Procurement plays into U.S. counterintel strategy
- By Mark Rockwell
- Feb 04, 2020
Injecting more security knowledge into both commercial and agency procurement processes can take some of the sting out of protecting the supply chain, according to Bill Evanina, director of Office of the Director of National Intelligence's National Counterintelligence and Security Center.
"The awareness of the supply chain threat is not new, but we haven't felt the pain yet. I don't want to get to a place where we have a cyber 9/11 or the heat goes off in major cities," he said.
Great cybersecurity tools, Evanina said, reside in industry. "The government has to be more open to take off-the shelf and use it in government" effectively and securely, he said. "We're not there yet."
Agency contracting employees, as well as industry contractors, he said, should be aware of who is handling solicitations, what website a solicitation is on and who is looking at it. "People that procure aren't part of the protection apparatus" meant to secure federal agencies' operations, he said. Procurement workers should have training to understand that, he said.
"If you train every procurement officer for at least an hour a year on the basic threats that are out there and how you as a procurement official can protect your company, your organization, we will be light years ahead of where we are now," Evanina said.
Federal agencies could get some help addressing supply chain security issues from the commercial side. The National Counterintelligence Strategy, set to be released on Feb. 10, will foster a broader, more inclusive approach to fighting cyberattacks, but it also looks at some tactics in that fight, including secure procurement practices.
Supply chain security is "pretty scary," Shaun Khalfan, vice president and chief information security officer at Freddie Mac, said in his remarks at the conference. The layer of suppliers involved in technology systems is increasingly deep, he said. Freddie Mac partners with companies that do detailed analysis of their own supply chains and conducts continuous assessments of its biggest vendors, according to Khalfan.
The Bureau of Alcohol, Tobacco, Firearms and Explosives works through the Department of Justice's supply chain and procurement risk operation, said Mason McDaniel, the agency's CTO. Products that come into the agency, he said, are checked for security and supply chain vulnerabilities. That research, he said, can add costs to products, however. "It can drive some people nuts," he said.
Mark Rockwell is a senior staff writer at FCW, whose beat focuses on acquisition, the Department of Homeland Security and the Department of Energy.
Before joining FCW, Rockwell was Washington correspondent for Government Security News, where he covered all aspects of homeland security from IT to detection dogs and border security. Over the last 25 years in Washington as a reporter, editor and correspondent, he has covered an increasingly wide array of high-tech issues for publications like Communications Week, Internet Week, Fiber Optics News, tele.com magazine and Wireless Week.
Rockwell received a Jesse H. Neal Award for his work covering telecommunications issues, and is a graduate of James Madison University.
Click here for previous articles by Rockwell.
Contact him at [email protected] or follow him on Twitter at @MRockwell4.