Homeland Security

DHS developing supply chain security initiative

open lock (ESB Professional/Shutterstock.com) 

The Department of Homeland Security launched an internal supply chain cybersecurity initiative to determine where government agencies and private companies are lacking, the agency's top cyber official Jeanette Manfra announced at a Brookings Institution tech event in Washington, D.C., Feb. 14.

The move comes in the wake of the agency's management of a governmentwide ban on Kaspersky Lab software because of the company's alleged ties to Russian intelligence.

"We can't just all throw up our hands and say, 'It's too complicated, I'll never know where the code is coming from.' At some point we will know; we can figure it out -- collectively," Manfra, who is the assistant secretary for cybersecurity, said during a panel discussion commemorating the fourth anniversary of the National Institute for Standards and Technology cybersecurity framework and the future of cybersecurity.

Working on supply chain issues isn't new for DHS, but the new initiative, launched via an internal memo earlier this year, is "a focused effort with dedicated staff," Manfra said.

"We need to have improved ability for DHS, [General Services Administration], the intel community to be in a position to help inform procurement decisions by the federal government and other agencies throughout the civilian government," Manfra told reporters following the event. "We're working on building those mechanisms and DHS' role in pulling that altogether, and also working with industry experts to refine what are the supply chain risks that we should be concerned about."

Manfra also mentioned NIST as a partner during the panel discussion.

DHS' supply chain effort doesn't have a "done" date, as Manfra put it, but is more of a "potentially enduring function" that serves as a "concerted effort to take all of the potential gaps that may be in the federal system or industry and figure out what is the role of DHS."

A DHS official told FCW via email the initiative will provide actionable information about supply chain risks and mitigations to users, buyers, manufacturers and sellers of tech products. It will also identify risks to federal networks and other national or global stakeholders.

"As we develop this capability, we are collaborating with our public and private sector partners to ensure the initiative meets the supply chain risk management needs of our diverse stakeholder groups," the official said.

About the Author

Lauren C. Williams is a staff writer at FCW covering defense and cybersecurity.

Prior to joining FCW, Williams was the tech reporter for ThinkProgress, where she covered everything from internet culture to national security issues. In past positions, Williams covered health care, politics and crime for various publications, including The Seattle Times.

Williams graduated with a master's in journalism from the University of Maryland, College Park and a bachelor's in dietetics from the University of Delaware. She can be contacted at lwilliams@fcw.com, or follow her on Twitter @lalaurenista.

Click here for previous articles by Wiliams.


Featured

  • Contracting
    8 prototypes of the border walls as tweeted by CBP San Diego

    DHS contractors face protests – on the streets

    Tech companies are facing protests internally from workers and externally from activists about doing for government amid controversial policies like "zero tolerance" for illegal immigration.

  • Workforce
    By Mark Van Scyoc Royalty-free stock photo ID: 285175268

    At OPM, Weichert pushes direct hire, pay agent changes

    Margaret Weichert, now acting director of the Office of Personnel Management, is clearing agencies to make direct hires in IT, cyber and other tech fields and is changing pay for specialized occupations.

  • Cloud
    Shutterstock ID ID: 222190471 By wk1003mike

    IBM protests JEDI cloud deal

    As the deadline to submit bids on the Pentagon's $10 billion, 10-year warfighter cloud deal draws near, IBM announced a legal protest.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.