I've been thinking lately about how collaboration can work for the IT industry as we strive to address security. Cisco's supply chain security capability focuses on three key exposures: taint, counterfeit and misuse of intellectual property.
Specifically, I've been thinking about how we might detect and mitigate against counterfeit ASICs. I have a hunch that working with the semiconductor industry, we can achieve this goal.
Below is a short video I recorded recently on the topic.
If we could ensure that all electronic chips have unique identities (as many of our semiconductor partners already have in place), we can surely leverage them to tackle counterfeit. Together, we could create an electronic chip ID registry, which OEMs like Cisco -who use those chips, could access. The ID information could be controlled with role-based access and OEMs could then begin to create a methodology to determine if an ASIC is genuine or not.
We could do this at the time of acquisition of the ASIC, before it's been put on a printed circuit board. In this way, we'll have stopped counterfeit early on in the manufacturing supply chain for hardware devices. Another way that this approach is helpful is that after the fact, we will have a list of which ID was used. When equipment comes back from service or is upgraded, we can detect electronic chip ID aberrations.
This can only happen if we all collaborate. So, I'd like to challenge all of us in the industry to come together in partnership to think about security. The supply chain is an ecosystem, and together we can succeed for our collective customers. Cisco is leading the way in terms of how we can serve our customers and our partners in the supply chain to achieve this critical goal, and I hope you'll join us.
I wrote about this topic in more depth in a recent article forSC Magazine, which you can read here. Are you ready to band together for better supply chain security? Please share your thoughts in the comment section below.