This session will focus on how trust chaining can provide assurance in a multi-supplier environment. It will cover what a vendor should require of its suppliers. It will also outline what an asset owner should require from the vendor, and how an asset owner can verify the trustworthiness the vendor claims.
Global supply chains have complicated supply chain assurance. With numerous subsystem suppliers of chips, memory, boards, and software, ensuring the integrity of the system can be difficult. How is a vendor and asset owner to know if what they purchased is authentic? Does it include counterfeit hardware? Have special bits been added by a nation state or other highly skilled and well funded adversary to have the ability to attack the system at a time of their choosing?