You can have it fast, cheap, or secure — pick any two.
It seems to be possible as long as “secure” isn’t one of your choices.
“Our IT industry is inexorably international, and anyone involved in the process can subvert the security of the end product,” Schneier wrote.
We don’t often hear about intentional efforts to subvert the security of the technology supply chain simply because these incidents tend to get quickly classified by the military when they are discovered.
Indeed, noted security expert Bruce Schneier calls supply-chain security “an insurmountably hard problem.”
Supply chain challenges definitely fit into category “things I can’t change“.