Homeland Security

DHS developing supply chain security initiative

open lock (ESB Professional/Shutterstock.com) 

The Department of Homeland Security launched an internal supply chain cybersecurity initiative to determine where government agencies and private companies are lacking, the agency's top cyber official Jeanette Manfra announced at a Brookings Institution tech event in Washington, D.C., Feb. 14.

The move comes in the wake of the agency's management of a governmentwide ban on Kaspersky Lab software because of the company's alleged ties to Russian intelligence.

"We can't just all throw up our hands and say, 'It's too complicated, I'll never know where the code is coming from.' At some point we will know; we can figure it out -- collectively," Manfra, who is the assistant secretary for cybersecurity, said during a panel discussion commemorating the fourth anniversary of the National Institute for Standards and Technology cybersecurity framework and the future of cybersecurity.

Working on supply chain issues isn't new for DHS, but the new initiative, launched via an internal memo earlier this year, is "a focused effort with dedicated staff," Manfra said.

"We need to have improved ability for DHS, [General Services Administration], the intel community to be in a position to help inform procurement decisions by the federal government and other agencies throughout the civilian government," Manfra told reporters following the event. "We're working on building those mechanisms and DHS' role in pulling that altogether, and also working with industry experts to refine what are the supply chain risks that we should be concerned about."

Manfra also mentioned NIST as a partner during the panel discussion.

DHS' supply chain effort doesn't have a "done" date, as Manfra put it, but is more of a "potentially enduring function" that serves as a "concerted effort to take all of the potential gaps that may be in the federal system or industry and figure out what is the role of DHS."

A DHS official told FCW via email the initiative will provide actionable information about supply chain risks and mitigations to users, buyers, manufacturers and sellers of tech products. It will also identify risks to federal networks and other national or global stakeholders.

"As we develop this capability, we are collaborating with our public and private sector partners to ensure the initiative meets the supply chain risk management needs of our diverse stakeholder groups," the official said.

About the Author

Lauren C. Williams is a staff writer at FCW covering defense and cybersecurity.

Prior to joining FCW, Williams was the tech reporter for ThinkProgress, where she covered everything from internet culture to national security issues. In past positions, Williams covered health care, politics and crime for various publications, including The Seattle Times.

Williams graduated with a master's in journalism from the University of Maryland, College Park and a bachelor's in dietetics from the University of Delaware. She can be contacted at lwilliams@fcw.com, or follow her on Twitter @lalaurenista.

Click here for previous articles by Wiliams.


Featured

  • FCW PERSPECTIVES
    sensor network (agsandrew/Shutterstock.com)

    Are agencies really ready for EIS?

    The telecom contract has the potential to reinvent IT infrastructure, but finding the bandwidth to take full advantage could prove difficult.

  • People
    Dave Powner, GAO

    Dave Powner audits the state of federal IT

    The GAO director of information technology issues is leaving government after 16 years. On his way out the door, Dave Powner details how far govtech has come in the past two decades and flags the most critical issues he sees facing federal IT leaders.

  • FCW Illustration.  Original Images: Shutterstock, Airbnb

    Should federal contracting be more like Airbnb?

    Steve Kelman believes a lighter touch and a bit more trust could transform today's compliance culture.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.