Re: That includes the firmware.
Pretty sure that your biggest problem is going to be people
So you design everything in such a way that noone is 100% trusted. Which is what I've been saying all along...and was really hoping for a great discussion on how one might go about that.
mentioned earlier that IT knowledge and loyalty-inspiring charm weren't exactly synonymous and we spent subsequent posts proving exactly that. Now you can mitigate that with good working conditions; but that only goes so far.
Where did I claim to have loyalty-inspiring charm? That's a purchasable commodity. A network architect doesn't require it directly. Picard didn't have to deal with children on his ship: he had Riker for that. Etc.
And that goes for parts of the supplier chain you own.
Holy fuck, you're back on that again.
As you said in the article, a project of this type requires leadership and a company-owning leader who pisses people off may quickly end up in a worse position than someone more personable who has never been near the place.
Well, yes and no. You see grown ups don't sabotage their workplaces because they don't like their boss' boss' boss' boss. Good HR can root out most of those who would before they do and good network design can limit access of the hoi polloi, with only the most trusted (and well vetted, well compensated) individuals having deep knowledge of more than their segment of the network and/or access to multiple areas.
In addition, quite frankly, when someone is as obstinate or stubborn as you have been - not to mention unable to read - I'd simply let them go.
A better approach might be to send in a personable member of the team to negotiate a fixed-term contract that includes all the data/diagrams that you need.
Uh, no. That would leave your designs in the hands of someone else and raises all sorts of interesting rights issues. The goal is total control. You can't control what's in peoples' minds, but you can bind them by contract not to disclose and you can expunge their access to any design materials when they are not actively working on a design-related project.
and as a bonus, anyone who is trying to attack you by spiking hardware and the like will have to do it all over again at regular intervals; thus making it more expensive
Wrong. it makes it easier for them to do so, because you've created multiple soft targets that have information about your designs. You're far better to control the supply chain and still design your testing and validation regiment to expect potential compromise. Reduce the risk of compromise at the outset, but test for it anyways.
I put it to you (and this is not a snark, although it absolutely would have been if I'd said it 8 hours ago) that "If you own the folks who make the devices" is the worst possible way of approaching things...you're already inciting revolution (or at least mumbles of "fuck that guy rhubarb, rhubarb, rhubarb") before you've even plugged in your first box.
You're really, really bad with people, aren't you? Funny how it seems to be fairly easy to get qualified, talented, relatively loyal people to work for you if you pay them well and get them to work on projects they enjoy. I don't have problems with "rebellion", and hundreds of millions of other businesses don't have problems with rebellion. There are entire disciplines devoted how to treat people right to ensure you don't have rebellion. You could also - holy shit - listen to your staff regularly and find out if they feel they need anything.
And there's trust (although this may just be a different name for the people problem). You have testing and monitoring kit; but who wrote it? You have testing and monitoring kit; but who wrote it? The software stack it runs on? The hardware? Do you need monitoring software to monitor the original monitoring software? Who writes it? And so on.
As discussed eleventy billion times already, multiple independant teams who are given the design materials and tasked with coming up with independent testing regimens. They are not related to the original design team at all.
This is ground I've been over dozens of times. And you're still obsessed with the kit going into the business as the point of attack. Holy wow, man. Holy fucking wow.
Questions along these lines end up in a recursive loop and your brains running out of your nose. </I.
No, they're really quite straight forward. As a matter of fact there are quite a few very simple bits of game theory that apply here. They even give you the optimal number of independent teams, etc. Verifying supply chain is not hard if you own it. It's really, really not.
<i>For an enterprise of this type, it'd probably be better if you took the Merlin role and appointed someone else to do the King Arthuring.
No, Merlin had to read.
You'd also need someone truly stellar in HR...one of those rare ones who are very good at reading people.
The ability to read English and retain it would be where I'd start. We would then proceed to see how much charisma was required from there...but honestly that skillset if not that difficult. There are entire business schools full of them.