Who’s liable when the vulnerability is in equipment from a third party supplier? Under NIS it’s likely to be you!
The McAfee Labs Advanced Threat Research team has uncovered a zero-day vulnerability in an industrial control system (ICS) used for building management systems including heating, ventilation and air conditioning (HVAC.) The zero-day itself has now been patched, but the questions of who is liable for supply-chain security risk exposure remains. SC Media UK has been getting the answers.