executive sponsor 

3. Secure stakeholders buy in 

4. Define the company's strategy 
  • Reduce IT costs
  • Leverage open source communities for skills and faster development 
  • Contribute back to open source communities 

5. Risk management 
  • Security 
  • Licence compliance 
  • Operational risk 

6. Scope 
  • What is covered? 
  • Who is covered?

7. Open source software approval process 

8. Audits of source code and processes 

9. Source code maintenance and related service level agreements 

10. Create a draft policy 

11. Get widespread review and acceptance, starting with your stakeholders 

12. Validate 

13. Communication plan 

14. Maintain and evolve  

The open source software policy should be a positive contribution to the organisation and employees should want to be engaged with the policy rather than the process being viewed as placing an unnecessary burden on an individual’s job role due to lack of understanding behind the project.

Open Source Software Development   

Open source software is now broadly used in the development of software applications. The ability to re-use components of code already created allows development teams to create more code, with more functionality, faster. It also promotes the adoption of standards and makes applications more interoperable.   

Although open source software components typically require no licensing fee, it does come at a cost. This cost is uncertainty – or perceived uncertainty in many cases. That is, uncertainty of the ownership structure, of the licensing terms, of the stability of the code. Most software developers will be meticulous about what components they use from the perspective of functionality as they want to build code that works.   

However, those open source software components could have inherent business risks associated with them which should not be solely down to individual developers to be responsible for. Those risks are
  • Legal risk/licence IP compliance – Open source software components licence analysis discovers legal obligations as well as potential intellectual property (IP) risks. 
  • Security vulnerabilities - Uncovers security vulnerabilities contained within Open Source components. 
  • Operational risk - Ensuring Open source software components meet required technical and architectural standards. 
  • Community support – Is there a sustainable community support open source components

Organisations in house developing should have open source software policies that govern how developers use open source software components. One way to address the code risk is a source code review or audit prior to releasing an application. However, there is an increased difficulty and cost applying fixes to deployed embedded devices as are found in IoT devices.   

It is imperative risk monitoring of components is undertaken all the way through the software development cycle. The earlier issues and vulnerabilities are located, the less impact it will have on development and the cost overhead of managing risks as a whole and ultimately on meeting business deadlines. Equate finding licensing irregularities, problematic IP, or potential security vulnerabilities in a software application to finding a bug in a software application. The earlier it is discovered the less expensive and impactful it is to correct.   

An efficient process would include pro-active source code monitoring. This will lead to a more continuous compliance model. In this model there is monitoring of open source software components throughout the development cycle. 

The first stage would be to implement software component package pre-approval which if implemented well should head off issues from a risky component being integrated in an application. This is where a developer must have approval from a designated manager to use a third party open source component in their code.   As stated earlier there would need to be a policy guiding the manager in their decision to accept or reject the request. Typical information that would enable a decision to be made would be

1. Project & package information 
  • Project name, URL, licence, author(s), type, exportability, etc. 

2. Usage model 
  • Distribution model Binary, source, hosted, internal only, etc. 
3. Types of derivatives 
  • Modified, linked, loosely coupled 

4. Organisation specific information 
  • Business unit Business justification 

5. Support and maintenance 
  • What is the community behind the component 
  • How many commits have there been recently

Conclusion   

IoT is about seamless experience of the benefits of connecting the information in our daily lives. This necessarily leads to an IoT comprised varied and powerful hardware and code that should flow in our homes and lives without the end-user worrying about software discovery or identification or control… Yet these controls will necessarily become more challenging due to the diverse nature of IoT elements and the very nature of IoT data interactions.   Also, the very promise of IoT is that we enjoy these benefits without users needing to stop to inspect this maze of technology, register sources or credentials. Indeed, it will not be as easy for us to spot or intervene against vulnerabilities. So we will be much more reliant on others and on new kinds of controls and the good standards, policies, process, procedure and proven methods covered above.   

We must conclude, with IoT bringing fresh asset management challenges there is a pressing need to apply these good controls from the ground up and a tangible value add for both industry and users. Fortunately, we do have at the ready extensive toolkits, resources and valuable proven methods as we’ve shown. Many are quite suited to be reapplied to the new world of IoT and achieve for us all a high level of confidence in end-to-end security and compliance.   

