Supply Chain | The Contracting Education Academy

June 6, 2019 By AMK

People are key to securing the defense-industrial supply chain

Infiltrating the defense supply chain is one of the most insidious means by which attackers can compromise our nation’s communications and weapons systems. Successfully targeting a single component of the defense industrial base can cause a ripple effect that can significantly impact everything from data centers to war fighters in theater.

The Department of Defense’s new “Deliver Uncompromised” security initiative is designed to tackle this problem at its root cause: third-party suppliers. In essence, the DoD is requiring its suppliers to bake security into their applications from the beginning of the production process. A “good enough” approach that just clears the bar for minimal security criteria is no longer good enough. Security must be ingrained in the very fabric of the entire production process.

Security starts with people

The process starts with people. They are responsible for ensuring that the solutions that comprise the supply chain work as designed and are inherently secure. They work closely with highly sensitive and proprietary information that is attractive to enterprising hackers. They are the first line of defense.

Unfortunately, those same factors make people the most attractive attack vector. When a malicious actor wants to gain access to a component or system, it’s often easier to just steal someone’s credentials than it is to try and find their way around a firewall. Obtaining a simple password is often enough to gain access to a critical system that can then be compromised, or information that can be exploited.

Keep reading article at: https://www.fifthdomain.com/opinion/2019/05/13/people-are-key-to-securing-the-defense-industrial-supply-chain/

April 29, 2019 By AMK

Why the Navy is giving agencies, industry a much-needed wake-up call on supply chain risks

On page 6 of the Navy’s recent report about its cyber readiness, there is a jaw-dropping confession: “The systems the U.S. relies upon to mobilize, deploy and sustain forces have been extensively targeted by potential adversaries, and compromised to such extent that their reliability is questionable.”

Bill Evanina, director of the National Counterintelligence and Security Center in the Office of the Director of National Intelligence, wants that single sentence in the 80-page report to sink in for a second.

“The Navy’s report on their resilience and reliability is that watershed moment not only for the Department of Defense but for all agencies in the federal government, and I would even proffer in the private sector, to have an honest, internal look at their systems, their data, their capabilities and their protection mechanisms and where they have vulnerabilities and how the threats are manifested in their organizations,” Evanina said after speaking at the Intelligence and National Security Alliance (INSA) event on supply chain management in Arlington, Virginia, on April 1. “I think all agencies should take a hard look and say, ‘What can we do that is similar to this to look at our own processes and protection models?’”

The Navy report serves as a call to arms around the challenges every agency faces from systems under attack to attempts to steal information from its industrial base.

“The DON’s dependency upon the defense industrial base (DIB) presents another large and lucrative source of exploitation for those looking to diminish U.S. military advantage. Key DIB companies, primes, and their suppliers, have been breached and their IP stolen and exploited,” the report states. “These critical supply chains have been compromised in ways and to an extent yet to be fully understood.”

Keep reading article at: https://federalnewsnetwork.com/acquisition/2019/04/navy-giving-agencies-industry-much-needed-wake-up-call-on-supply-chain-risks/

April 19, 2019 By cs

Senate Armed Services Subcommittee on Cybersecurity holds hearing to discuss responsibilities of the industrial base

On March 26, 2019, the Senate Armed Services’ Subcommittee on Cybersecurity held a hearing to receive testimony assessing how the Department of Defense’s (DoD) cybersecurity policies and regulations have affected the Defense Industrial Base (DIB).

To gain a better understanding of the DIB’s cybersecurity concerns, the Subcommittee invited William LaPlante, Senior Vice President and General Manager of MITRE’s National Security Sector; John Luddy, Vice President For National Security Policy at the Aerospace Industries Association; Christopher Peters, Chief Executive Officer of the Lucrum Group; and Michael MacKay, the Chief Technology Officer of Progeny Systems Corporation.

In their opening remarks, the Chairman of the Subcommittee, Senator Mike Rounds (R-SD), and Ranking Member, Senator Joe Manchin (D-WV), acknowledged industry concerns about the DoD’s lack of clarity and disparate implementation of cybersecurity regulations, such as guidance relating to DFARS 252.204-7012 (DFARS Cyber Rule or Rule) and National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171.

Senator Rounds stated that he “expects [DoD] to come up with measured policies to make improvements in [cybersecurity]” and he “hope[s] DoD takes seriously the concerns of the DIB.” He further noted that DoD “cannot simply apply increasingly stringent cybersecurity requirements on its contractors” and that “doing so without subsidy or assistance is unlikely to particularly improve cybersecurity [for] the DIB” and would likely drive the most innovative small businesses out of the supply chain. Senator Rounds called for putting a program in place to ensure the best possible protections for contractors regardless of size and referred to the “Achilles heel” of this issue as the desire to use a large number of small contractors while still needing to protect sensitive government information. Later in the hearing, Senator Manchin expressed great concern over the cyber incidents experienced by DoD contractors and urged the witnesses to “tell [the Subcommittee] what you need . . . [the Subcommittee] is here to fix it and you’re here to tell us what’s broken.”

Keep reading this article at: https://www.insidegovernmentcontracts.com/2019/03/senate-armed-services-subcommittee-on-cybersecurity-holds-hearing-to-discuss-the-responsibilities-of-the-defense-industrial-base/

November 20, 2018 By cs

Supply chain task force looks to keep ‘lemons’ out of the federal IT ecosystem

The Department of Homeland Security announced the roll out of its supply chain security task force on Information and Communications Technology.

At a Nov. 1 meeting of the Information Security and Privacy Advisory Board, a DHS official provided more details on the group’s composition and mission.

The task force will consist of approximately 60 members — drawn equally from the federal government, the tech sector and the communications sector, according to Emile Monette, a cybersecurity strategist at DHS and co-chair. Monette told FCW after the meeting that “most” of the group’s membership has been solidified, but that DHS is planning to provide more specifics in the next few weeks.

An executive committee, roughly half the full task force’s size, will meet in mid-November to begin laying out priorities and setting up work streams, such as tweaking to Federal Acquisition Regulation rules requiring the government to purchase certain IT and communications products from the original manufacturer or authorized resellers.

Keep reading this article at: https://fcw.com/articles/2018/11/01/supply-chain-dhs-lemons.aspx

November 6, 2018 By cs

Cyber supply chain task force to meet soon

A task force focused on reducing cybersecurity risks in the nation’s technology and communications supply chain will meet for the first time in the next few weeks, the Homeland Security Department announced last week.

Homeland Security Secretary Kirstjen Nielsen announced the task force’s creation during a cyber conference in New York in July during which she also announced the creation of a new Homeland Security division, the National Cyber Risk Management Center, focused on long-range cyber issues.

The task force will be chaired by private sector leaders but will be sponsored by the risk management center, according to a Homeland Security news release.

The task force will focus on government and industry supply chains and criminal and nation-state hacker efforts to compromise contractors and subcontractors deep within those supply chains, the department said.

Keep reading this article at: https://www.nextgov.com/cybersecurity/2018/10/cyber-supply-chain-task-force-meet-soon/152429/

On March 26, 2019, the Senate Armed Services’ Subcommittee on Cybersecurity held a hearing to receive testimony assessing how the Department of Defense’s (DoD) cybersecurity policies and regulations have affected the Defense Industrial Base (DIB).

The Department of Homeland Security announced the roll out of its supply chain security task force on Information and Communications Technology.

A task force focused on reducing cybersecurity risks in the nation’s technology and communications supply chain will meet for the first time in the next few weeks, the Homeland Security Department announced last week.

Search this Website