Procurement plays into U.S. counterintel strategy

cybersecurity (vs148/ 

Injecting more security knowledge into both commercial and agency procurement processes can take some of the sting out of protecting the supply chain, according to Bill Evanina, director of Office of the Director of National Intelligence's National Counterintelligence and Security Center.

"The awareness of the supply chain threat is not new, but we haven't felt the pain yet. I don't want to get to a place where we have a cyber 9/11 or the heat goes off in major cities," he said.

Great cybersecurity tools, Evanina said, reside in industry. "The government has to be more open to take off-the shelf and use it in government" effectively and securely, he said. "We're not there yet."

Agency contracting employees, as well as industry contractors, he said, should be aware of who is handling solicitations, what website a solicitation is on and who is looking at it. "People that procure aren't part of the protection apparatus" meant to secure federal agencies' operations, he said. Procurement workers should have training to understand that, he said.

"If you train every procurement officer for at least an hour a year on the basic threats that are out there and how you as a procurement official can protect your company, your organization, we will be light years ahead of where we are now," Evanina said.

Federal agencies could get some help addressing supply chain security issues from the commercial side. The National Counterintelligence Strategy, set to be released on Feb. 10, will foster a broader, more inclusive approach to fighting cyberattacks, but it also looks at some tactics in that fight, including secure procurement practices.

Supply chain security is "pretty scary," Shaun Khalfan, vice president and chief information security officer at Freddie Mac, said in his remarks at the conference. The layer of suppliers involved in technology systems is increasingly deep, he said. Freddie Mac partners with companies that do detailed analysis of their own supply chains and conducts continuous assessments of its biggest vendors, according to Khalfan.

The Bureau of Alcohol, Tobacco, Firearms and Explosives works through the Department of Justice's supply chain and procurement risk operation, said Mason McDaniel, the agency's CTO. Products that come into the agency, he said, are checked for security and supply chain vulnerabilities. That research, he said, can add costs to products, however. "It can drive some people nuts," he said.

About the Author

Mark Rockwell is a senior staff writer at FCW, whose beat focuses on acquisition, the Department of Homeland Security and the Department of Energy.

Before joining FCW, Rockwell was Washington correspondent for Government Security News, where he covered all aspects of homeland security from IT to detection dogs and border security. Over the last 25 years in Washington as a reporter, editor and correspondent, he has covered an increasingly wide array of high-tech issues for publications like Communications Week, Internet Week, Fiber Optics News, magazine and Wireless Week.

Rockwell received a Jesse H. Neal Award for his work covering telecommunications issues, and is a graduate of James Madison University.

Click here for previous articles by Rockwell. Contact him at [email protected] or follow him on Twitter at @MRockwell4.


  • Oversight
    President of the United States of America, Donald J. Trump, attends the 2019 Army Navy Game in Philadelphia, Pa., Dec. 14, 2019. (U.S. Army photo by Sgt. Dana Clarke)

    Trump shakes up official watchdog ranks

    The White House removed an official designated to provide oversight to the $2 trillion rescue and relief fund and nominated a raft of new appointees to handle oversight chores at multiple agencies.

  • Workforce
    coronavirus molecule (creativeneko/

    OMB urges 'maximum telework flexibilities' for DC-area feds

    A Sunday evening memo ahead of a potentially chaotic commute urges agency heads to pivot to telework as much as possible.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.