If we draw on these lessons our IoT, even with all its fluid new embedded ecosystems, can bring within it the effective controls needed for well-protected interactions and trustworthy operation.

About the Author:


David Phillips - BSI Panel Chair – IST15/09 – International Standards for IT Asset Management.

_____________________________________________________________________

This work is originally published at Linkedin Pulse under the Creative Commons Attribution-ShareAlike 4.0 International License. To view a copy of this license, visit http://creativecommons.org/licenses/by-sa/4.0/ or send a letter to Creative Commons, PO Box 1866, Mountain View, CA 94042, USA.
Name

-51,1,3D Technology,2,5G,9,Abkhazia,2,Academics,10,Accidents,20,Activism,1,Adani Group,4,ADB,12,ADIZ,1,Adults,1,Advertising,31,Advisory,2,Aerial Reconnaissance,13,Aerial Warfare,35,Aerospace,5,Afghanistan,88,Africa,111,Agile Methodology,2,Agriculture,20,AI Policy,1,Air Crash,10,Air Defence Identification Zone,1,Air Defense,6,Air Force,29,Air Pollution,1,Airbus,5,Aircraft Carriers,5,Aircraft Systems,5,Al Nusra,1,Al Qaida,4,Al Shabab,1,Alaska,1,ALBA,1,Albania,2,Algeria,3,Alibaba,1,American History,4,AmritaJash,10,Antarctic,1,Antarctica,1,Anthropology,7,Anti Narcotics,12,Anti Tank,1,Anti-Corruption,4,Anti-dumping,1,Anti-Piracy,2,Anti-Submarine,1,Anti-Terrorism Legislation,1,Antitrust,2,APEC,1,Apple,2,Applied Sciences,2,AQAP,2,Arab League,3,Architecture,2,Arctic,6,Argentina,7,Armenia,30,Army,3,Art,3,Artificial Intelligence,81,Artillery,2,Arunachal Pradesh,2,ASEAN,12,Asia,70,Asia Pacific,23,Assassination,2,Asset Management,1,Astrophysics,2,ATGM,1,Atmospheric Science,1,Atomic.Atom,1,Augmented Reality,7,Australia,56,Austria,1,Automation,13,Automotive,129,Autonomous Flight,2,Autonomous Vehicle,3,Aviation,63,AWACS,2,Awards,17,Azerbaijan,16,Azeri,1,B2B,1,Bahrain,9,Balance of Payments,2,Balance of Trade,3,Balkan,10,Balochistan,2,Baltic,3,Baluchistan,8,Bangladesh,28,Banking,52,Bankruptcy,2,Basel,1,Bashar Al Asad,1,Battery Technology,2,Bay of Bengal,5,BBC,2,Beijing,1,Belarus,3,Belgium,1,Belt Road Initiative,3,Beto O'Rourke,1,BFSI,1,Bhutan,13,Big Data,30,Big Tech,1,Bilateral Cooperation,19,BIMSTEC,1,Biography,1,Biotechnology,3,Birth,1,BISA,1,Bitcoin,9,Black Lives Matter,1,Black Money,3,Black Sea,2,Blockchain,32,Blood Diamonds,1,Bloomberg,1,Boeing,21,Boko Haram,7,Bolivia,6,Bomb,3,Bond Market,2,Book,11,Book Review,24,Border Conflicts,11,Border Control and Surveillance,7,Bosnia,1,Brand Management,14,Brazil,104,Brexit,22,BRI,5,BRICS,20,British,3,Broadcasting,16,Brunei,3,Brussels,1,Buddhism,1,Budget,4,Build Back Better,1,Bulgaria,1,Burma,2,Business & Economy,1191,C-UAS,1,California,5,Call for Proposals,1,Cambodia,7,Cameroon,1,Canada,54,Canadian Security Intelligence Service (CSIS),1,Carbon Economy,9,CAREC,1,Caribbean,9,CARICOM,1,Caspian Sea,2,Catalan,3,Catholic