Episode 14:

Breaking Trust: Shades of Crisis Across an Insecure Software Supply Chain w/ Trey Herr, & Stewart Scott

On this episode of What Lies Beneath?, we talk with Trey Herr, & Stewart Scott, co-authors of the recent Atlantic Council report, “Breaking Trust: Shades of Crisis Across an Insecure Software Supply Chain.” 

For too long, when people have talked about supply chain security, it’s been all focused on the physical hardware. Where is the physical box? What chips make up that box? Who built it? Where does it live? But the digital supply chain is something that needs to be paid attention to. 

Attacks against the digital supply chain can impact nearly any company, but the defense organizations are particularly susceptible to these kinds of attacks. But why is that? Is it similar to the reasons we see for other kinds of supply chain attacks? 

Trey & Stewart spend the better part of this episode talking us through their report, and highlighting, among other things: 

  • Why digital supply chain security is so crucial
  • Why defense organizations are especially vulnerable to these attacks
  • Untrusted technology, specifically in the 5G space
  • Why you can’t talk about 5G security without accounting for software security

You can access the Atlantic Council paper here!

Listen & Subscribe!

To learn more, check out the podcast above, or on Stitcher, Apple Podcasts, Google Play, Spotify, or wherever you listen to podcasts. If you like what you hear, please rate and review the show, or share it with a friend! New episodes air every other Tuesday.

To learn more about how Interos can help you with Section 889 Part B compliance, visit Interos.ai.


Guest Bio

Dr. Andrea Little Limbago: Andrea Little Limbago is a computational social scientist specializing in the intersection of technology, national security, and society. As the Vice President of Research and Analysis at Interos, Andrea leads the company’s research and analytic work regarding global supply chain risk with a focus on governance, cyber, economic, and geopolitical factors. She also oversees community engagement and research partnerships with universities and think tanks and is a frequent contributor to program committees and mentorship and career coaching programs. She has presented extensively at a range of academic, government, and industry conferences such as RSA, SOCOM’s Global Synch, BSidesLV, SXSW, and Enigma. Her writing has been featured in numerous outlets, including Politico, the Hill, Business Insider, War on the Rocks, and Forbes. Andrea is also a Senior Fellow and Program Director for the Cyber and Emerging Technologies Law and Policy Program at the National Security Institute at George Mason and a Fellow at the Atlantic Council’s GeoTech Center. She is an industry advisory board member for the data science program at George Washington University, and is a board member for the Washington, DC chapter of Women in Security and Privacy (WISP). She previously was the Chief Social Scientist at Virtru and Endgame. Prior to that, Andrea taught in academia and was a technical lead at the Joint Warfare Analysis Center, where she earned the Command’s top award for technical excellence. Andrea earned a PhD in Political Science from the University of Colorado at Boulder and a BA from Bowdoin College

Dr. Trey Herr: Dr. Trey Herr is the Director of the Cyber Statecraft Initiative under the Scowcroft Center for Strategy and Security at the Atlantic Council. His team works on the role of the technology industry in geopolitics, cyber conflict, the security of the internet, cyber safety, and growing a more capable cybersecurity policy workforce. Previously, he was a Senior Security Strategist with Microsoft handling cloud computing and supply chain security policy as well as a fellow with the Belfer Cybersecurity Project at Harvard Kennedy School and a non-resident fellow with the Hoover Institution at Stanford University. He holds a PhD in Political Science and BS in Musical Theatre and Political Science.

Stewart Scott: Stewart Scott is a program assistant with the Atlantic Council’s GeoTech Center. In this role, he manages a wide range of projects at the intersection of emerging technologies and dynamic geopolitical landscapes. He also conducts research and provides written analysis for publication on Atlantic Council platforms and works on joint projects with other centers in the Atlantic Council.

Stewart earned his B.A. from Princeton University at the School of Public and International Affairs along with a minor in Computer Science. His course of study centered on misinformation, social media policy, online extremism, journalism, and American political and economic history. He joined the Atlantic Council after interning with its Cyber Statecraft Initiative in the Scowcroft Center for Strategy and Security.