Adding an ‘Anti-Counterfeiting Executive Agent’ Fails to Make 2011 Defense Authorization Bill

The headline on last week was that the provision to add a Supply Chain Executive Agent to address counterfeiting was dropped from the Defense Authorization Bill.

This means it is still everyone’s problem . . . and no one person’s.

Continue reading


Sometimes the ‘Good Guys’ Use Malware, Too

This is the first confirmation that the Stuxnet virus completely shut down some nuclear enrichment in Iran.

Continue reading

IEEE Security and Privacy Article: Configuring Secure Processors

At the risk of a bit of ‘vanity blogging’, CPU Tech has just published an article in the IEEE Journal for Security and Privacy. IEEE members can access the article for free, or the abstract and purchase information can be reached at this link.

Continue reading

Intel: Buying their way to Secure

The announcement yesterday that Intel was purchasing security software/hardware/services firm McAfee for $7.68 Billion dollars has certainly changed the security landscape. But was it a surprise? Dark Reading seems to think so: “…[this] took many in the security industry by surprise“.

I sincerely doubt that. In addition to the rumors of HP buyout for sometime (which Dark Reading mentions), there is a certain karmic reliability that ‘a company that lives by acquisition, will die by acquisition’ (pardon my paraphrasing of the Book of Matthew). McAfee’s acquisition list in the last two years included companies like MX Logic, and CEO David DeWalt claimed the company would continue to make 3-4 acquisitions per year for growth into the security sector. 

Continue reading

NIST Starts to Address Supply Chain with NISTIR 7622

Just last week, the National Institute of Standards (NIST) published the first draft of a new guidance on Supply Chain Security for Federal Information Systems. This publication is titled NISTIR 7622: Piloting Supply Chain Risk Management for Federal Information Systems.

Continue reading

‘Widespread Adoption’ is not the same as ‘Standard’ in Chip Security

Security is definitely one of the newest concerns in electronic design and semiconductor manufacturing. The largest monetary incentive to invest in security comes from the threat of counterfeit and faulty components, but there are several incentives that are harder to quantify for businesses.

One vendor of chip security solutions recently made an announcement on an ‘intiative’ to promote hardware security solutions. The ‘Hardware Intrinsic Security’ initiative claims to ‘Establish Credibility, Educate, and Reduce Barriers to Adoption’. After visiting their website, you may need to ask yourself: what are they educating people about exactly? And they plan to reduce barriers to adoption of what exactly?

Continue reading

US To Reformat Export Control for Military Systems

In front of a group of ‘Business Executives for National Security’, Secretary of Defense Robert Gates proposed an overhaul of the US Export Control system currently in place. The reason: as formatted, it doesn’t do much to protect either national security or our technical intellectual property. (Article as reported by

“The United States is thought to have one of the most stringent export regimes in the world, but stringent is not the same as effective,” Gates said.

Continue reading