Church,1,Caucasus,9,CBRN,1,Cement,1,Central African Republic,1,Central Asia,81,Central Asian,3,Central Eastern Europe,47,Certification,1,Chad,2,Chanakya,1,Charity,2,Chatbots,2,Chemicals,7,Child Labor,1,Child Marriage,1,Children,4,Chile,10,China,575,Christianity,1,CIA,1,CIS,5,Citizenship,2,Civil Engineering,2,Civil Liberties,5,Civil Rights,2,Civil Society,5,Civil Unrest,1,Civilization,1,Clean Energy,5,Climate,66,Climate Change,22,Climate Finance,2,Clinical Research,3,Clinton,1,Cloud Computing,44,Coal,6,Coast Guard,3,Cocoa,1,Cognitive Computing,12,Cold War,5,Colombia,15,Commodities,4,Communication,11,Communism,3,Compliance,1,Computers,40,Computing,1,Conferences,1,Conflict,106,Conflict Diamonds,1,Conflict Resolution,48,Conflict Resources,1,Congo,1,Construction,5,Consumer Behavior,4,Consumer Price Index,4,COP26,4,COP28,1,Copper,2,Coronavirus,107,Corporate Communication,1,Corporate Governance,4,Corporate Social Responsibility,4,Corruption,4,Costa Rica,2,Counter Intelligence,15,Counter Terrorism,81,COVID,9,COVID Vaccine,6,CPEC,8,CPG,3,Credit,2,Credit Rating,1,Credit Score,1,Crimea,4,CRM,1,Croatia,2,Crypto Currency,16,Cryptography,1,CSTO,1,Cuba,7,Culture,5,Currency,8,Customer Relationship Management,1,Cyber Attack,7,Cyber Crime,2,Cyber Security & Warfare,115,Cybernetics,5,Cyberwarfare,16,Cyclone,1,Cyprus,5,Czech Republic,3,DACA,1,DARPA,3,Data,9,Data Analytics,36,Data Center,2,Data Science,2,Database,3,Daughter.Leslee,1,Davos,1,DEA,1,DeBeers,1,Debt,12,Decision Support System,5,Defense,12,Defense Deals,8,Deforestation,2,Deloitte,1,Democracy,21,Democrats,2,Demographic Studies,1,Demonetization,6,Denmark. F-35,1,Denuclearization,1,Diamonds,1,Digital,39,Digital Currency,1,Digital Economy,10,Digital Marketing,6,Digital Transformation,11,Diplomacy,14,Diplomatic Row,2,Disaster Management,4,Disinformation,2,Diversity & Inclusion,1,Djibouti,2,Documentary,3,Doklam,2,Dokolam,1,Dominica,2,Donald Trump,46,Donetsk,2,Dossier,2,Drones,14,E-Government,2,E-International Relations,1,Earning Reports,3,Earth Science,1,Earthquake,7,East Africa,2,East China Sea,9,eBook,1,ECB,1,eCommerce,11,Econometrics,2,Economic Justice,1,Economics,43,Economy,107,ECOWAS,2,Ecuador,3,Edge Computing,2,Editor's Opinion,49,Education,65,EFTA,1,Egypt,27,Election Disinformation,1,Elections,40,Electric Vehicle,14,Electricity,7,Electronics,8,Emerging Markets,1,Employment,19,Energy,316,Energy Policy,28,Energy Politics,27,Engineering,24,England,2,Enterprise Software Solutions,8,Entrepreneurship,15,Environment,47,ePayments,13,Epidemic,6,ESA,1,Ethiopia,3,Eulogy,4,Eurasia,3,Euro,6,Europe,13,European Union,229,EuroZone,5,Exchange-traded Funds,1,Exclusive,2,Exhibitions,2,Explosives,1,Export Import,6,F-35,6,Facebook,9,Fake News,3,Fallen,1,FARC,2,Farnborough. United Kingdom,2,FATF,1,FDI,5,Featured,1350,Federal Reserve,2,Fidel Castro,1,FIFA World Cup,1,Fiji,1,Finance,18,Financial