Dell scare highlights deficiency in cyber supply chain management

Dell’s recent warning to customers about the possibility of malicious software on some of its server motherboards highlights an important but unknown concept called cyber supply chain assurance according to Jon Olstik, writing in Network World. 

Dell recently warned customers that "a small number" of its PowerEdge R410 server motherboards may contain malicious software. "The potential issue involves a small number of PowerEdge server motherboards sent out through service dispatches that may contain malware," according to post on a Dell software forum. "This malware code has been detected on the embedded server management firmware."

Ostik maintains that outside of the defence community, cyber supply chain risk management is nearly invisible. “Servers, software, and other IT equipment is made up of millions of lines of code, a potpourri of components, and hundreds or even thousands of specialized electronic gear. If any one of these elements is compromised, we could have a ticking time bomb. Malware on a server motherboard is just the beginning,” he states.

Read more here