Scott Shackelford, Indiana University – Guarding Against the Possible Security Vulnerabilities in our Devices

How do we protect supply chains with many hands in the pie?

Scott Shackelford, assistant professor of business law and ethics at Indiana University, looks into the security technology behind Bitcoin for advice.

Scott J. Shackelford is an associate professor at the Indiana University Kelley School of Business, where he teaches cybersecurity law and policy, sustainability, and international business law. He is a Research Fellow at the Harvard Kennedy School’s Belfer Program on Science and International Affairs, and Director of the Ostrom Workshop Program on Cybersecurity and Internet Governance at Indiana University. He is also an Affiliate Scholar with Stanford’s Center for Internet and Society, a Senior Fellow at the Center for Applied Cybersecurity Research, and a Term Member at the Council on Foreign Relations. Professor Shackelford has written more than 100 books, articles, and essays for diverse outlets including the American Business Law Journal, University of Illinois Law Review, and the Wisconsin Law Review, which have been covered by National Public Radio, The Atlantic Wire, Politico, and Newsweek. He is also the author of Managing Cyber Attacks in International Law, Business, and Relations: In Search of Cyber Peace (Cambridge University Press, 2014), and has written op-eds for the Christian Science Monitor, Huffington Post, San Francisco Chronicle, and the Washington Times. Both Professor Shackelford’s academic work and teaching have been recognized with numerous awards, including a Hoover Institution National Fellowship, a Notre Dame Institute for Advanced Study Distinguished Fellowship, the 2014 Indiana University Outstanding Junior Faculty Award, and the 2015 Elinor Ostrom Award. Professor Shackelford has presented his research on cybersecurity at diverse forums including universities such as Harvard, Notre Dame, the University of Michigan, University of Texas-Austin, and Stanford, as well as for the Prime Minister and Cabinet Office of the Government of Australia, NATO, and the Harvard Business Review.

Guarding Against the Possible Security Vulnerabilities in our Devices

The hardware at the heart of our devices is flawed.

For too long, too few technology companies have taken proper precautions to protect their supply chains. Products can and have been altered either in the factory and in transit. Compromised circuits leave physical trapdoors, but as with code, most experts cannot easily detect flaws in a computer chip; that’s right, you might never know that your smartphone has been turned into a handy surveillance device.

Supply chains are notoriously tough to secure since so many are global, and complex—Apple’s iPhone, for example, involves hundreds of suppliers from around the world.

Threats in supply chains range from malicious—a 2012 Microsoft report found malware being installed in PCs at factories in China— to benevolent but dangerous flaws resulting from conflicting commercial incentives, such as Lenovo’s 2015 installation of advertising software that weakened system security.

And as the Internet of Everything expands, the problem will likely only get worse.

There is no simple way to overcome this challenge. But one option that has been getting a fair amount of attention lately is by deploying the technological flavor of the month that powers Bitcoin—called blockchain—to better manage supply threats.

Blockchains, which are distributed online ledgers, offer at least three key advantages over existing corporate data processing systems: security, transparency and automation. Still, not even blockchains are completely immune to hacking. But their deployment would still be a major improvement over today’s methods and practices.

For the rest of us, remember to keep your software updated, and be sure enable two-factor authentication for all your accounts. Be proactive, be smart, and beware the ghosts lurking in our machines. Together, we can build a foundation for promoting cyber peace in the burgeoning Internet of Everything.