Markets,58,Financial Planning,1,Financial Statement,2,Finland,5,Fintech,14,Fiscal Policy,14,Fishery,3,Five Eyes,1,Food Security,27,Forces,1,Forecasting,2,Foreign Policy,13,Forex,4,France,33,Free Market,1,Free Syrian Army,4,Free Trade Agreement,1,Freedom,3,Freedom of Press,1,Freedom of Speech,2,Frigate,1,FTC,1,Fujairah,97,Fund Management,1,Funding,22,Future,1,G20,10,G24,1,G7,4,Gaddafi,1,Gambia,2,Gaming,1,Garissa Attack,1,Gas Price,23,GATT,1,Gaza,13,GCC,11,GDP,13,GDPR,1,Gender Studies,2,Geneal Management,1,General Management,1,Generative AI,7,Genetics,1,Geo Politics,105,Geography,2,Geoint,14,Geopolitics,8,Georgia,11,Georgian,1,geospatial,9,Geothermal,2,Germany,67,Ghana,3,Gibratar,1,Gig economy,1,Global Perception,1,Global Trade,95,Global Warming,1,Global Water Crisis,11,Globalization,3,Gold,2,Google,20,Gorkhaland,1,Government,128,Government Analytics,1,GPS,1,Greater Asia,169,Greece,13,Green Bonds,1,Green Energy,3,Greenland,1,Gross Domestic Product,1,GST,1,Gujarat,6,Gulf of Tonkin,1,Gun Control,4,Hacking,4,Haiti,2,Hamas,10,Hasan,1,Health,8,Healthcare,72,Heatwave,1,Helicopter,12,Heliport,1,Hezbollah,3,High Altitude Warfare,1,High Speed Railway System,1,Hillary 2016,1,Hillary Clinton,1,Himalaya,1,Hinduism,2,Hindutva,4,History,10,Home Security,1,Honduras,2,Hong Kong,7,Horn of Africa,5,Housing,16,Houthi,12,Howitzer,1,Human Development,32,Human Resource Management,5,Human Rights,6,Humanitarian,3,Hungary,3,Hunger,3,Hydrocarbon,3,Hydrogen,4,IAEA,2,ICBM,1,Iceland,2,ICO,1,Identification,2,IDF,1,Imaging,2,IMEEC,2,IMF,76,Immigration,19,Impeachment,1,Imran Khan,1,Independent Media,72,India,653,India's,1,Indian Air Force,19,Indian Army,7,Indian Nationalism,1,Indian Navy,27,Indian Ocean,24,Indices,1,Indigenous rights,1,Indo-Pacific,4,Indonesia,19,IndraStra,1,Industrial Accidents,3,Industrial Automation,2,Industrial Safety,4,Inflation,10,Infographic,1,Information Leaks,1,Infrastructure,3,Innovations,22,Insider Trading,1,Insurance,3,Intellectual Property,3,Intelligence,5,Intelligence Analysis,8,Interest Rate,3,International Business,13,International Law,11,International Relations,9,Internet,53,Internet of Things,34,Interview,8,Intra-Government,5,Investigative Journalism,4,Investment,32,Investor Relations,1,iPhone,1,IPO,4,Iran,202,Iraq,54,IRGC,1,Iron & Steel,4,ISAF,1,ISIL,9,ISIS,33,Islam,12,Islamic Banking,1,Islamic State,86,Israel,142,ISRO,1,IT ITeS,136,Italy,10,Ivory Coast,1,Jabhat al-Nusra,1,Jack Ma,1,Jamaica,3,Japan,88,JASDF,1,Jihad,1,JMSDF,1,Joe Biden,6,Joint Strike Fighter,5,Jordan,7,Journalism,6,Judicial,4,Justice System,3,Kanchin,1,Kashmir,8,Kaspersky,1,Kazakhstan,25,Kenya,5,Khalistan,2,Kiev,1,Kindle,700,Knowledge Management,4,Korean Conflict,1,Kosovo,2,Kubernetes,1,Kurdistan,8,Kurds,10,Kuwait,7,Kyrgyzstan,9,Labor Laws,10,Labor Market,4,Land Reforms,3,Land Warfare,21,Languages,1,Laos,2,Large language models,1,Laser Defense Systems,1,Latin