Cyber Supply Chain Security
Introducing compromised devices into an otherwise well secured network is simply setting up a breach from the inside out.
The Cyber Supply Chain includes those integrated set of components (hardware, firmware, software, and processes) that comprise an information or communications system, including the environments in which it is developed or manufactured, tested, deployed, maintained, and retired/decommissioned.
Activities that introduce Cyber Supply Chain risk include insertion of counterfeit components, tampering or altering components, insertion of malicious software, as well as risky system or software development practices. Such risks may lead to information or system compromise.
We offer two services to help resolve this issue:
BorderHawk has developed an Information Risk evaluation process of Information Communication Technology (ICT) vendors or suppliers. Our assessment process forms a meaningful way to establish confidence that an ICT supplier is responsive to your information security requirements. Where there is moderate, low, or no confidence that a supplier is delivering a product that will introduce an unacceptable information risk to the acquirer, that product should always be tested for information risk.
Forensic Assessment & Computer Equipment Testing “FACET”
The FACET process stresses product authenticity, supply chain accountability, and device integrity.
Sampling techniques are used to determine a reasonable testing pool of devices or systems destined for integration into a client’s environment. At the conclusion of testing, or upon discovery of critical situations, findings are reported directly to the client’s cybersecurity or project management teams as desired. Where test findings reveal vulnerabilities that may be immediately remedied by manufacturer’s actions, the BorderHawk FACET Team may work directly with the manufacturer’s engineering staff for mitigation solutions (but only with client’s prior agreement).
Contracting Officer’s Technical Representative (COTR)
Advise, assist, or manage Third-Party Vendor security requirements; Assess contractor fulfilment of contractual security requirements; Assist in Request for Proposal (RFP) or Information (RFI) document development; Assist in product or service requirements and selection for mitigation or remediation efforts
Outsourcing Options: Virtual CISO, Staff Augmentation
Virtually all information security related regulations require a dedicated individual to provide management oversight for the organization’s Information Security Program. For small to mid-size organizations, this can be a contentious and expensive proposition.
BorderHawk has solved that problem. Currently, we provide several organizations with senior information security leadership experts. Our Virtual CISO’s have years of experience assessing, analyzing, designing, and managing information security programs —especially in critical infrastructure environments. Based on the findings of your company’s most recent “gap analysis”, your BorderHawk consultant will set about building a security framework, or updating and maintaining your current program. This will assure a sustainable cyber security program. The BorderHawk team will facilitate efforts to identify appropriate information governance, necessary security awareness training, and architecture best practices. In addition, we research, develop, and implement charters, plans, policies, and procedures necessary to assure success.
BorderHawk’s Virtual CISO’s are involved in both full-time and part-time engagements. We recognize that each client has different needs. We are ready and able to create and/or manage a robust information security program. We reach agreement on the level of support required based on the needs of our clients. Our interaction always is very personal but sometimes entirely remote, based on the specific type of support required. With other clients, our Virtual CISO’s go onsite as needed and in some instances that may be one day a week or more — whatever our clients need.
BorderHawk can provide dedicated security professionals to serve as an acting cybersecurity team or to augment your existing team with specific skills in the following areas:
- Program Development: Provide guidance on creating a robust security program
- Program Governance: Write or assist in writing/updating program charters, policies, procedures, guidelines, project plans, job descriptions
- Technical Security Professional’s Training: Deliver technical employee education and coaching
- Controls Development: Design/facilitate security controls for People, Process, and Technology
- Contracting Officer’s Technical Representative: assist or manage a security-related contractor; assist in development of request for proposals/information and remediation product/service selection
Developing a trusted relationship with a technical expert in Computer Security – Information Security – Cyber Security is imperative for today’s attorney. More and more cases hinge on facts involving people, processes, and technology used to process, store, or transmit information. Choices made early in case development are crucial, we want you to be aware of every aspect of the technical facts surrounding your case.
- Pre-Litigation Consultation
- Independent Second Opinions
- Expert Testimony