The attack by Chinese spies reached almost 30 U.S. companies, including Amazon and Apple, by compromising America’s technology supply chain, according to extensive interviews with government and corporate sources.
The Bloomberg report — detailing a potentially catastrophic infiltration of global supply chains — hit the security world with a big bang.
Amazon and Apple strongly denounced Bloomberg’s reporting.
Amazon stated, “At no time, past or present, have we ever found any issues relating to modified hardware or malicious chips in SuperMicro motherboards in any Elemental or Amazon systems.”
In Apple’s statement, one sentence struck me as both critical and unusually honest (my emphasis): “We know that security is an endless race and that’s why we constantly fortify our systems against increasingly sophisticated hackers and cybercriminals who want to steal our data.”
Why is this point important?
Because Apple cannot win — or even finish — an endless race. Hackers have to be right or lucky once. They see the finish line.
Apple has to be right, precise, diligent, and proactive every second of every day. That’s impossible, so if Apple is right 99% of the time, consumers will remain vulnerable.
As I wrote in January, You Are Not Safe.
Once people acknowledge this central truth, they can develop mechanisms to deal with its consequences. These mechanisms can include changes in policies, personal behavior, and company-to-consumer relationships.
As too many people have experienced, individuals cannot outsource digital security.
The only way to end the race is to change the rules.