By Sanjeev Relia, Senior Research Fellow
India is extremely vulnerable to ‘Supply Chain Attacks’. And when a technology giant like Apple gets involved in introducing trapdoors in their hardware, how will we ever cope with this clandestine method of cyber-attacks. Unless a nation has facilities of test labs where such equipment and the software can be checked for spyware, a supply chain malware can never be detected. Countries like India where most of the public as well military hardware and software is ex import, we will remain vulnerable to supply chain attacks. Although National Cyber Security Policy 2013 does talk of undertaking R&D programs by the government for addressing all aspects including development of trustworthy systems, their testing, development and maintenance throughout their life cycle,it is still a farfetched dream.
The UPA government did announce setting up of two fabs where critical electronic components would be manufactured. Even when both these fabs are fully functional, it is unlikely that we will ever be able to sanitize hundred percent hardware and software being used in the country. Hence we will remain vulnerable to supply chain attacks and therefore need to be extra cautious against them. The government needs to work out a comprehensive policy on how to counter this threat.
Read more on what Apple is being accused of: http://www.independent.co.uk/life-style/gadgets-and-tech/apple-has-installed-security-backdoors-on-600-million-ios-devices-claims-security-researcher-9620480.html