Our next RAD Lab talk is on 11th June 4-5pm in Neil MacCormick Room Old College, University of Edinburgh from Mattis van ‘t Schip, Radboud University
Title: Supply Chain Cybersecurity and the Law — Tackling the Modern Trojan Horse
Abstract: In this presentation, I would like to give you an overview of my ongoing PhD project on supply chain cybersecurity and the IoT in the context of EU privacy and cybersecurity regulation. In the past few years, cybersecurity experts have identified a new phenomenon: supply chain cybersecurity attacks. In these attacks, threat actors exploit systems so that they can subsequently infiltrate a much larger target. Several pieces of open-source software have seen contributors work for many years to gain trust which they then violate by implementing backdoors in the software. In a way, these supply chain attacks are a modern Trojan horse. This threat is amplified by the supply chain of modern digital products, which can consist of thousands of hardware and software suppliers.
EU legislators have also identified this threat and have started to respond. Recent legislation includes supply chain cybersecurity requirements for entities operating in critical sectors (e.g., hospitals) and financial entities. Is this approach sufficient, and, if not, how should (European) regulation respond?
