Originally published 10/20/2020 by Intel Tech
Author: Tom Garrison, VP & GM of Client Security Strategy & Initiatives
In my September BLOG Introducing Cyber Security Inside, I discussed the Compute Lifecycle Assurance (CLA) and our new Cyber Security Inside podcast. This month, I want to explore supply chain transparency, why it is important, and how Lenovo is securing their supply chain.
Supply Chain Components
Today’s supply chains are increasingly complex, multi-layered, global, and optimized for speed and cost, and attempts to secure the supply chain have been fragmented and narrow. Moving forward, the industry must work together to advance transparency and integrity across the entire lifecycle of the compute platform. Below are the key features Intel had identified for a transparent supply chain:
- Traceability: System and component level traceability linked to Trusted Platform Module (TPM) on the platform.
- Security: Digitally signed statement of conformance for every platform attesting to authenticity of the platform. Increased integrity and authenticity of the supply chain.
- Accountability: Platform certificates provide digital proof of product origin.
- Assurance: Customers can now inject a higher level of proof compared to the current standard.
Supply Chain Transparency
Intel is partnering with companies like Lenovo to drive supply chain transparency which results in a more secure supply chain for the entire industry. Rebecca Achariyakosol, Lenovo Executive Director and PC Services Global Marketing, is our Cyber Security Inside podcast guest for episode #3 Smarter End-to-End Security: How Lenovo is Securing the Supply Chain. She talks about how the supply chain is an area that has traditionally presented vulnerabilities that could be exploited. The window after devices leave the manufacturer and before they reach the end user creates an opening for someone to more easily tamper with PCs, like removing or replacing components, without being detected. Learn how Lenovo is directly addressing this void in the security chain with two services called Transparent Supply Chain and Trusted Device Setup.
If supply chain transparency is something you want to learn more about, visit our Transparent Supply Chain website where you can find additional resources including two technical whitepapers: Supply Chain Security Solutions from Intel and Lenovo and Taking the Cyber Security Mystery Out of the Supply Chain from Intel and Goldman Sachs.