How Effective Is Critical Technology Supply Chain Principles By Australian Government

BACKGROUND:

The Australian Government has released the Critical Technology Supply Chain Principles this week and below is the reactive commentary from information security experts.

Experts Comments

November 16, 2021
Reinhart Hansen
Asia Pacific and Japan CTO
Imperva

In the US, the National Institute of Standards and Technology (NIST) has recognised that many security controls fail to address the challenge of mitigating software supply chain attacks. It determined that only runtime protection prevents these stealthy attacks and recommends Runtime Application Self-Protection (RASP) as a control to respond to emerging threats from the software supply chain. If the Australia Government wants to further mitigate supply chain risk it should consider adding RASP

.....Read More

In the US, the National Institute of Standards and Technology (NIST) has recognised that many security controls fail to address the challenge of mitigating software supply chain attacks. It determined that only runtime protection prevents these stealthy attacks and recommends Runtime Application Self-Protection (RASP) as a control to respond to emerging threats from the software supply chain. If the Australia Government wants to further mitigate supply chain risk it should consider adding RASP as a control in existing advice issued by the ACSC such as the Information Security Manual (ISM), the Cyber Supply Chain Risk Management Framework, or the Essential Eight.

 

  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.