America,80,Law,6,Leadership,3,Lebanon,10,Legal,11,LGBTQ,2,Li Keqiang,1,Liberalism,1,Library Science,1,Libya,14,Liechtenstein,1,Lifestyle,1,Light Battle Tank,1,Linkedin,1,Littoral Warfare,2,Livelihood,3,Loans,9,Lockdown,1,Lone Wolf Attacks,2,Lugansk,2,Macedonia,1,Machine Learning,7,Madagascar,1,Mahmoud,1,Main Battle Tank,3,Malaysia,12,Maldives,13,Mali,7,Malware,2,Management Consulting,6,Manpower,1,Manto,1,Manufacturing,15,Marijuana,1,Marine Engineering,3,Maritime,50,Market Research,2,Marketing,38,Mars,2,Martech,10,Mass Media,29,Mass Shooting,1,Material Science,2,Mauritania,1,Mauritius,2,MDGs,1,Mechatronics,2,Media War,1,MediaWiki,1,Medicare,1,Mediterranean,12,MENA,6,Mental Health,4,Mercosur,2,Mergers and Acquisitions,18,Meta,2,Metadata,2,Metals,3,Mexico,13,Micro-finance,4,Microsoft,12,Migration,19,Mike Pence,1,Military,110,Military Exercise,10,Military-Industrial Complex,3,Mining,15,Missile Launching Facilities,6,Missile Systems,56,Mobile Apps,3,Mobile Communications,11,Mobility,4,Modi,8,Moldova,1,Monaco,1,Monetary Policy,6,Money Market,2,Mongolia,11,Monkeypox,1,Monsoon,1,Montreux Convention,1,Moon,4,Morocco,2,Morsi,1,Mortgage,3,Moscow,2,Motivation,1,Mozambique,1,Mubarak,1,Multilateralism,2,Mumbai,1,Muslim Brotherhood,2,Mutual Funds,1,Myanmar,30,NAFTA,3,NAM,2,Namibia,1,Nanotechnology,4,Narendra Modi,2,NASA,13,National Identification Card,1,National Security,5,Nationalism,2,NATO,33,Natural Disasters,14,Natural Gas,33,Natural Language Processing,1,Nauru,1,Naval Base,5,Naval Engineering,23,Naval Intelligence,2,Naval Postgraduate School,2,Naval Warfare,50,Navigation,2,Navy,23,NBC Warfare,2,NDC,1,Nearshoring,1,Negotiations,2,Nepal,12,Netflix,1,Neurosciences,7,New Delhi,4,New Normal,1,New York,5,New Zealand,7,News,1244,News Publishers,1,Newspaper,1,NFT,1,NGO,1,Nicaragua,1,Niger,3,Nigeria,10,Nikki Haley,1,Nirbhaya,1,Non Aligned Movement,1,Non Government Organization,4,Nonproliferation,2,North Africa,23,North America,53,North Korea,58,Norway,5,NSA,1,NSG,2,Nuclear,41,Nuclear Agreement,32,Nuclear Doctrine,2,Nuclear Energy,4,Nuclear Fussion,1,Nuclear Propulsion,2,Nuclear Security,47,Nuclear Submarine,1,NYSE,1,Obama,3,ObamaCare,2,OBOR,15,Ocean Engineering,1,Oceania,2,OECD,5,OFID,5,Oil & Gas,382,Oil Gas,7,Oil Price,73,Olympics,2,Oman,25,Omicron,1,Oncology,1,Online Education,5,Online Reputation Management,1,OPEC,129,Open Access,1,Open Journal Systems,1,Open Letter,1,Open Source,4,OpenAI,2,Operation Unified Protector,1,Operational Research,4,Opinion,685,Opinon Poll,1,Optical Communications,1,Pacific,5,Pakistan,181,Pakistan Air Force,3,Pakistan Army,1,Pakistan Navy,3,Palestine,24,Palm Oil,1,Pandemic,84,Papal,1,Paper,3,Papers,110,Papua New Guinea,2,Paracels,1,Partition,1,Partnership,1,Party Congress,1,Passport,1,Patents,2,PATRIOT Act,1,Peace Deal,6,Peacekeeping Mission,1,Pension,1,People Management,1,Persian