The global information technology supply chain has been hit with a growing and unprecedented number of attacks as adversaries attempt to compromise systems with various forms of malware in an attempt to steal or compromise or hold for ransom sensitive information.
Federal executives realized how complex the question of supply chain security was in 2017 when officials tried to implement the Department of Homeland Security’s order to remove Kaspersky anti-virus software from federal computers and networks. Labeled a risk because of the company’s ties to Russia, the authority to force removal was not clearly laid out in previous policy. To remedy that, new legislation has been passed, a new acquisition security council is in process and the Government Accountability Office has put together recommendations for how agencies should manage their supply chain security.
The supply chain has many layers and components and simple fixes are rare. Vulnerabilities can be exploited in software and hardware and with software defined networks, it can be difficult to draw the line between where software ends and hardware begins.
In this workshop, we discussed the current threat landscape, the solutions being used and tested and what management plans and processes are available.
Attendees came away with an improved ability to:
- Assess the vulnerabilities in systems and networks
- How the different security assessments and requirement interact
- The role the Federal Acquisition Security Council will play
- Best process for Supply Chain Risk Management (SCRM)