In the US, the Department of Defense has designated April “Supply Chain Integrity Month”. Hopefully not just on April 1st….
https://www.us-cert.gov/ncas/current-activity/2019/04/01/Supply-Chain-Integrity-Month
Here’s their intro text:
Breaches in the supply chain provide an opportunity for malicious software or hardware to be installed on equipment. Lack of awareness or validation of the legitimacy of hardware and software presents a serious risk to users’ information and the overall integrity of a network environment.
Here’s my UPDATED version of their intro text:
Breaches in the supply chain provide an opportunity for malicious software, firmware, or hardware to be installed on equipment. Lack of awareness or validation of the legitimacy of hardware, firmware, and software presents a serious risk to users’ information and the overall integrity of a network environment.
After reading about half of the documents on their Supply Chain Threats site, I gave up looking for any references to firmware …they all refer to Hardware and Software. 😦
https://www.dni.gov/index.php/ncsc-what-we-do/ncsc-supply-chain-threats