The 2020 SolarWinds hack was a turning point in the cybersecurity world. While software supply chain attacks have occurred in the past with varying degrees of severity and scope, this most recent incident has been highly visible and wide-ranging. The attack impacted government agencies, high profile companies, hospitals, universities, and private corporations, with hackers gaining access to over 20,000 clients. The extent of the damage is still not entirely known, and cleanup is projected to cost as much as $100 billion. The attack laid bare the vulnerability of software supply chains and clearly demonstrated the urgency of securing them.
As part of a response to this insidious threat, BlackBerry and Deloitte have announced a joint project to assist original equipment manufacturers (OEMs) and mission-critical applications developers with securing their Internet of Things (IoT) software supply chains.
In an effort to protect clients in the medical, automotive, and aerospace industries, Deloitte plans to make use of Blackberry’s industry-leading software analysis tool BlackBerry Jarvis to provide analysis of Open-source Software, Common Vulnerabilities and Exposures, and Software Bill of Materials on clients’ behalf.
BlackBerry Jarvis is designed to assist OEMs in inspecting the provenance of their software code, as well as every software asset that enters their supply chains, to ensure products are secure and kept up to date with recent security patches. The platform works to rapidly identify and provide actionable insights in a fraction of the time and cost it would take for humans to manually review source code. The joint software and services project has already been selected by a G7 Transportation Ministry to review and secure its traffic management and transportation infrastructure.
“Deloitte is very excited to partner with BlackBerry. Our already productive relationship will focus on key mobility and other market opportunities. We’re confident that BlackBerry’s deep security heritage and expertise complimented by Deloitte’s world leading Risk Advisory teams will create a compelling value proposition for new and existing clients,” said Deloitte’s director of IoT and cyber solutions, Stephen Meagher.
With the need to scrutinize and secure software supply chains being of critical importance, and the stakes growing ever higher, the new offering comes at a crucial time for businesses determined to strengthen their cybersecurity posture and offer their customers greater protection.