Cybercheck: you too have supply chain risks!

An app on a smartphone, the use of surveillance cameras, or routers and switches: in recent years, there has been increasing attention to the risks of products and services from countries with offensive cyber programs directed against Dutch interests. Under legislation, some countries can force companies and citizens in their country to cooperate, for example by forcing them to build "digital back doors" into their product or service. This allows countries to gain unauthorized access to (parts of) the technical infrastructure of an organization that uses these products or services. If, for example, this leads to an incident in organizations that support vital processes, it affects not only the organization itself, but possibly also the national security of the Netherlands.

Handle

Identifying and managing supply chain risks is of great importance for the digitally secure functioning of both organizations and Dutch society. The Cybercheck offers tools to identify whether the use of a particular product or service originating from a country with an offensive cyber program may lead to an increased security risk. If that is the case, then the advice is to perform an additional risk analysis. The Cybercheck also provides tools for this analysis. Using this additional risk analysis, organizations can investigate increased security risks resulting from the deployment of a product or service in a more focused manner.

Own responsibility

The Cybercheck is a tool; the guide does not make conclusive statements about whether or not products and services may be deployed. An organization's management is ultimately responsible for making its own decision on whether to deploy the relevant products and services from countries with offensive cyber programs.

Download the handout here.

Source: National Cyber Security Center