Here’s a painful reality of cybersecurity: When you harden one attack surface, adversaries just move on to softer targets. As a result, we’ve seen a growing number of attempts exploiting vulnerabilities at the device level, which were once considered rare due to the technical skills needed to execute these kinds of attacks. According to a 2023 survey of global ITDMs conducted by Futurum Group, 69% of organizations report a hardware or firmware level attack. That’s up 1.5X since the 2020 study!

Dell Technologies was actually one of eight technology vendors that participated in developing the example with Secured Component Verification (SCV). Built to the platform attribute certificate standards developed by the Trusted Computing Group (TCG), SCV aligns with the DoD’s recent guidance. It provides a digital certificate that not only contains a list of all internal components, but also ties hardware to a specific manufacturer, model and serial number. With SCV in place, customers have assurance through the platform certificate that components are delivered to them as ordered and per spec. The DoD views Dell’s platform certificate as a critical artifact used as part of an acceptance test that should be performed when the device arrives at an organization’s receiving department.