Gulf,19,Peru,5,Petrochemicals,1,Petroleum,19,Pharmaceuticals,14,Philippines,17,Philosophy,2,Photos,3,Physics,1,Pipelines,5,PLA,2,PLAN,4,Plastic Industry,2,Poland,8,Polar,1,Policing,1,Policy,8,Policy Brief,6,Political Studies,1,Politics,52,Polynesia,3,Pope,1,Population,6,Portugal,1,Poverty,8,Power Transmission,6,President APJ Abdul Kalam,2,Presidential Election,30,Press Release,158,Prison System,1,Privacy,18,Private Equity,2,Private Military Contractors,2,Privatization,1,Programming,1,Project Management,4,Propaganda,5,Protests,11,Psychology,3,Public Policy,55,Public Relations,1,Public Safety,7,Publications,1,Publishing,7,Purchasing Managers' Index,1,Putin,7,Q&A,1,Qatar,114,QC/QA,1,Qods Force,1,Quad,1,Quantum Computing,3,Quantum Physics,4,Quarter Results,2,Racial Justice,2,RADAR,2,Rahul Guhathakurta,4,Railway,9,Raj,1,Ranking,4,Rape,1,RBI,1,RCEP,2,Real Estate,6,Recall,4,Recession,2,Red Sea,4,Referendum,5,Reforms,18,Refugee,23,Regional,4,Regulations,2,Rehabilitation,1,Religion & Spirituality,9,Renewable,17,Report,4,Reports,46,Repository,1,Republicans,3,Rescue Operation,1,Research,5,Research and Development,24,Restructuring,1,Retail,36,Revenue Management,1,Rice,1,Risk Management,5,Robotics,8,Rohingya,5,Romania,2,Royal Canadian Air Force,1,Rupee,1,Russia,310,Russian Navy,5,Saab,1,Saadat,1,SAARC,6,Safety,1,SAFTA,1,SAM,2,Samoa,1,Sanctions,5,SAR,1,SAT,1,Satellite,14,Saudi Arabia,129,Scandinavia,6,Science & Technology,392,Science Fiction,1,SCO,5,Scotland,6,Scud Missile,1,Sea Lanes of Communications,4,SEBI,3,Securities,2,Security,6,Semiconductor,18,Senate,4,Senegal,1,SEO,5,Serbia,4,Services Sector,1,Seychelles,2,SEZ,1,Shadow Bank,1,Shale Gas,4,Shanghai,1,Sharjah,12,Shia,6,Shinzo Abe,1,Shipping,9,Shutdown,2,Siachen,1,Sierra Leone,1,Signal Intelligence,1,Sikkim,5,Silicon Valley,1,Silk Route,6,Simulations,2,Sinai,1,Singapore,16,Situational Awareness,20,Small Modular Nuclear Reactors,1,Smart Cities,7,Social Media,1,Social Media Intelligence,40,Social Policy,40,Social Science,1,Social Security,1,Socialism,1,Soft Power,1,Software,7,Solar Energy,14,Somalia,5,South Africa,20,South America,46,South Asia,467,South China Sea,35,South East Asia,74,South Korea,57,South Sudan,4,Sovereign Wealth Funds,1,Soviet,2,Soviet Union,9,Space,46,Space Station,2,Spain,9,Special Forces,1,Sports,3,Sports Diplomacy,1,Spratlys,1,Sri Lanka,23,Stablecoin,1,Stamps,1,Startups,43,State of the Union,1,STEM,1,Stephen Harper,1,Stock Markets,23,Storm,2,Strategy Games,5,Strike,1,Sub-Sahara,3,Submarine,16,Sudan,5,Sunni,6,Super computing,1,Supply Chain Management,47,Surveillance,13,Survey,5,Sustainable Development,18,Swami Vivekananda,1,Sweden,4,Switzerland,6,Syria,112,Taiwan,30,Tajikistan,12,Taliban,17,Tamar Gas Fields,1,Tamil,1,Tanzania,4,Tariff,4,Tata,3,Taxation,25,Tech Fest,1,Technology,13,Tel-Aviv,1,Telecom,24,Telematics,1,Territorial Disputes,1,Terrorism,77,Testing,2,Texas,3,Thailand,11,The Middle East,648,Think Tank,316,Tibet,3,TikTok,1,Tobacco,1,Tonga,1,Total Quality Management,2,Town Planning,2,TPP,2,Trade Agreements,14,Trade War,10,Trademarks,1,Trainging and Development,1,Transcaucasus,19,Transcript,4,Transpacific,2,Transportation,47,Travel and Tourism,13,Tsar,1,Tunisia,7,Turkey,74,Turkmenistan,10,U.S. Air Force,3,U.S. Dollar,2,UAE,139,UAV,23,UCAV,1,Udwains,1,Uganda,1,Ukraine,109,Ukraine War,21,Ummah,1,UNCLOS,7,Unemployment,1,UNESCO,1,UNHCR,1,UNIDO,2,United Kingdom,82,United Nations,28,United States,750,University and Colleges,4,Uranium,2,Urban Planning,10,US Army,12,US Army Aviation,1,US Congress,1,US FDA,1,US Navy,18,US Postal Service,1,US Senate,1,US Space Force,2,USA,16,USAF,21,USV,1,UUV,1,Uyghur,3,Uzbekistan,13,Valuation,1,Vatican,3,Vedant,1,Venezuela,19,Venture Capital,4,Vibrant Gujarat,1,Victim,1,Videogames,1,Vietnam,24,Virtual Reality,7,Vision 2030,1,VPN,1,Wahhabism,3,War,1,War Games,1,Warfare,1,Water,17,Water Politics,7,Weapons,11,Wearable,2,Weather,2,Webinar,1,WeChat,1,WEF,3,Welfare,1,West,2,West Africa,19,West Bengal,2,Western Sahara,2,White House,1,Whitepaper,2,WHO,3,Wholesale Price Index,1,Wikileaks,1,Wikipedia,2,Wildfire,1,Wildlife,3,Wind Energy,1,Windows,1,Wireless Security,1,Wisconsin,1,Women,10,Women's Right,11,Workers Union,1,Workshop,1,World Bank,34,World Economy,32,World Peace,10,World War I,1,World War II,3,WTO,6,Wyoming,1,Xi Jinping,9,Xinjiang,2,Yemen,27,Yevgeny Prigozhin,1,Zbigniew Brzezinski,1,Zimbabwe,2,
ltr
item
IndraStra Global: IT | Supply Chain Security and Compliance for Embedded Devices & IoT
IT | Supply Chain Security and Compliance for Embedded Devices & IoT
The subject of this article: the scale of our dependency on buried computing assets – both the devices and the code we take for granted – will soon reach new dimensions. Can we keep control?
https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjCDmB1Y8jo5BM2S3gZWYDm57mUa4Z-SsfswZFz2Bp_F5QCdBudgliWK9F9F9dDA8Ijpt_DYX4GY_QJmnJtt55uYwYkw4MYysMVDH7Qb0QqV-Ayny3KMBUjOl8C4LOxJSxRJ3URI0QBmRgr/s640/4324416999_1a685b93c4_b.jpg
https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjCDmB1Y8jo5BM2S3gZWYDm57mUa4Z-SsfswZFz2Bp_F5QCdBudgliWK9F9F9dDA8Ijpt_DYX4GY_QJmnJtt55uYwYkw4MYysMVDH7Qb0QqV-Ayny3KMBUjOl8C4LOxJSxRJ3URI0QBmRgr/s72-c/4324416999_1a685b93c4_b.jpg
IndraStra Global
https://www.indrastra.com/2016/06/IT-Supply-Chain-Security-and-Compliance-for-Embedded-Devices-IoT-002-06-2016-0041.html
https://www.indrastra.com/
https://www.indrastra.com/
https://www.indrastra.com/2016/06/IT-Supply-Chain-Security-and-Compliance-for-Embedded-Devices-IoT-002-06-2016-0041.html
true
1461303524738926686
UTF-8
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS PREMIUM CONTENT IS LOCKED STEP 1: Share to a social network STEP 2: Click the link on your social network Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy Table of Content